State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: CFIUS Update: Key Takeaways from the FIRRMA Implementing Regulations
Key Takeaways: On December 28, 2024, education technology company PowerSchool disclosed a cybersecurity breach impacting 62 million students and 9.5 million educators across the globe. The intrusion, which began on December...more
In data breach litigation, courts generally find plaintiffs have standing such that their complaints may proceed past the pleading stage when it is alleged that sensitive information was impacted and there is an allegation of...more
The New York State Department of Financial Services recently announced that it has entered into a consent order with PayPal, Inc. for violations of the NYDFS Cybersecurity Regulation. The consent order, under which PayPal has...more
According to a highly critical article recently published by TechCrunch, the Department of Government Efficiency (DOGE), President Trump’s advisory board headed by Elon Musk, has “taken control of top federal departments and...more
On January 23, 2025, PayPal settled an enforcement action brought by the New York State Department of Financial Services (NY DFS) for failing to comply with cybersecurity regulations required for financial services businesses...more
Businesses need data from consumers, and the sharing and selling of this resource has become quite common. However, you also need to be mindful of the rights of the people whose data you collect, especially their personally...more
With the onslaught of new privacy, AI and cyber legislation coupled with promises for enforcement and class action litigation, running a well-functioning and flexible privacy and cyber program is increasingly a critical...more
On January 03, 2025, the government released the much awaited draft Digital Personal Data Protection Rules, 2025, (Draft Rules / Rules) for public consultation and invited stakeholder feedback by February 18, 2025 (access the...more
On December 24, 2024, New York Governor Kathy Hochul signed into law amendments to New York’s private-sector data breach notification law (General Business Law § 899-aa) and government agency data breach notification law (New...more
Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more
Actions in the last six months of the Brazilian National Data Protection Authority (“ANPD”) suggest that it intends to aggressively enforce the Brazilian Data Protection Law (“LGPD”). The LGPD applies to any entity that...more
On August 6th, the Dutch Data Protection Authority (DPA) issued guidance cautioning companies about the potential data protection risks associated with the use of Artificial Intelligence (AI)-powered chatbots....more
On April 25, 2024, the attorneys general of 22 states issued a letter encouraging UnitedHealth Group and its subsidiary, Change Healthcare, to take additional steps to respond to a massively disruptive cyberattack. The broad,...more
Introduction - The Brazilian General Data Protection Law (“LGPD”), enacted in 2018 and enforced since 2020, serves as the cornerstone of the country's data protection framework. Its primary objective is to ensure the...more
In Argentina, data protection is governed by comprehensive legislation aimed at safeguarding individuals' personal data. Below you will find an outline of the key aspects including governing legislation, exploring their scope...more
In response to President Biden’s Executive Order authorizing increased data privacy measures, Assistant Attorney General (AAG) Matthew G. Olsen announced that the National Security Division of the Department of Justice (DOJ)...more
The Internet of Things (“IoT”) has ushered in a new era of connectivity and convenience, but with it comes a host of legal issues and emerging theories of liability. As IoT devices become increasingly ubiquitous in our daily...more
يُعد نظام حماية البيانات الشخصية (النظام) أول نظام شامل لحماية البيانات في المملكة العربية السعودية. من المتوقع أن تبدأ الهيئة السعودية للبيانات والذكاء الاصطناعي (الهيئة) في الإنفاذ الكامل للنظام اعتبارًا من 14 سبتمبر 2024،...more
Connecticut was one of the first U.S. states to pass a comprehensive data privacy law back in May 2022. Today, a total of 13 states have passed similar laws, and dozens of other states are proposing legislation to do so as...more
The new Swiss Federal Act on Data Protection, known by the acronym “nFADP,” took effect on September 1. The law was enacted by the Swiss parliament in 2020. The law introduces new rights for Swiss citizens, but also...more
On June 30, 2023, ARx Patient Solutions filed a notice of data breach with the Attorney General of Maine after discovering that an employee’s M365 email account was accessed by an unauthorized party. In this notice, ARx...more
An estimated 82% of the data breaches that occurred in 2022 involved human error or intentional misconduct. That’s why organizations need to be diligent in protecting their data from both internal and external threats. One...more
The FTC is Coming Soon to a Phony Earnings Scheme and Celebrity Endorser Near You - The FTC is making good on its promises to protect consumers from phony get-rich-quick opportunities, wrapped in costly training programs,...more
We are currently witnessing an AI revolution, and an unprecedented AI arms race among Big Tech over the incorporation of AI into their search engines and chatbot capabilities. Most notably, ChatGPT has been dominating news...more
A recent blog post by the leader of a cybersecurity platform provides a suggestion as to how gig economy companies can protect all the sensitive data they accumulate – and we can add a few more items to that checklist. Arti...more