DORA, the first EU regulation designed to establish a unified and robust digital resilience standard for the financial sector, becomes directly applicable on January 17, 2025, introducing significant penalties and...more
The final rule establishes prohibitions and restrictions on the transfer of certain data due to national security risks from specified countries of concern....more
1/16/2025
/ Data Brokers ,
Data Privacy ,
Data Protection ,
Data Transfers ,
Department of Justice (DOJ) ,
Export Controls ,
Final Rules ,
International Data Transfers ,
National Security ,
Personal Data ,
Regulatory Requirements ,
Reporting Requirements
A new presidential administration is likely to bring change across the federal government, perhaps nowhere more starkly than at the Securities and Exchange Commission ("SEC"), which has greatly expanded its enforcement reach...more
The Transportation Security Administration's ("TSA") proposed rule would require owners and operators of certain pipeline, freight railroad, passenger railroad, rail transit, and over-the-road bus ("OTRB") systems to...more
12/2/2024
/ Comment Period ,
Cybersecurity ,
Infrastructure ,
Oil & Gas ,
Pipelines ,
Proposed Rules ,
Railroads ,
Regulatory Agenda ,
Risk Management ,
Rulemaking Process ,
Surface Transportation ,
Transportation Security Administration
As the national implementation deadline for the NIS 2 EU Directive is over, businesses in scope should ensure they will soon be ready to comply with the strengthened cybersecurity requirements....more
New York recently passed new cybersecurity regulations for hospitals licensed in New York to enhance patient safety and cybersecurity....more
11/7/2024
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
Hospitals ,
Information Technology ,
New Legislation ,
New York ,
Personally Identifiable Information ,
PHI ,
Regulatory Reform
The first wave of Australia's expansive privacy law reforms has been introduced into Federal Parliament in the Privacy and Other Legislation Amendment Bill 2024 (Cth) ("Bill")....more
10/29/2024
/ Australia ,
Cybersecurity ,
Damages ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Invasion of Privacy ,
Personally Identifiable Information ,
Proposed Regulation ,
Regulatory Agenda ,
Regulatory Reform
On September 4, 2024, U.S. Securities and Exchange Commission ("SEC") Chair Gary Gensler reiterated concerns about artificial intelligence-related ("AI") disclosures and the need for companies to communicate accurately about...more
10/24/2024
/ Artificial Intelligence ,
Boilerplate Language ,
Broker-Dealer ,
Class Action ,
Disclosure Requirements ,
Investment Adviser ,
Machine Learning ,
Misrepresentation ,
Publicly-Traded Companies ,
Regulatory Requirements ,
Securities and Exchange Commission (SEC) ,
Securities Regulation ,
Securities Violations ,
Shareholder Litigation
On September 19, 2024, California adopted the California AI Transparency Act ("SB 942") to create transparency mechanisms that allow consumers to determine whether an "image, video, or audio content, or content that is any...more
The Federal Aviation Administration ("FAA") has proposed new rules to standardize its criteria for addressing cybersecurity threats for transport category airplanes, engines, and propellers....more
On June 20, 2024, a U.S. federal district court held, in a suit brought by Jones Day, that the Department of Health and Human Services ("HHS") had misapplied the Health Insurance Portability and Accountability Act ("HIPAA")...more
8/2/2024
/ Confidential Information ,
Covered Entities ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Medical Records ,
New Guidance ,
PHI
The U.S. District Court for the Southern District of New York dismissed the majority of claims that the Security and Exchange Commission ("SEC") asserted against SolarWinds, including claims that the company's alleged...more
Rhode Island is the latest state to adopt a comprehensive data privacy law, titled the Data Transparency and Privacy Protection Act....more
The Federal Trade Commission ("FTC") intends to "strengthen and modernize" the Health Breach Notification Rule with revamped and increased scrutiny on entities holding health information, including health apps, websites, and...more
The sweeping FAA Reauthorization Act of 2024 includes measures intended to improve safety and cybersecurity for the U.S. aviation sector....more
California's privacy enforcement agency has published crucial data minimization guidance for businesses....more
With the bipartisan, bicameral proposed American Privacy Rights Act of 2024, the U.S. Congress seeks to adopt the first national personal data privacy and security law that would preempt comprehensive state privacy laws....more
4/30/2024
/ Algorithms ,
Artificial Intelligence ,
Covered Entities ,
Data Protection ,
Federal Data Privacy ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Personal Information ,
Preemption ,
Proposed Legislation ,
Regulatory Agenda ,
Regulatory Reform ,
State Privacy Laws
The U.S. Food and Drug Administration ("FDA") has proposed updated guidance, intended to assist individuals in meeting the cybersecurity requirements for FDA medical device submissions....more
CISA's proposed rules will require organizations operating in U.S. critical infrastructure sectors to report cyber incidents within 72 hours and ransom payments within 24 hours. ...more
New, first-of-their-kind consumer health data privacy laws in Washington and Nevada are designed to provide state-level protections for personal health data not covered by the Health Insurance Portability and Accountability...more
Chinese authorities issued new regulations and guidance governing cross-border transfers of data and personal information, which will significantly reduce procedural and compliance burdens for many multinationals....more
In two back-to-back announcements, California and the FTC reemphasized their enforcement efforts related to the sale of personal information....more
3/14/2024
/ California ,
California Consumer Privacy Act (CCPA) ,
CalOPPA ,
Data Privacy ,
Data Selling ,
DoorDash ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Mobile Apps ,
Personal Information ,
Privacy Concerns ,
State and Local Government ,
State Attorneys General
The National Institute of Standards and Technology ("NIST") released a significant update to its framework, expanding its scope and reach to cover a broader audience and evolving cybersecurity risks and management issues....more
Proposed amendments to the California Consumer Privacy Act would require businesses to obtain opt-in consent prior to collecting, selling, sharing, using, or disclosing a minor's personal information....more
The U.S. Government has identified the exploitation of Americans' bulk sensitive personal data and U.S. government-related data by "countries of concern" as posing a national security risk....more