State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: CFIUS Update: Key Takeaways from the FIRRMA Implementing Regulations
Millions of individuals could be at the mercy of cybercriminals after a hacking group launched a large-scale data breach impacting 2.9 billion records, including Social Security numbers and other sensitive information. The...more
The California Privacy Protection Agency (CPPA) Board met last week to discuss the latest updates on California Consumer Privacy Act (CCPA) draft regulations for cybersecurity audits, risk assessments, automated...more
The United States Department of Defense (“DoD”) recently published its Defense Industrial Base Cybersecurity Strategy 2024. For context, the DIB is comprised of more than 100,000 domestic and foreign companies or...more
The newly promulgated measures increase the threshold of data triggering security assessments and contract requirements while leaving room for Chinese authorities to heavily restrict cross-border data transfers. In...more
This is Part 2 of a two-part series. Part 1 addressed the risks and restrictions organizations face in deploying artificial intelligence (AI) and the key elements of an AI strategy. This part details how to develop an AI...more
On February 28, 2024, President Biden signed Executive Order (EO) 14117 titled “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern.” On March 5,...more
In December, the California Privacy Protection Agency (CPPA) published revised draft regulations on risk assessments required under the California Privacy Rights Act (CPRA). Under prior draft regulations, the CPPA will...more
On 24 January 2024, the European Commission (EC) published its proposed reform of foreign investment screening in the EU. The proposal introduces more comprehensive rules for the review of foreign investments and strengthens...more
In the run-up to this Friday’s December Board meeting, the California Privacy Protection Agency (CPPA or the “Agency”) has continued its recent flurry of regulatory activity. Late last week, the CPPA published an additional...more
The California Privacy Protection Agency (CPPA) released initial draft regulations for cybersecurity audits (which have since been amended) and risk assessments late this summer. The agency’s board of directors addressed the...more
Keypoint: The Agency proposed more revisions to the CCPA regulations for consideration at the December 8 board meeting. On December 1, 2023, the California Privacy Protection Agency (Agency) published proposed revisions to...more
Join members of McDermott’s Global Privacy & Cybersecurity team and Alan Gutierrez-Arana of Mazars for the next installment in our PCI DSS 4.0 series. PCI DSS 4.0 brings major changes to payments with an increased focus on...more
We are currently witnessing an AI revolution, and an unprecedented AI arms race among Big Tech over the incorporation of AI into their search engines and chatbot capabilities. Most notably, ChatGPT has been dominating news...more
Keypoint: The changes are mostly controller-friendly with modifications to the privacy notice, consent, and data protection assessment provisions likely to facilitate compliance; however, the draft rules retain many of the...more
On November 15, the FTC announced a six month extension to the deadline for companies to comply with the Safeguards Rule. The Safeguards Rule requires non-banking financial institutions, such as mortgage brokers, motor...more
The New York Department of Financial Services (NYDFS) on Nov. 9, 2022, released Proposed Amendments to its Cybersecurity Regulation. The NYDFS Cybersecurity Regulation was one of the first laws requiring companies to comply...more
The amended California Consumer Privacy Act (CCPA), sometimes referred to as the California Privacy Rights Act (CPRA) or Proposition 24, takes effect on January 1, 2023 – and introduces new consumer rights, while...more
Over the last two years, many states have taken cues from California and the EU by adopting sweeping privacy laws. These laws, passed in Virginia, Colorado, Connecticut and Utah, as well as updates to the already enacted...more
There is no question that ransomware is here to stay. Thirty-seven percent of the matters we handled last year involved ransomware, compared to 27 percent of matters in 2020. ...more
Following the SolarWinds and the Colonial Pipeline cyberattacks, the Biden Administration emphasized a shift toward mandatory cybersecurity requirements. Throughout 2021, government agencies issued new cybersecurity guidance,...more
Certain Colorado companies and others targeting Coloradans will soon be subject to the newly enacted Colorado Privacy Act (“CPA”), signed into law by Gov. Jared Polis on July 8, 2021. Colorado joins California and Virginia as...more
Lawyers handle tremendous amounts of sensitive information every day: their clients’ personal data, including both personally identifiable information (PII) and protected health information (PHI), intellectual property, trade...more
Even in the absence of a cross-border transfer of personal data from the European Union to a third country, if you are using a vendor that has a U.S. parent company, get ready to implement supplementary measures, says the...more
The California Privacy Rights Act (CPRA) is a ballot initiative that, if passed in November, will significantly amend the California Consumer Privacy Act (CCPA)....more