State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: CFIUS Update: Key Takeaways from the FIRRMA Implementing Regulations
This monthly report outlines key developments in China’s data protection sector for June. TC260 Two Cybersecurity Practice Guidelines on Personal Information Protection Compliance Audits: On May 19, 2025, TC260 issued two...more
U.S. companies are running out of time to comply with a sweeping new Department of Justice (DOJ) rule that limits sharing sensitive personal data with certain foreign countries—including China, Russia, and Iran. With a hard...more
Health Insurance Portability and Accountability Act (HIPAA)-covered entities and business associates should be familiar with restrictions on the use or disclosure of protected health information (PHI) under HIPAA rules....more
While the US federal government is largely scaling back its rulemaking and compliance efforts, one critical exception is where personal data and technology intersect with national security. Exemplifying this trend, on April...more
The guide outlines the requirements of a newly implemented Data Security Program designed to prevent China, Russia and other foreign adversaries designated by the U.S. Department of Justice from accessing American’s sensitive...more
On April 8, the Department of Justice’s (“DOJ’s”) final rule on Preventing Access to US Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons (the “Rule”) formally took effect. ...more
On April 11, 2025, the Department of Justice (DOJ) announced additional guidance regarding the implementation of the Final Rule (the “Rule”), Provisions Pertaining to Preventing Access to U.S. Sensitive Personal Data and...more
In a Press Release issued April 11, 2025, the U.S. Department of Justice (“DOJ”) indicated that it would prioritize “facilitating compliance” over civil enforcement actions for the first 90 days of its new US-China data...more
The Department of Justice (“DOJ”) published its final regulations on “Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons” (the “Final Rule”). The Final...more
Does the R.R. Donnelley settlement mean heightened Securities and Exchange Commission (SEC) involvement in regulating public companies’ cybersecurity policies and practices? Our Securities Litigation, Privacy, Cyber & Data...more
On March 28, 2024, the FTC released its annual Privacy and Data Security Update (Update), which highlights the enforcement actions, guidance, and rules promulgated by the agency from 2021 through 2023 to protect consumer data...more
The Federal Trade Commission (FTC) recently published a post on their Business Guidance Blog discussing lessons learned from three enforcement actions against sellers of genetic testing products. These guidelines address...more
On June 16, the Federal Trade Commission (FTC) announced an enforcement action against 1Health.io Inc. (“1Health,” also known as Vitagene, Inc.), a genetic testing company that analyzes consumer-provided DNA samples and uses...more
Following the passage of the California Privacy Rights Act (CPRA), for the past two years, employers have been partially exempt from many of the California Consumer Privacy Act's (CCPA) mandates pertaining to applicants,...more
State Attorneys General settle with Wawa, Inc. for 2019 data breach that compromised approximately 34 million payment cards used by consumers. On July 26, 2022, Acting New Jersey Attorney General Matthew J. Platkin...more
Following the SolarWinds and the Colonial Pipeline cyberattacks, the Biden Administration emphasized a shift toward mandatory cybersecurity requirements. Throughout 2021, government agencies issued new cybersecurity guidance,...more
A recent SEC settlement shed light on data security and privacy concerns that public companies should keep in mind when drafting and filing periodic reports. The SEC settlement concerned a 2018 data breach at Pearson Plc that...more
On March 2, 2021, Virginia enacted the Consumer Data Protection Act (“VCDPA”). The VCDPA will become effective January 1, 2023. The VCDPA shares its roots with the California Consumer Protection Act (“CCPA”) and the recently...more
On November 3, 2020, California voters convincingly approved the California Privacy Rights Act (“CPRA”) ballot initiative. The CPRA builds upon and amends the California Consumer Protection Act (“CCPA”), aligning it more with...more
On July 21, 2020, the New York Department of Financial Services (DFS) filed a “Statement of Charges and Notice of Hearing” (the “Charges”) against First American Title Insurance Company (the “Company”) alleging violations of...more