In a recent update to internal procedural guidance, the General Services Administration (GSA) has established a new framework of security requirements and privacy controls for contractor information systems that process,...more
Florida has suddenly become flooded with “digital wiretapping” lawsuits or demand letters targeting companies that use standard tracking technologies on their websites or in marketing emails. While historically many of these...more
As privacy regulations continue to evolve in the U.S., states are increasingly requiring businesses to honor universal opt-out signals that communicate a consumer’s data-sharing preferences. Global Privacy Control (GPC) is a...more
Vibe hackers are kind of like fast zombies – those speedy, undead creatures first introduced in the 1980 film Nightmare City and popularized by the cinematic masterpiece 28 Days Later and the 2004 remake of Dawn of the Dead....more
The privacy landscape is rapidly evolving. This webinar will provide a “TL;DR” high-level update on recent privacy laws and regulations, including: - Key dates in new and amended state privacy laws, and emerging privacy...more
Officials from California, Colorado, and Connecticut just announced a coordinated investigative sweep targeting companies whose websites may be ignoring automatic opt-out preference signals that users can configure in their...more
The investigative sweep is part of a growing multistate approach to privacy enforcement actions....more
In October, the HHS Office for Civil Rights (OCR) fined Providence Medical Institute (PMI) $240,000, an amount that reflected a 20% discount for having “recognized security practices” (RSPs) in place. But many more covered...more
On Jan. 15, the Federal Trade Commission (FTC) announced a proposed settlement with web hosting giant GoDaddy over alleged violations of Section 5 of the FTC Act. Specifically, the FTC alleged that GoDaddy had violated the...more
The U.S. Department of Homeland Security (DHS) recently published new security requirements for certain restricted transactions covered by the U.S. Department of Justice’s (DOJ) sensitive data export rules. ...more
With the onslaught of new privacy, AI and cyber legislation coupled with promises for enforcement and class action litigation, running a well-functioning and flexible privacy and cyber program is increasingly a critical...more
The Regulations, which took effect on January 1, 2025, reiterate and clarify existing requirements and introduce new ones on privacy and network data security....more
On December 27, 2024, the Department of Health and Human Services (HHS) issued a notice of proposed rulemaking (NPRM) related to the Security Rule under the Health Insurance Portability and Accountability Act (HIPAA). ...more
Compliance and Regulations - Ensure adherence to SEC regulations with appropriate privacy and cybersecurity policies tailored to SEC requirements....more
On October 2, the New York State Department of Health (NYSDOH) issued new cybersecurity regulations (Regulations) for all general hospitals in New York state (“hospitals”), creating a new Section 405.46 in Title 10 (Health)...more
The New York State Department of Financial Services (NYDFS) and the Attorney General’s office have recently imposed significant fines totalling $11.3 million on Geico and Travelers for data breaches that compromised the...more
On 6 November 2024, the ICO published an outcomes report on AI tools in recruitment (the “Report”). This Report follows consensual audit engagements carried out by the ICO with developers and providers of AI tools to be used...more
In addition to holiday celebrations, the month of December typically ushers in a final round of enforcement actions by the U.S. Department of Health and Human Services' (HHS) Office of Civil Rights (OCR), and 2024 is no...more
We are moving westward this week from Iowa to Nebraska in our series of articles providing in-depth summaries of state consumer privacy laws taking effect across the nation. Nebraska Governor Jim Pillen (R) signed the...more
New York hospitals have less than a year to dust off their Health Insurance Portability and Accountability Act (HIPAA) compliance programs and update them to comply with more stringent and detailed state regulations. Last...more
Americans hear about cybersecurity incidents on a frequent basis. As the adage goes, it is not a matter of “if” a breach or security hack occurs; it is a matter of “when.”...more
With the deadline for Member States to transpose the European Union’s updated Network and Information Systems Directive (Directive (EU) 2022/2555) (NIS 2 or Directive) into national law, with the Directive having passed on 18...more
On October 21, 2024, the Securities and Exchange Commission’s (SEC) Division of Examinations (the Division) published its annual examination priorities for 2025 (2025 Priorities), which focus on certain “practices, products,...more
President Ronald Reagan famously quipped, "I think you all know that I've always felt that the nine most terrifying words in the English language are: I'm from the Government, and I'm here to help."1 At an Oct. 23-24, 2024,...more
On October 22, 2024, the SEC charged two current reporting companies, Unisys Corp. and Check Point Software Technologies, and two former public companies, Mimecast Limited and Avaya Holdings Corp., with making materially...more