Rhode Island is the latest state to adopt a comprehensive data privacy law, titled the Data Transparency and Privacy Protection Act....more
California's privacy enforcement agency has published crucial data minimization guidance for businesses....more
The California Privacy Protection Agency ("CPPA") will be able to immediately enforce regulations issued under the California Consumer Privacy Act ("CCPA"), as amended, after a recent California appeals court decision...more
On Friday, October 27, the Federal Trade Commission ("FTC") announced new amendments to the Safeguards Rule, requiring covered financial institutions to report certain data breaches to the FTC and reflecting its continuing...more
11/13/2023
/ Cybersecurity ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Financial Regulatory Reform ,
Financial Services Industry ,
FTC Act ,
Gramm-Leach-Blilely Act ,
New Amendments ,
Non-Bank Lenders ,
Personal Information ,
Popular ,
Privacy Rule ,
Risk Assessment ,
Risk Management ,
Safeguards Rule ,
Section 5
On October 30, 2023, President Biden signed a first-of-its-kind executive order entitled, "Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence" ("AI")....more
11/1/2023
/ Algorithms ,
Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Executive Orders ,
Machine Learning ,
Regulatory Reform ,
Security Standards
California is the first U.S. state to secure an adequacy decision from the Dubai International Financial Center Authority....more
On July 18, 2023, Oregon Governor Tina Kotek signed Senate Bill 619, referred to as the "Oregon Consumer Privacy Act" ("OCPA" or "the Act"), making Oregon the 11th state to enact a comprehensive data privacy law....more
On July 21, 2023, the White House announced that seven leading technology companies—Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI—voluntarily committed to mitigating the risks posed by artificial...more
7/25/2023
/ Algorithms ,
Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Innovative Technology ,
Machine Learning ,
Regulatory Agenda ,
Regulatory Oversight ,
Risk Mitigation
The sweeping law imposes new requirements on the processing and sale of consumer health data in the state.
On April 27, 2023, Washington State Governor Inslee signed the "My Health My Data Act" ("Act"). This Act marks the...more
On March 28, 2023, Iowa—following California, Colorado, Connecticut, Utah, and Virginia—became the sixth state to adopt a comprehensive consumer data privacy law.
On March 28, 2023, Iowa Governor Kim Reynolds signed "An...more
On October 7, 2022, President Biden signed an executive order on "Enhancing Safeguards for United States Signals Intelligence Activities," outlining the measures that the United States will take to implement its commitments...more
On August 24, 2022, California Attorney General Rob Bonta announced his office's first privacy enforcement action and settlement against a publicly disclosed entity, Sephora, Inc., for violations of the CCPA, including the...more
The Federal Trade Commission announced on August 11, 2022, that it is seeking public comment regarding its Advanced Notice of Proposed Rulemaking on commercial surveillance and data security.
The Federal Trade Commission...more
On May 10, 2022, Connecticut, following Utah, California, Virginia, and Colorado, became the fifth state to adopt a comprehensive consumer data privacy law.
On May 10, 2022, Connecticut Governor Ned Lamot signed "An Act...more
On March 24, 2022, Utah followed California, Virginia, and Colorado in adopting a comprehensive consumer data privacy law.
On March 24, 2022, Utah Governor Spencer Cox signed the Consumer Privacy Act ("Act"), making Utah...more
4/7/2022
/ Cybersecurity ,
Data Breach ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Security ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Reform ,
State Data Privacy Laws
On March 15, 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the "Act"), creating new requirements for organizations operating in critical infrastructure sectors to...more
3/18/2022
/ Biden Administration ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Data Protection ,
Data Security ,
New Legislation ,
Popular ,
Regulatory Reform ,
Reporting Requirements
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
President Biden Issues Cybersecurity Executive Order -
On May 12, 2021, President Biden issued an executive order that placed new standards on the...more
8/10/2021
/ Article III ,
Biden Administration ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Executive Orders ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Technology ,
Mobile Apps ,
Personal Data ,
Popular ,
Ransomware ,
SCOTUS ,
Standing ,
TransUnion LLC v Ramirez
United States -
Regulatory—Policy, Best Practices, and Standard -
NIST Unveils Draft Guidance to Protect Critical Infrastructure -
On October 22, 2020, the National Institute of Standards and Technology ("NIST")...more
1/8/2021
/ CNIL ,
Consumer Privacy Rights ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
NIST ,
Personal Data ,
Popular ,
Risk Management
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
NIST Releases Revision to Security Standard -
On September 23, the National Institute of Standards and Technology ("NIST") released Revision 5 to...more
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
Cybersecurity Standards Issued for Government Contractors -
On January 31, the Office of the Under Secretary of Defense for Acquisition and...more
4/1/2020
/ 5G Network ,
Artificial Intelligence ,
Canada ,
China ,
CNIL ,
Computer Fraud and Abuse Act (CFAA) ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
Department of Defense (DOD) ,
EU ,
European Commission ,
Executive Orders ,
Federal Trade Commission (FTC) ,
FERC ,
GAO ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Commissioner's Office (ICO) ,
Japan ,
Latin America ,
National Security ,
NIST ,
OCIE ,
OCR ,
Online Safety for Children ,
People's Bank of China ,
Public Health Emergency ,
Securities and Exchange Commission (SEC) ,
Social Media ,
State Attorneys General ,
Telehealth ,
Trump Administration ,
Unmanned Aircraft Systems
On July 25, 2019, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act ("SHIELD Act") amending New York's data breach notification law. This adds to the growing list of states...more
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
NIST Releases Internal Report Regarding IoT Cybersecurity -
In September, the National Institute of Standards and Technology ("NIST") released a draft...more
12/26/2018
/ Civil Monetary Penalty ,
CNIL ,
Consumer Reporting Agencies ,
COPPA ,
Critical Infrastructure Sectors ,
Cross-Border ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Protection ,
Department of Defense (DOD) ,
Disclosure Requirements ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hobbs Act ,
Internal Audit Functions ,
International Data Transfers ,
Internet of Things ,
NIST ,
Popular ,
Power Grid ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act
In light of recent high-profile breaches of highly sensitive data, this is a good time to remind individuals of how to protect their identity and credit information....more
9/21/2017
/ Bank Accounts ,
Consumer Financial Protection Bureau (CFPB) ,
Credit Cards ,
Credit Monitoring ,
Credit Reports ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Debit Cards ,
Hackers ,
Identity Theft ,
Personally Identifiable Information ,
Popular