On Jan. 6, 2025, the U.S. Department of Health and Human Services (HHS) proposed new regulations to enhance cybersecurity protections for electronic protected health information (ePHI) under the Health Insurance Portability...more
In this week’s installment of our blog series on the U.S. Department of Health and Human Services’ (HHS) HIPAA Security Rule updates in its January 6 Notice of Proposed Rulemaking (NPRM), we are tackling the proposed updates...more
As of January 23, 2025, the regulation discussed below has not been withdrawn by the Trump administration and is not subject to automatic withdrawal under President Trump’s Executive Order freezing regulations. It currently...more
On January 8, 2025, the Federal Communications Commission (FCC or Commission) released a Report and Order (Order) adopting new rules for Robocall Mitigation Database (RMD) filings. Adopted unanimously by the Commission, the...more
‘Tis the season for holiday baking and the elves at the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), have been diligently crafting their own holiday treat. On December 27,...more
The Consumer Financial Protection Bureau (“CFPB”) has published a Notice of Proposed Rulemaking (“NPRM”) titled “Protecting Americans From Harmful Data Broker Practices” 89 Fed. Reg. 101402 (Dec. 13, 2024). If adopted in its...more
The US Department of Justice (DOJ) on October 21, 2024 issued a Notice of Proposed Rulemaking (NPRM), through its Foreign Investment Review Section (FIRS), to implement Executive Order (EO) 14117, titled Preventing Access to...more
You are reading the October 2024 Update of the Bass, Berry & Sims Enforcement Roundup, where we bring notable enforcement actions, policy changes, interesting news articles, and a bit of our insight to your inbox. -...more
Earlier this year, the Biden administration issued Executive Order (EO) 14117, which instructed the Department of Justice (DOJ) to create a framework that would prohibit certain data transactions. ...more
Recent U.S. developments indicate a growing focus on regulating and investigating the data privacy practices of companies in the automotive sector. The Federal Trade Commission (FTC) recently highlighted in a blog post its...more
In 2025, new federal reporting requirements will require hundreds of thousands of organizations to report cyber incidents within hours of discovery to the United States Government, marking a significant impact on how...more
On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) within the US Department of Homeland Security released a much-anticipated notice of proposed rulemaking (NPRM) to implement the Cyber Incident...more
On February 28, 2024, the Biden Administration issued a new “Executive Order on Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” (the “EO”). The...more
The Federal Communications Commission has set a February 26, 2024 filing deadline for all providers in the call chain, regardless of STIR/SHAKEN status or whether they have the facilities to implement STIR/SHAKEN, to file...more
Our Consumer Protection/FTC and Privacy, Cyber & Data Strategy teams review how the Federal Trade Commission’s proposal to amend the COPPA Rule would to create significant operational changes for website operators....more
On December 20, 2023, the Federal Trade Commission (FTC or Commission) issued a Notice of Proposed Rulemaking (Notice) recommending amendments to the Children’s Online Privacy Protection Rule (COPPA Rule or Rule). The FTC...more
Enacted in 1996, the Children’s Online Privacy Protection Act (COPPA) is the nation’s longest standing and most comprehensive statute aimed at regulating the collection, use and sharing of the personal information of...more
On December 20, 2023, the Federal Trade Commission (“FTC”) issued a Notice of Proposed Rulemaking (“NPRM”) that would make significant changes to the Children’s Online Privacy Protection Rule (“COPPA Rule”), which implements...more
Cybersecurity and data protection is front and center on the Federal Communications Commission’s (FCC) agenda. The latest manifestation of this is the FCC’s issuance of a Notice of Proposed Rulemaking (NPRM) on August 25,...more
What Happened - On July 26, the U.S. Securities & Exchange Commission (SEC) adopted its Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure final rule on a 3-2 vote. The final rule is a modified...more
On May 18, 2023 the Federal Trade Commission (FTC) released a Notice for Proposed Rule Making (NPRM) for updates to the Health Breach Notification Rule, 16 C.F.R. Part 318 (the Rule). The Rule serves to ensure entities that...more
The Federal Communications Commission (“FCC”) circulated internally a Notice of Proposed Rulemaking (“NPRM”) last week that would, among other things, enable telecommunications carriers to report breaches to their customers...more
2021 promises to be an exciting year in the data and privacy space. With the adoption of technologies that collect, analyze, aggregate, distribute and share data, and the implementation of new laws and regulations in...more
On January 12, 2021, the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (Board), and the Federal Deposit Insurance Corporation (FDIC) published a Notice of Proposed...more
The Office of the Comptroller of the Currency, Treasury (OCC), the Board of Governors of the Federal Reserve System (Board), and the Federal Deposit Insurance Corporation (FDIC) recently announced a “Notice of Proposed...more