The New York Department of Financial Services (“NYDFS”) recently published guidance on managing cyber risks related to AI for the financial services and insurance industry. Though the circular letter does not introduce any...more
The SEC recently issued an order and settlement against a company from a pair of cyberattacks in which millions of dollars of client funds were stolen. While the company was able to recover a portion of the funds and...more
ARTIFICIAL INTELLIGENCE -
What is the Privacy Impact of the White House AI Order for Businesses? Posted November 28, 2023
Biden’s sweeping AI Executive Order sought to have artificial intelligence used in accordance...more
2/7/2024
/ Artificial Intelligence ,
Biometric Information ,
Biometric Information Privacy Act ,
Consumer Privacy Rights ,
Cross-Border Transactions ,
Cybersecurity ,
Data Breach ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Data Security ,
Healthcare ,
Legislative Agendas ,
New Legislation ,
New Regulations ,
Online Safety for Children ,
Privacy Acts ,
Privacy Laws ,
State and Local Government ,
State Privacy Laws
The CPPA, the California regulatory body charged with enforcing CCPA, has now issued draft regulations on risk assessments and cybersecurity audits. The draft was released ahead of a public board meeting to discuss those...more
Financial services companies beware: the new state privacy laws exemption are not uniform. To recap, there are privacy laws in 12 states: California, Colorado, Connecticut, Florida, Indiana, Iowa, Montana, Oregon, Tennessee,...more
Utah’s breach notification requirements will change on May 3, 2023. The recently amended data breach notification law now requires companies to notify the Attorney General for a breach involving 500 or more state residents....more
Two states recently passed laws with specific data security requirements for entities that are gaming operators or licensees. These new regulations in Nevada and Massachusetts add to the already complex set of data security...more
On Friday, February 3, the CPPA is scheduled to meet about current and forthcoming CPRA regulations. The Board had previously signaled that it expected to finalize the draft regulations in late January or early February 2023....more
The FTC recently took action against the online alcohol marketplace company Drizly and its CEO for alleged security failures. The case arose from a 2018 data breach which was caused – according to the FTC – by poor security...more
Indiana has made a minor amendment to its data breach notification law. Starting July 1, companies who are obligated to notify under the law must do so (to affected individuals and the Indiana Attorney General) without...more
The digital health sector has been rapidly growing, and the demand is not expected to diminish. Those in the industry will want to keep in mind some key legal concerns in the coming year, which we outline in this recent...more
The use of digital health to deliver healthcare has seen unprecedented growth over the past few years, with significant acceleration due to the COVID-19 Public Health Emergency (PHE). As patients seek ways to empower...more
Just as we thought 2022 was going to be significantly different than 2021, December 2021 and January 2022 events have thrown us for another (pandemic) loop. We anticipate that some of the privacy and cybersecurity...more
1/12/2022
/ Artificial Intelligence ,
Auto-Dialed Calls ,
Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CAN-SPAM Act ,
CARU ,
CDPA ,
Consumer Privacy Rights ,
COPPA ,
Cross-Border Transactions ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Employee Tracking ,
EU ,
FCC ,
Federal Trade Commission (FTC) ,
Food and Drug Administration (FDA) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Identity Theft ,
Machine Learning ,
Mobile Privacy ,
Ransomware ,
SCOTUS ,
TCPA
As we look to 2022, a question on many companies’ minds is what actions we will see from the FTC. Two recent developments are important on that front.
First, the FTC recently signaled its intent to initiate rulemaking on...more
12/23/2021
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Algorithms ,
Breach Notification Rule ,
Cybersecurity ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
FTC Act ,
Identity Theft ,
Online Safety for Children ,
Regulatory Oversight ,
Rulemaking Process ,
Safeguards Rule ,
State and Local Government
The California Privacy Protection Agency recently published public comments received in response to its preliminary rulemaking activities for the California Privacy Rights Act (CPRA). The comments were originally solicited in...more
The California AG recently reminded companies in the healthcare industry of potential data breach notification obligations beyond HIPAA. As ransomware attacks continue to rise, particularly in healthcare, companies should...more
The SEC recently announced a settlement with Pearson plc where the company has agreed to pay $1 million to settle charges that it misled investors about a 2018 cyber incident. According to the order, Pearson made misleading...more
In addition to recently passing a cybersecurity safe harbor law, Connecticut also updated its data breach notification law. Connecticut joins Texas in passing changes to breach notification requirements this year. There are...more
Recently, the National Institute of Standards and Technology (NIST) requested comments to its Resource Guide for implementing the HIPAA Security Rule. (i.e., SP 800-66). This Guide, first released in 2008, summarizes the...more
China is continuing to move forward with its first comprehensive privacy law. China recently issued a second version of the draft Personal Information Protection Law (Draft PIPL) which will be open for public comments until...more
5/14/2021
/ Breach Notification Rule ,
China ,
Cross-Border ,
Cybersecurity ,
Data Breach ,
Data Localization Law ,
Data Privacy ,
Data Security ,
Data Transfers ,
General Data Protection Regulation (GDPR) ,
Penalties ,
Personal Information ,
Popular ,
Proposed Regulation
Maine and North Dakota recently adopted the National Association of Insurance Commissioners (NAIC) data security model law. They join at least 11 others states who have already adopted the model law. The model law applies to...more
Utah recently amended its breach notice law to provide certain defenses to companies who suffer a data breach. It is now the second state, after Ohio, to include such provisions. Specifically, entities that create and...more
Artificial intelligence continues to remain a focus in 2021, as we predicted at the start of the year. From the FTC, to the EU, to others, regulators of all kinds are paying attention to companies’ use of these tools. In the...more
4/6/2021
/ Artificial Intelligence ,
Business Strategies ,
Cybersecurity ,
Data Privacy ,
Data Security ,
FDIC ,
Federal Trade Commission (FTC) ,
Government Agencies ,
Popular ,
Public Comment ,
Regulatory Requirements
At the beginning of February, the US Food and Drug Administration (FDA) Center for Devices and Radiological Health (CDRH) appointed Professor Kevin Fu as the first ever Acting Director of Medical Device Cybersecurity. Fu’s...more
Many supervisory authorities across Europe have reported increasing numbers of data breach notifications since the introduction of GDPR. While most companies are now familiar with the 72-hour reporting obligation for...more
2/1/2021
/ Cybersecurity ,
Data Breach ,
Data Management ,
Data Protection ,
Employee Training ,
Employer Liability Issues ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Notification Requirements ,
Policies and Procedures