Colorado is the first state to enact a comprehensive artificial intelligence (AI) law to protect consumers against discrimination after a nearly identical bill failed to pass in Connecticut. The purpose of the Colorado...more
6/27/2024
/ Algorithms ,
Artificial Intelligence ,
Automation Systems ,
Colorado ,
Contract Drafting ,
Contract Terms ,
Innovative Technology ,
Machine Learning ,
Non-Discrimination Rules ,
Risk Management ,
Unfair or Deceptive Trade Practices
Professional sports teams' greatest rivals in the coming seasons could be their own fans. With the increase of facial recognition technologies implemented within sports venues, compliance with state biometric privacy laws...more
The new Colorado Privacy Act (CPA) will take effect on July 1, 2023, requiring companies that operate within the state to comply with heightened privacy requirements. Colorado joins several other states with comprehensive...more
The California Consumer Privacy Act (CCPA) took effect on January 1, 2020, providing rights and protections to California consumers regarding their personal information and how it may be processed by certain businesses....more
With the explosion of online sweepstakes in recent years, many marketing companies promote sweepstakes and online contests as an attractive way to gain users and customers. Many companies will adopt rules from a current...more
The surge in new health apps and connected devices, which only increased during the pandemic, continues to raise many legal and ethical questions. As a result, lawmakers have been scrambling to define the obligations...more
10/13/2021
/ Breach Notification Rule ,
Connected Items ,
Data Breach ,
Data Collection ,
Data Protection ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Federal Trade Commission (FTC) ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Devices ,
Mobile Apps ,
Patient Privacy Rights ,
Personally Identifiable Information ,
Policy Statement ,
Popular ,
Regulatory Requirements
For decades, there has been an ongoing controversy about whether esports are sports. While some consider this sort of labeling issue trivial, it is critically important in the legal context. Classification rings especially...more
Since the implementation of the EU’s General Data Protection Regulation (GDPR), the European Commission’s (EC) approved Standard Contractual Clauses (SCC) have been vital to the transfer of personal data to third countries...more
Last week, in a 6-3 opinion delivered by Justice Amy Coney Barrett, the U.S. Supreme Court settled a long-running question about the scope of the Computer Fraud and Abuse Act of 1986 (CFAA). In Van Buren v. United States, the...more
At select ballparks across the country, fans can speed through security screen procedures using thumbprint scans. Sports venues from Madison Square Garden to CenturyLink Field now use biometrics to enhance game day...more
If the past two years of ramping up compliance for the California Consumer Privacy Act (CCPA) wasn't fun enough, businesses have new compliance challenges ahead in the next couple of years. This past November, California...more
1/22/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
COPPA ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Personal Data ,
Popular
As anticipated by many experts in the field, the data security-focused private right of action under the California Consumer Privacy Act (CCPA) has resulted in claims alleging potential unauthorized access. FinTech data...more
9/23/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
FinTech ,
Health Technology ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Private Right of Action
In a decision issued on July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated the EU-U.S. Privacy Shield Framework, one of the primary tools used by companies in the European Union (EU) to transfer...more
7/20/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
In mid-March, California Attorney General Xavier Becerra released the third set of California Consumer Privacy Act (CCPA) draft regulations. Around the same time, a number of business and trade organizations pleaded with the...more
4/6/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Management ,
Data Privacy ,
Data Protection ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
Businesses subject to the California Consumer Privacy Act (CCPA) have found themselves in an odd position with respect to their compliance efforts. The CCPA was effective on January 1, 2020 but enforcement will not begin...more
2/13/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Risk Management ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
On January 16, 2020, the National Institute of Standards and Technology (NIST) issued its NIST Privacy Framework Version 1.0 (Privacy Framework). The Privacy Framework follows the same type of structure as the NIST Framework...more
1/24/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Cybersecurity Framework ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Privacy ,
Data Protection ,
Data Security ,
Framework Agreement ,
General Data Protection Regulation (GDPR) ,
NIST ,
Personal Data ,
Popular ,
Privacy Act of 1974 ,
Risk Management
A recent ruling in the Illinois Appellate Court maintained that biometric data claims under the Illinois Biometric Information Privacy Act (BIPA) do not amount to wage-and-hour claims subject to a luxury hotel owner's...more
4/24/2019
/ Appeals ,
Arbitration ,
Biometric Information ,
Biometric Information Privacy Act ,
Data Collection ,
Data Privacy ,
Employer Liability Issues ,
Employment Litigation ,
Fingerprints ,
Mandatory Arbitration Clauses ,
Personal Data ,
Personally Identifiable Information ,
Wage and Hour
In recent years, bank regulators have increased their efforts to require banks to appropriately handle third-party risk management. On April 2, the Federal Deposit Insurance Corporation (FDIC) issued a Financial Institution...more
Banks and other financial institutions rely on a relatively small number of core service providers to process customer personal and financial information. The National Association of Federally-Insured Credit Unions (NAFCU)...more
8/31/2018
/ Banking Sector ,
Data Breach ,
Data Protection ,
Digital Service Providers ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Interagency Guidance ,
Internet ,
Notification Requirements ,
Personal Data ,
State Data Breach Notification Statutes ,
Third-Party Service Provider ,
Vulnerability Assessments ,
Websites
On June 28, 2018, California enacted the California Consumer Privacy Act of 2018 (CCPA), which provides what is arguably the most restrictive privacy law in the U.S. and would likely have some effect on most businesses across...more
7/3/2018
/ Biometric Information ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
New Legislation ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Private Right of Action ,
State and Local Government
Companies that routinely collect or process data of European Union residents have likely spent the past couple of years preparing for May 25, 2018. ...more
As children's activities on the Internet have expanded, many states and the federal government have enacted legislation to regulate such activities and other "smart" children’s products—products that collect, transmit or...more
The activities of children on the internet, whether via computers, smart phones, or tablets, have grown exponentially in recent history. As internet access for children increased, parents began losing control of the amount...more
5/17/2016
/ COPPA ,
Data Collection ,
Federal Trade Commission (FTC) ,
Geolocation ,
Internet ,
Mobile Apps ,
Mobile Devices ,
Online Safety for Children ,
Parental Consent ,
Personally Identifiable Information ,
Privacy Policy ,
Websites
The European Court of Justice has declared invalid the Safe Harbor data-transfer agreement that has governed EU data flows across the Atlantic for the last 15 years. Thousands of U.S. companies have relied on the Safe Harbor...more
10/23/2015
/ Article 29 Working Party (WP29) ,
Binding Corporate Rules ,
Cybersecurity ,
Data Protection Authority ,
Edward Snowden ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
European Economic Area (EEA) ,
Facebook ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Ireland ,
Model Contracts ,
National Security ,
National Security Agency (NSA) ,
Personal Data ,
Privacy Laws ,
Right to Privacy ,
Safe Harbors ,
Schrems I & Schrems II ,
US-EU Safe Harbor Framework
Highly regulated industries such as banking and healthcare have been at the forefront with robust data security regulations for a number of years. Regulators are now focusing on other industries as data breach incidents...more