On February 2, 2023, the US Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) reached a settlement with Banner Health Affiliated Covered Entities (“Banner Health”) for a 2016 data breach that...more
On Friday, February 3, 2023, the California Privacy Protection Agency (CPPA) held a public board meeting at which it voted unanimously to (1) approve the final text of the California Privacy Rights Act (CPRA) regulations and...more
2/9/2023
/ Artificial Intelligence ,
Audits ,
Board Meetings ,
California Privacy Rights Act (CPRA) ,
Comment Period ,
Compliance ,
Cybersecurity ,
New Regulations ,
NPRM ,
Public Meetings ,
Regulatory Agencies ,
Regulatory Agenda ,
Risk Assessment
On February 1, the Colorado Attorney General’s (AG) Office and the Colorado Department of Law (the “Department”) held a rulemaking hearing on the Proposed Draft Rules for the Colorado Privacy Act (CPA), which goes into effect...more
On February 1, 2023, the Federal Trade Commission (FTC) reached a settlement with digital health platform GoodRx for sharing users’ personal health information with third parties without properly disclosing their data...more
On January 6, 2023, the Federal Communications Commission (FCC or the “Commission”) released a Notice of Proposed Rulemaking (“Notice”) with updates to its data breach rules and reporting requirements. Considering the growing...more
In a press release on January 27, 2023, California Attorney General (“California AG”) Rob Bonta announced an investigative sweep focused on mobile applications’ compliance under the California Consumer Privacy Act (CCPA),...more
2023 continues to be a busy year for state comprehensive privacy legislation. Since our last post, several new states have entered the fray with legislative proposals, while some of the bills we previously examined have moved...more
The new year has already seen a flurry of state privacy law activity, with legislators in at least nine states (Indiana, Iowa, Kentucky, Massachusetts, Mississippi, New York, Oklahoma, Oregon, and Tennessee) proposing new...more
On December 19, the Federal Trade Commission (FTC) reached two separate record-breaking settlements with Epic Games, Inc. (“Epic”) over allegations, among others, that the Fortnite video game maker knowingly violated the...more
On December 13, 2022, the European Commission initiated the process to adopt an adequacy decision for the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”). The draft adequacy decision follows President Biden’s October Executive...more
On November 15, the Federal Trade Commission (FTC) announced a six-month delay of the deadline by which companies must comply with recent amendments to its Standards for Safeguarding Customer Information (“the Safeguards...more
On November 9, the New York State Department of Financial Services (“DFS”) formally proposed amendments (the “Proposed Amendments”) to the Part 500 Cybersecurity Regulations (the “Cybersecurity Regulations”). The Proposed...more
On October 7, 2022, President Biden signed an Executive Order (“EO”) implementing the new trans-Atlantic EU-U.S. Data Privacy Framework (“EU-U.S. DPF”). The EU-U.S. DPF, previously announced by President Biden and the...more
10/10/2022
/ Biden Administration ,
Binding Corporate Rules ,
Civil Liberties ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
EU ,
EU-US Privacy Shield ,
Executive Orders ,
Foreign Intellgence ,
International Data Transfers ,
National Intelligence Agencies ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Surveillance ,
UK
On September 30, the Colorado Attorney General’s Office (“Colorado AG’s Office”) released proposed rules (the “Proposed Rules”) for the Colorado Privacy Act (CPA), which goes into effect on July 1, 2023. The Proposed Rules...more
On September 15, 2022, the Federal Trade Commission (FTC) released a report on dark patterns (the, “Report”) that identifies the types of misleading and manipulative interface practices that the agency believes can harm...more
On August 29, 2022, the California Age-Appropriate Design Code Act (the Act) was unanimously approved by the California State Senate. It now awaits Governor Gavin Newsom’s signature....more
9/15/2022
/ Children's Online Games ,
COPPA ,
Data Privacy ,
Data Protection Impact Assessments (DPIAs) ,
Enforcement ,
Governor Newsom ,
Minors ,
Online Platforms ,
Penalties ,
Pending Legislation ,
Social Networks ,
Websites
On July 7, 2022, the Consumer Financial Protection Bureau (“CFPB”) issued an advisory opinion, “Permissible Purposes for Furnishing, Using, and Obtaining Consumer Reports” (the “Opinion”) to outline certain privacy...more
On August 24, 2022, California Attorney General Rob Bonta (“CA AG”) announced a $1.2 million settlement with Sephora, Inc. (“Sephora”), marking the first announced enforcement action under the California Consumer Privacy Act...more
On August 11, 2022, the Federal Trade Commission (the FTC or the Commission) published an Advance Notice of Proposed Rulemaking (ANPR) to request public comment on the prevalence of “commercial surveillance and data security...more
State Attorneys General settle with Wawa, Inc. for 2019 data breach that compromised approximately 34 million payment cards used by consumers.
On July 26, 2022, Acting New Jersey Attorney General Matthew J. Platkin...more
On July 28, 2022, the California Privacy Protection Agency (the “Agency”) held a special meeting (the “Meeting”) to discuss and act on the proposed federal privacy legislation, the American Data Protection and Privacy Act...more
On July 8, 2022, the Department of Justice (“DOJ”) announced in a press release that Aerojet Rocketdyne Inc, a provider of advanced propulsion and energetics systems for multiple government agencies, reached a settlement...more
7/28/2022
/ Compliance ,
Cyber Crimes ,
Cybersecurity ,
Department of Defense (DOD) ,
Department of Justice (DOJ) ,
DFARS ,
False Claims Act (FCA) ,
Federal Contractors ,
Military Contracts ,
NASA ,
Qui Tam ,
Settlement
On July 20, the House Committee on Energy & Commerce held an open markup session on the American Data Privacy and Protection Act (ADPPA), which concluded in an affirmative vote (53-2) for an amended version of the bill to...more
Following the Supreme Court’s ruling overturning Roe v. Wade in Dobbs v. Jackson Women’s Health Organization, the Biden Administration has outlined a framework for federal executive action designed to protect access to...more
7/21/2022
/ Biden Administration ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Dobbs v. Jackson Women’s Health Organization ,
Executive Orders ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
New Guidance ,
PHI ,
Reproductive Healthcare Issues
On June 23, 2022, Congressman Patrick McHenry (NC-10), released a discussion draft (“Discussion Draft”) of new legislation set to amend the Gramm-Leach-Bliley Act (GLBA) with the intent to “modernize GLBA to better align...more
7/1/2022
/ Congressional Committees ,
Congressional Investigations & Hearings ,
Consumer Privacy Rights ,
Data Collection ,
Discussion Draft ,
Financial Institutions ,
GLBA Privacy ,
Gramm-Leach-Blilely Act ,
Preemption ,
Proposed Legislation ,
Regulatory Authority