When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
Navigating Emerging Privacy Issues in Financial Services — The Consumer Finance Podcast
The Privacy Insider Podcast Episode 4: Don't Be Evil: In the Hot Seat of Data Privacy, Part 1
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Preventative Medicine: Health Care AI Privacy and Cybersecurity — The Good Bot Podcast
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
[Webinar] AI and Data Privacy: Minimizing Risk and Maximizing Opportunity
Work This Way: A Labor & Employment Law Podcast | Episode 14: How Employers Can Navigate Cybersecurity Issues with Brandon Robinson, Maynard Nexsen Attorney
Uncovering Hidden Risks: Ep 13 - Unveil Data Security Paradoxes
On March 28, 2024, the FTC released its annual Privacy and Data Security Update (Update), which highlights the enforcement actions, guidance, and rules promulgated by the agency from 2021 through 2023 to protect consumer data...more
2023 marked a pivotal moment in US data privacy and cybersecurity, characterized by substantial regulatory and legislative advances at the international, federal, and state levels. The Federal Trade Commission (FTC) took a...more
The Consumer Financial Protection Bureau (CFPB) announced on March 15, 2023, that it is issuing a Request for Information (RFI) about the business practices of data brokers, which the agency said will assist it in “planned...more
GoodRx Faces Million Dollar Proposed Penalty from FTC in First Enforcement Action Under the Health Breach Notification Rule - Settlement reveals views on application of unfairness authority to sharing of sensitive...more
Colorado Department of Law Issues Draft CPA Revisions - On December 22, the Colorado Department of Law issued updates to the draft Colorado Privacy Act (CPA) rules. These revisions build on written comments and feedback from...more
In this article, we share a timeline of our monthly "bites" for 2022 applicable to the auto finance industry. So, what happened in 2022?...more
Recently, the CFPB released an outline of proposed measures related to the Bureau’s Dodd-Frank Section 1033 rulemaking efforts that would allow consumers to take control of their personal financial data and determine which...more
Beginning in 2019, the US federal government ramped up its involvement in, and regulation of, the use of artificial intelligence (AI). The federal government is grappling with how to incentivize AI innovation responsibly,...more
The Colorado Attorney General recently released the second set of draft regulations to the Colorado Privacy Act (CPA). In this draft, the AG is seeking specific input on five different topics. There are also a number of...more
On October 27, 2022, the Consumer Financial Protection Bureau (“CFPB”) announced a new regulatory framework (“Framework”) governing “Personal Financial Data Rights,” or, by another name, “open banking.” Conceptually, open...more
President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) on March 15, 2022. The background and contours of CIRCIA are discussed in a previous update. CIRCIA authorizes and...more
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Request for Information (RFI) and announced “public listening sessions” soliciting input in advance of formal rulemaking under the Cyber Incident...more
Continuing a recent trend, the CFPB has asserted that its oversight authority regarding unfair, deceptive, and abusive practices (UDAAP) to assert that certain digital marketers, including what it refers to as “Big Tech,”...more
In this month’s Privacy & Cybersecurity Update, we review the FTC’s proposed data privacy and cybersecurity rulemaking and the European Data Protection Board’s draft guidelines on the calculation of GDPR administrative fines....more
On August 11, the CFPB published a circular clarifying liability under consumer financial protection law for bank and nonbank financial companies that fail to safeguard consumer data. The circular describes how firms may be...more
FTC Publishes Advance Notice of Proposed Rulemaking on Commercial Surveillance and Data Security - Concerned that companies use secret surveillance practices to collect “vast troves” of consumer information, the Federal...more
The Federal Trade Commission (FTC) released an advance notice of proposed rulemaking (ANPRM) on “Commercial Surveillance and Data Security” on August 11, 2022. The ANPRM, approved on a 3-2 party-line vote, is the initial step...more
The FTC has issued a long-anticipated Advanced Notice of Proposed Rulemaking (ANPR) regarding commercial surveillance and data security practices. The FTC invites public comment on a wide range of issues (through more than 95...more
The Department of Defense recently provided some clarity on the timeline for implementation of its Cybersecurity Maturity Model Certification (CMMC) program. The DoD now expects to complete documentation to submit to the...more
The Federal Trade Commission (FTC) now has a full slate of Commissioners and it is expected to ramp up privacy and cybersecurity enforcement and rulemaking in a number of critical areas. Join us for a discussion of the FTC’s...more
Federal Trade Commission (FTC) Chair Lina Khan spoke at the opening of the International Association of Privacy Professionals Global Privacy Summit on April 11, 2022, in Washington, D.C. In her first public speech on privacy...more
President Biden recently signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 as a part of a larger omnibus appropriations bill. The new law sets out mandatory reporting requirements for...more
The brief FTC note indicates the agency will look to combat poor security practices, protect against the misuse of personal information, and discrimination arising from algorithmic decision-making. Last month, the...more
The FTC indicated that it will use its rulemaking authority under the FTC Act’s Section 18 to create a new rule that will likely seek to rein in broad data collection and use. ...more
Report on Patient Privacy 21, no. 12 (December, 2021) - Amid the letters of congratulations to new HHS Office for Civil Rights (OCR) Director Lisa Pino is a plea from the American Hospital Association (AHA): “victims” of...more