On June 21, 2023, Senate Majority Leader Chuck Schumer joined the Center for Strategic and International Studies (CSIS) to launch his SAFE Innovation Framework, a comprehensive approach to address challenges associated with...more
On May 31, the Federal Trade Commission (FTC or Commission) announced two separate enforcement actions against Amazon—one involving its cloud-based voice service, Alexa, and the other involving Ring, its smart doorbell...more
6/7/2023
/ ALEXA ,
Amazon ,
Artificial Intelligence ,
Biometric Information ,
Consumer Privacy Rights ,
COPPA ,
Corporate Counsel ,
Cybersecurity ,
Data Deletion ,
Data Privacy ,
Deceptive Intent ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
Personal Data ,
Popular ,
Settlement ,
Unfair or Deceptive Trade Practices
On May 28, 2023, the Texas legislature reached an agreement (by conference committee) on the Texas Data Privacy and Security Act (the Act), setting the stage for Texas to become the tenth state with a comprehensive privacy...more
On March 15, 2023, the Securities and Exchange Commission (SEC) announced proposed changes to Regulation S-P (“Reg S-P”) that would impose new cybersecurity incident response requirements on broker-dealers, investment...more
On Friday, March 3, 2023, the California Privacy Protection Agency (CPPA) held a public board meeting. Though the meeting focused primarily on the Agency’s budget and various administrative issues (e.g., subcommittee...more
3/13/2023
/ Administrative Review ,
Audits ,
Board Meetings ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Proposed Legislation ,
Public Comment ,
Risk Assessment ,
Rulemaking Process
On February 17, 2023, the state attorneys general of Pennsylvania and Ohio reached a settlement with Ohio-based DNA Diagnostics Center (“DDC”) for a 2021 data breach that affected 2.1 million individuals nationwide and...more
2/23/2023
/ Clinical Laboratories ,
Cybersecurity ,
Data Breach ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Laboratories ,
Material Misstatements ,
PHI ,
Settlement ,
State Attorneys General ,
Statutory Violations
On Friday, February 3, 2023, the California Privacy Protection Agency (CPPA) held a public board meeting at which it voted unanimously to (1) approve the final text of the California Privacy Rights Act (CPRA) regulations and...more
2/9/2023
/ Artificial Intelligence ,
Audits ,
Board Meetings ,
California Privacy Rights Act (CPRA) ,
Comment Period ,
Compliance ,
Cybersecurity ,
New Regulations ,
NPRM ,
Public Meetings ,
Regulatory Agencies ,
Regulatory Agenda ,
Risk Assessment
On November 15, the Federal Trade Commission (FTC) announced a six-month delay of the deadline by which companies must comply with recent amendments to its Standards for Safeguarding Customer Information (“the Safeguards...more
On November 9, the New York State Department of Financial Services (“DFS”) formally proposed amendments (the “Proposed Amendments”) to the Part 500 Cybersecurity Regulations (the “Cybersecurity Regulations”). The Proposed...more
On July 8, 2022, the Department of Justice (“DOJ”) announced in a press release that Aerojet Rocketdyne Inc, a provider of advanced propulsion and energetics systems for multiple government agencies, reached a settlement...more
7/28/2022
/ Compliance ,
Cyber Crimes ,
Cybersecurity ,
Department of Defense (DOD) ,
Department of Justice (DOJ) ,
DFARS ,
False Claims Act (FCA) ,
Federal Contractors ,
Military Contracts ,
NASA ,
Qui Tam ,
Settlement
In the latest of a flurry of FTC actions, the agency recently announced that it had entered into a consent order with CafePress, an online customized merchandise platform, over allegations that it failed to secure consumers’...more
3/22/2022
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
FTC Act ,
NIST ,
Personal Information ,
Popular ,
Unfair or Deceptive Trade Practices
Utah is close to becoming the fourth state to have a comprehensive privacy law. The Utah Consumer Privacy Act (SB 227) unanimously passed the Utah Senate on February 25. And the Utah House followed suit quickly, unanimously...more
Russia’s full-scale military invasion of Ukraine is raising cybersecurity risks for American businesses. Corporate America must take immediate additional precautions to protect their networks in light of what is quickly...more
On October 27, 2021, the Federal Trade Commission (FTC) announced a newly updated rule under the Gramm-Leach-Bliley Act (GLBA) intended to require financial institutions to strengthen their data security safeguards to protect...more
11/1/2021
/ Cybersecurity ,
Data Protection ,
Federal Trade Commission (FTC) ,
Final Rules ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Personal Information ,
Risk Assessment ,
Safeguards Rule ,
Security Risk Assessments ,
Third-Party Service Provider
While still in its relative infancy, privacy law has quickly become a turbulent teenager, with constant change around the world.
At a minimum, 2021 will require meaningful efforts to implement the changes of 2020, with a...more
1/5/2021
/ Biden Administration ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Security ,
Enforcement ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Legislative Agendas ,
Personal Information ,
Privacy Laws ,
Private Right of Action ,
Ransomware ,
Schrems I & Schrems II ,
State Attorneys General ,
State Privacy Laws
On December 19, the Senate passed H.R.7898, which the House of Representatives had previously passed on December 9. This law amends the Health Information Technology for Economic and Clinical Health (HITECH) Act to require...more
12/23/2020
/ 21st Century Cures Act ,
Business Associates ,
Covered Entities ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
HITECH Act ,
NIST ,
Penalties ,
Rulemaking Process
On December 17, 2020, the Office of the Comptroller of the Currency, Treasury (OCC); the Federal Reserve; and the Federal Deposit Insurance Corporation (FDIC) issued a Notice of Proposed Rulemaking that would require...more
12/22/2020
/ Bank Secrecy Act ,
Banking Regulators ,
Banks ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Financial Institutions ,
GLBA Privacy ,
NPRM ,
Popular ,
Reporting Requirements ,
Suspicious Activity Reports (SARs)
We hope you have read about the reporting on potential ransomware attacks on US hospitals and perhaps other health care providers. If you have not, please review this guidance from the government agencies involved in this...more
Security existed as a business norm long before it became a legal and compliance requirement. Doctors' offices locked their doors at night to ensure no one could access their records. Stores took precautions when they walked...more
In the U.S., we do not, today, have a national privacy law. Pressure from the EU, via the General Data Protection Regulation, and from California, via the California Consumer Privacy Act, are driving an extensive national...more
The United States has always had privacy law. For most of our history it mainly regulated the government in connection with its citizens.
About 20 years ago we started modern privacy - presumably why we have Data Privacy...more