Two of the largest alternative dispute resolution services providers—JAMS and the American Arbitration Association (AAA)—have updated or created new rules and fee schedules for mass arbitrations. This development indicates...more
Enacted in 1996, the Children’s Online Privacy Protection Act (COPPA) is the nation’s longest standing and most comprehensive statute aimed at regulating the collection, use and sharing of the personal information of...more
Over the past year, groups of plaintiffs filed multiple copyright infringement claims against companies behind generative artificial intelligence software. These lawsuits allege that training AI models involves mass-scale...more
On September 18, 2023, a U.S. District Court judge in the Northern District of California granted a preliminary injunction enjoining California’s attorney general from enforcing California’s California Age-Appropriate Design...more
9/26/2023
/ California ,
Communications Decency Act ,
COPPA ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Enforcement Actions ,
Governor Newsom ,
Intellectual Property Protection ,
New Legislation ,
Online Safety for Children ,
Popular ,
Preliminary Injunctions ,
Privacy Laws ,
Proposed Legislation
Top 10 Considerations for In-House Counsel on Privacy and Data Protection Concerns with AI: Know your legal role:
1. Privacy laws vary among jurisdictions, and your obligations using AI and personal information will change...more
On August 14, 2023, the U.S. Department of Justice and the Federal Trade Commission (FTC) entered a stipulated settlement with Experian Consumer Services to resolve allegations that Experian violated the Controlling the...more
On July 26, the U.S. Securities and Exchange Commission adopted rules to enhance and standardize public company disclosure of cybersecurity incidents, risk management, strategy and governance.
In particular, the rules,...more
8/1/2023
/ Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 10-K ,
Form 8-K ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
XBRL Filing Requirements
On July 14, 2023, California Attorney General Rob Bonta announced an “investigative sweep” through inquiry letters sent to large California employers. The sweep seeks information on companies’ compliance with the California...more
7/24/2023
/ Board of Directors ,
Business Ownership ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Covered Business ,
Covered Employer ,
Employees ,
Employer Liability Issues ,
Healthcare Workers ,
Independent Contractors ,
Job Applicants ,
Personal Information ,
Privacy Policy ,
Regulatory Requirements
In an effort to “combat the online sale of stolen, counterfeit, and dangerous consumer products,” Congress passed the Integrity, Notification, and Fairness in Online Retail Marketplaces for Consumers Act (the “INFORM...more
On May 1, 2023, the U.S. Court of Appeals for the Seventh Circuit affirmed the dismissal of a putative class action alleging violations of the Illinois Genetic Information Privacy Act (GIPA) against the asset management firm...more
The FTC recently published a policy statement with its enforcement priorities for the misuse of biometric information. To be clear, there are no new federal laws that specifically regulate the collection or use of biometric...more
5/30/2023
/ Biometric Information ,
Biometric Information Privacy Act ,
Data Collection ,
Data Privacy ,
Data Protection ,
Employees ,
Facial Recognition Technology ,
Federal Contractors ,
Federal Trade Commission (FTC) ,
FTC Act ,
Independent Contractors ,
Policy Statement ,
Section 5 ,
State Privacy Laws
The proliferation of health apps and connected devices that allow individuals to track their health conditions, treatment, medications, fitness, fertility, sleep, mental health, diet and other vital areas has led to increased...more
3/30/2023
/ Advertising ,
Breach Notification Rule ,
Civil Monetary Penalty ,
Data Collection ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Technology ,
HIPAA Privacy Rule ,
Medical Devices ,
OCR ,
PHI ,
Popular
On March 22, 2023, the Federal Trade Commission (FTC) announced a request for information (RFI) seeking public comments on business practices in the cloud computing industry. The RFI focuses on three intertwined aspects of...more
3/30/2023
/ Cloud Computing ,
Cloud Service Providers (CSPs) ,
Competition ,
Cybersecurity ,
Data Security ,
European Commission ,
Federal Trade Commission (FTC) ,
Investigations ,
Microsoft ,
Request For Information ,
Technology Sector
The White House announced last Thursday its highly anticipated National Cybersecurity Strategy (NCS). Although largely aspirational and short on concrete plans, the 39-page NCS is the Biden administration’s most ambitious...more
3/9/2023
/ Biden Administration ,
Cloud Computing ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Financial Services Industry ,
Government Agencies ,
National Security
The Illinois Supreme Court recently clarified when a Biometric Information Privacy Act (BIPA) claim accrues: each time, and not just the first time, a person’s biometric information is collected without consent. BIPA requires...more
3/7/2023
/ Biometric Information ,
Biometric Information Privacy Act ,
Data Collection ,
Employer Liability Issues ,
Employment Litigation ,
Fingerprints ,
IL Supreme Court ,
Illinois ,
Personally Identifiable Information ,
Privacy Laws ,
State and Local Government
On December 19, 2022, the Federal Trade Commission (FTC) announced a settlement with Epic Games Inc. (Epic) over its wildly popular game “Fortnite.” The settlement requires Epic to pay $275 million in penalties to resolve...more
1/11/2023
/ Best Practices ,
COPPA ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Online Gaming ,
Online Safety for Children ,
Personal Information ,
Risk Management
In this session, presenters will provide an overview of the current cybersecurity landscape, including the patchwork of state and national security requirements and common law negligence. The presenters will also provide an...more
12/22/2022
/ Best Practices ,
Continuing Legal Education ,
Cybersecurity ,
Data Privacy ,
Data Security ,
National Security ,
New Legislation ,
Privacy Laws ,
Proposed Legislation ,
Regulatory Agenda ,
Risk Management ,
Webinars
In September 2022, California Governor Gavin Newsom signed into law the California Age Appropriate Design Code Act (CAADCA). Beginning July 1, 2024, the act will require businesses that provide online services or features...more
12/16/2022
/ Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Governor Newsom ,
Impact Assessments ,
Mobile Apps ,
New Legislation ,
Online Gaming ,
Online Safety for Children ,
Privacy Laws ,
Regulatory Agenda ,
State Privacy Laws ,
Webinars
Will the FTC be the new vanguard for federal privacy laws about consumer data? The agency has expressed broad concerns about data handling, including lax data security, harm to children, discrimination and retaliation against...more
There is new hope for companies that transfer data from Europe to the United States that the return of a less administratively burdensome mechanism is on the horizon...more
10/17/2022
/ Biden Administration ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
EU ,
EU-US Privacy Shield ,
Executive Orders ,
Foreign Intellgence ,
International Data Transfers ,
National Intelligence Agencies ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Surveillance
In a much-anticipated ruling this week addressing the confluence of website scraping and computer hacking law, the U.S. Court of Appeals for the Ninth Circuit became the latest federal court to limit the reach of the Computer...more
4/22/2022
/ Appeals ,
Computer Fraud and Abuse Act (CFAA) ,
Copyright ,
Copyright Infringement ,
Data Collection ,
Databases ,
Injunctive Relief ,
LinkedIn ,
Terms and Conditions ,
Unauthorized Access ,
Unfair Competition ,
Van Buren v United States ,
Web Scraping ,
Website Owner Liability
It’s the call you hope you never get. Your company has been hit with a ransomware attack. Your systems are offline. Your customer data was stolen by an unknown threat actor who is threatening to leak it. You have lots of...more
4/1/2022
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Protection ,
Extortion ,
FBI ,
FinCEN ,
Hackers ,
Information Technology ,
Office of Foreign Assets Control (OFAC) ,
Personally Identifiable Information ,
Ransomware ,
Risk Management
In the latest move by a regulator aimed at bolstering cyber defenses, on February 9, 2022, the U.S. Securities and Exchange Commission voted to propose new rules to address the cybersecurity risks faced by registered...more
On October 28, 2021, the Federal Trade Commission issued a new Enforcement Policy Statement (the Statement) warning companies against using “dark patterns” in negative option marketing. “Dark patterns” is a broad term that...more
On October 13, 2021, the Federal Trade Commission (FTC) sent a Notice of Penalty Offenses to more than 700 businesses, including top consumer brands, retailers, e-commerce platforms and advertising agencies, regarding...more
10/22/2021
/ Advertising ,
Brand ,
Compliance ,
Disclosure ,
E-Commerce ,
Endorsements ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Guidance Update ,
IP Litigation ,
Marketing ,
Notice of Violation ,
Testimonial Statements ,
Third-Party