The enactment of China’s Cybersecurity Law (CSL), Data Security Law (DSL), and Personal Information Protection Law (PIPL, together with the CSL and the DSL, “Data Security Laws”) has significantly reshaped the landscape of...more
On March 11, the Kentucky Senate passed the Kentucky Consumer Data Protection Act (KCDPA or the “Act”) (House Bill 15) by a unanimous 35-0 vote. Upon House concurrence and the governor’s signature, the Act would become the...more
On February 1, the Federal Trade Commission (FTC or “the Commission”) announced that it had reached a settlement with Blackbaud, a software company, resolving claims related to a 2020 data breach that resulted in the...more
2/23/2024
/ Consent Agreements ,
Cybersecurity ,
Data Breach ,
Data Retention ,
Data Security ,
Encryption ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Internal Data Controls ,
Misleading Statements ,
Personal Information ,
Popular ,
Securities and Exchange Commission (SEC) ,
Settlement ,
Third-Party Service Provider
This post is part of a series of articles we are doing on 2023 data protection litigation trends.
2023 saw a rise in class action litigation related to internet tracking technology employed by companies to enhance user...more
As we have detailed previously, 2023 was a landmark year for privacy law, featuring numerous developments at the federal, state and international levels, ranging from newly enacted statutes to massive regulatory enforcement...more
1/17/2024
/ Adtech ,
Artificial Intelligence ,
Audits ,
Biden Administration ,
Breach Notification Rule ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
COPPA ,
Cybersecurity ,
Electronic Protected Health Information (ePHI) ,
Enforcement ,
Enforcement Actions ,
Executive Orders ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Popular ,
Privacy Laws ,
Proposed Legislation ,
Regulatory Requirements ,
Rulemaking Process ,
Sensitive Personal Information ,
State Privacy Laws
2023 marked a pivotal moment in US data privacy and cybersecurity, characterized by substantial regulatory and legislative advances at the international, federal, and state levels. The Federal Trade Commission (FTC) took a...more
1/8/2024
/ Artificial Intelligence ,
Breach Notification Rule ,
California Privacy Protection Agency (CPPA) ,
Compliance ,
Consumer Financial Protection Act (CFPA) ,
Consumer Financial Protection Bureau (CFPB) ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Security ,
Enforcement Authority ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
International Data Transfers ,
OCR ,
PHI ,
Rulemaking Process ,
Safeguards Rule ,
Securities and Exchange Commission (SEC) ,
State Privacy Laws
On December 8, the California Privacy Protection Agency (CPPA or “the Agency”) held a public Board meeting to discuss a range of topics, including proposed regulations on cybersecurity audits, risk assessments, and automated...more
On December 8, representatives from the European Commission, the European Parliament, and the Council of the European Union (EU) reached political agreement on the shape and contents of the EU’s AI Act (the “Act”), setting...more
The requirement to disclose material cybersecurity events under new Item 1.05 of Form 8-K takes effect today (other than for smaller reporting companies, for which the new requirement will take effect on June 15, 2024)....more
Earlier this year, Texas and Oregon each passed a data broker registration law, joining California and Vermont to double the number of states that have enacted such legislation. Texas Governor Greg Abbott signed SB 2105 into...more
On November 16, the Federal Trade Commission (FTC) announced an enforcement action against Global Tel*Link Corporation and two of its subsidiaries (collectively, “GTL”), which provide communications and payment services to...more
12/8/2023
/ Breach Notification Rule ,
Corporate Counsel ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Misrepresentation ,
Payment Systems ,
Popular ,
Prison ,
Proposed Standards ,
Section 5 ,
Telecommunications ,
Unfair or Deceptive Trade Practices
In the run-up to this Friday’s December Board meeting, the California Privacy Protection Agency (CPPA or the “Agency”) has continued its recent flurry of regulatory activity. Late last week, the CPPA published an additional...more
12/7/2023
/ Audits ,
Automated Decision Systems (ADS) ,
Automated Systems ,
Board Meetings ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Subject Access Requests ,
Insurance Industry ,
Mobile Apps ,
Opt-Outs ,
Popular ,
Proposed Regulation ,
Risk Assessment ,
Sensitive Personal Information
In advance of the California Privacy Protection Agency’s (CPPA) December 8 Board meeting, the Agency has published new draft automated decisionmaking technology (ADMT) regulations, as well as revisions to draft regulations on...more
12/1/2023
/ Artificial Intelligence ,
Audits ,
Automated Decision Systems (ADS) ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Machine Learning ,
Notice Requirements ,
Opt-Outs ,
Personal Information ,
Right of Access ,
Risk Assessment
On November 1, 2023, New York Department of Financial Services (NYDFS or the “Department”) released the finalized revisions (the “Second Amendment”) to 23 NYCRR Part 500 (Part 500) – the most significant modifications to Part...more
11/29/2023
/ Amended Regulation ,
Compliance ,
Compliance Dates ,
Covered Entities ,
Cyber Threats ,
Cybersecurity ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
Final Rules ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Incident Response Plans ,
Non-Bank Lenders ,
NYDFS ,
Policies and Procedures ,
Popular ,
Risk Management
On November 3, a federal court in the District of Idaho unsealed an amended complaint that the Federal Trade Commission (FTC) had filed in June 2023 against Kochava. The complaint alleges that Kochava engaged in unfair acts...more
Our initial thoughts on the Biden Executive Order first appeared on WilmerHale’s Privacy and Cybersecurity Blog the day that the Executive Order was released.
On October 30, 2023, the Biden Administration issued its...more
11/13/2023
/ Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Department of Education ,
Department of Labor (DOL) ,
Department of Transportation (DOT) ,
Executive Orders ,
Federal Contractors ,
Government Agencies ,
Health Care Providers ,
Intellectual Property Protection ,
National Security ,
NIST ,
Regulatory Agenda ,
Technology Sector
Governor Gavin Newsom in California recently signed several bills into law that may have a significant impact on your company’s privacy compliance obligations. These new laws amend and build on existing California privacy...more
On Friday, September 8, the California Privacy Protection Agency (CPPA) held a public board meeting. The primary topic of discussion at this meeting was the Agency’s draft regulations on cybersecurity audits and risk...more
9/19/2023
/ Artificial Intelligence ,
Auditors ,
Audits ,
Board Meetings ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
Data Brokers ,
Proposed Regulation ,
Public Meetings ,
Risk Assessment
Public companies will soon be required to provide increased transparency about cybersecurity incidents, risk management, strategy and governance as a result of new rules adopted by the Securities and Exchange Commission (the...more
8/14/2023
/ Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 8-K ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
On July 14, the California Privacy Protection Agency (CPPA or the “Board”) hosted a meeting to discuss key issues. Notably, the Board’s New CPRA Rules Subcommittee (“the Subcommittee”) previewed three areas of forthcoming...more
8/9/2023
/ Advisory Board ,
Artificial Intelligence ,
Audits ,
Automation Systems ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Machine Learning ,
Personal Data ,
Personal Information ,
Proposed Regulation ,
Risk Assessment
On Friday, July 21, 2023, the White House announced that seven US technology companies at the forefront of generative artificial intelligence (AI) agreed to eight voluntary commitments to “promote the safe, secure, and...more
On June 21, 2023, Senate Majority Leader Chuck Schumer joined the Center for Strategic and International Studies (CSIS) to launch his SAFE Innovation Framework, a comprehensive approach to address challenges associated with...more
On May 31, the Federal Trade Commission (FTC or Commission) announced two separate enforcement actions against Amazon—one involving its cloud-based voice service, Alexa, and the other involving Ring, its smart doorbell...more
6/7/2023
/ ALEXA ,
Amazon ,
Artificial Intelligence ,
Biometric Information ,
Consumer Privacy Rights ,
COPPA ,
Corporate Counsel ,
Cybersecurity ,
Data Deletion ,
Data Privacy ,
Deceptive Intent ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
Personal Data ,
Popular ,
Settlement ,
Unfair or Deceptive Trade Practices
On May 28, 2023, the Texas legislature reached an agreement (by conference committee) on the Texas Data Privacy and Security Act (the Act), setting the stage for Texas to become the tenth state with a comprehensive privacy...more
On March 15, 2023, the Securities and Exchange Commission (SEC) announced proposed changes to Regulation S-P (“Reg S-P”) that would impose new cybersecurity incident response requirements on broker-dealers, investment...more