In the final days of the Biden Administration, the U.S. Department of Health and Human Services Office for Civil Rights (“HHS OCR”) remained active in resolving a large number of investigations, reflecting the agency’s...more
While the California Consumer Privacy Act (CCPA) is most known for its extensive privacy compliance obligations, the law also provides for a limited private right of action for certain security-related breaches....more
On January 8, the Department of Justice (DOJ) published its final Rule implementing Executive Order 14117 (EO), “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by...more
On August 30, the Federal Trade Commission (FTC) entered into a proposed settlement order with cloud-based physical security solutions provider, Verkada Inc. (“Verkada”), settling allegations of data security violations and...more
On April 7, Representative Cathy McMorris Rodgers (R-Wash.), Chair of the U.S. House Committee on Energy and Commerce Chair, and Senator Maria Cantwell (D-Wash.), Chair of the Senate Committee on Commerce, Science and...more
The enactment of China’s Cybersecurity Law (CSL), Data Security Law (DSL), and Personal Information Protection Law (PIPL, together with the CSL and the DSL, “Data Security Laws”) has significantly reshaped the landscape of...more
On March 11, the Kentucky Senate passed the Kentucky Consumer Data Protection Act (KCDPA or the “Act”) (House Bill 15) by a unanimous 35-0 vote. Upon House concurrence and the governor’s signature, the Act would become the...more
On February 1, the Federal Trade Commission (FTC or “the Commission”) announced that it had reached a settlement with Blackbaud, a software company, resolving claims related to a 2020 data breach that resulted in the...more
2/23/2024
/ Consent Agreements ,
Cybersecurity ,
Data Breach ,
Data Retention ,
Data Security ,
Encryption ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Internal Data Controls ,
Misleading Statements ,
Personal Information ,
Popular ,
Securities and Exchange Commission (SEC) ,
Settlement ,
Third-Party Service Provider
The Federal Trade Commission (FTC) recently published a post on their Business Guidance Blog discussing lessons learned from three enforcement actions against sellers of genetic testing products. These guidelines address...more
1/25/2024
/ Advertising ,
Artificial Intelligence ,
Biometric Information ,
Civil Monetary Penalty ,
Compliance ,
Data Privacy ,
Data Security ,
Enforcement Actions ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
Genetic Testing ,
HIPAA Breach Notification Rule ,
Rite Aid ,
Sensitive Personal Information
On December 20, the Federal Trade Commission (FTC or “the Commission”) published a notice of proposed rulemaking (NPRM) proposing amendments to the Children’s Online Privacy Protection Rule (the “COPPA Rule” or the “Rule”)....more
1/15/2024
/ Biometric Information ,
COPPA ,
Data Security ,
Enforcement Actions ,
Exceptions ,
Federal Trade Commission (FTC) ,
Microsoft ,
Notice Requirements ,
NPRM ,
Online Platforms ,
Parental Consent ,
Personal Information ,
Proposed Amendments ,
Public Schools ,
Safe Harbors ,
Websites
2023 marked a pivotal moment in US data privacy and cybersecurity, characterized by substantial regulatory and legislative advances at the international, federal, and state levels. The Federal Trade Commission (FTC) took a...more
1/8/2024
/ Artificial Intelligence ,
Breach Notification Rule ,
California Privacy Protection Agency (CPPA) ,
Compliance ,
Consumer Financial Protection Act (CFPA) ,
Consumer Financial Protection Bureau (CFPB) ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Security ,
Enforcement Authority ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
International Data Transfers ,
OCR ,
PHI ,
Rulemaking Process ,
Safeguards Rule ,
Securities and Exchange Commission (SEC) ,
State Privacy Laws
On December 8, representatives from the European Commission, the European Parliament, and the Council of the European Union (EU) reached political agreement on the shape and contents of the EU’s AI Act (the “Act”), setting...more
On November 16, the Federal Trade Commission (FTC) announced an enforcement action against Global Tel*Link Corporation and two of its subsidiaries (collectively, “GTL”), which provide communications and payment services to...more
12/8/2023
/ Breach Notification Rule ,
Corporate Counsel ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Misrepresentation ,
Payment Systems ,
Popular ,
Prison ,
Proposed Standards ,
Section 5 ,
Telecommunications ,
Unfair or Deceptive Trade Practices
The Massachusetts Gaming Commission recently approved regulations to ensure data privacy and security for sports betters in the Commonwealth. On August 8, 2023, the commissioners approved 205 CMR 257, Sports Wagering Data...more
On June 16, the Federal Trade Commission (FTC) announced an enforcement action against 1Health.io Inc. (“1Health,” also known as Vitagene, Inc.), a genetic testing company that analyzes consumer-provided DNA samples and uses...more
6/30/2023
/ Consent Order ,
Data Protection ,
Data Security ,
DNA ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC Act ,
Genetic Materials ,
Genetic Testing ,
Privacy Policy ,
Section 5 ,
Sensitive Personal Information ,
Unfair or Deceptive Trade Practices
On May 28, 2023, the Texas legislature reached an agreement (by conference committee) on the Texas Data Privacy and Security Act (the Act), setting the stage for Texas to become the tenth state with a comprehensive privacy...more
On May 17, 2023, the Federal Trade Commission (the “FTC”) reached a settlement with Easy Healthcare Corporation (“Easy Healthcare”), for its fertility-tracking app, Premom. The agency alleged that Easy Healthcare failed to...more
5/25/2023
/ Corporate Counsel ,
Data Privacy ,
Data Security ,
Data-Sharing ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
Mobile Apps ,
Mobile Health Apps ,
PHI ,
Policy Statement ,
Risk Mitigation
On January 6, 2023, the Federal Communications Commission (FCC or the “Commission”) released a Notice of Proposed Rulemaking (“Notice”) with updates to its data breach rules and reporting requirements. Considering the growing...more
On November 15, the Federal Trade Commission (FTC) announced a six-month delay of the deadline by which companies must comply with recent amendments to its Standards for Safeguarding Customer Information (“the Safeguards...more
State Attorneys General settle with Wawa, Inc. for 2019 data breach that compromised approximately 34 million payment cards used by consumers.
On July 26, 2022, Acting New Jersey Attorney General Matthew J. Platkin...more
On May 24, 2022, the Federal Trade Commission (FTC) released a new publication aimed at offering financial institutions and their service providers guidance on the FTC’s recently revised Safeguards Rule under the...more
In the latest of a flurry of FTC actions, the agency recently announced that it had entered into a consent order with CafePress, an online customized merchandise platform, over allegations that it failed to secure consumers’...more
3/22/2022
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
FTC Act ,
NIST ,
Personal Information ,
Popular ,
Unfair or Deceptive Trade Practices
The European Commission has presented its draft Data Act, which will affect a broad range of companies and heavily emphasizes data accessibility and fairness. Companies should begin to evaluate their current practices and...more
The Colorado AG recently provided guidance on data security best practices. Companies doing business in Colorado, especially those subject to the Colorado Privacy Act, should be paying attention to what is required under...more
Despite its antecedents in one of the most widely cited law review articles of all time from more than 130 years ago, modern United States privacy law is roughly twenty years old. Even though still in its relative infancy,...more
7/8/2021
/ Big Data ,
California Consumer Privacy Act (CCPA) ,
Data Breach ,
Data Privacy ,
Data Security ,
Enforcement ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Personal Information ,
Preemption ,
Privacy Laws ,
Private Right of Action ,
Sensitive Personal Information ,
State Privacy Laws