State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: CFIUS Update: Key Takeaways from the FIRRMA Implementing Regulations
The US Department of Justice issued a Notice of Proposed Rule Making (NPRM) October 21, 2024 that, if finalized, will prohibit or restrict a significant amount of international data sharing with countries of concern,...more
Comprehensive consumer privacy laws continue to hit the desks of governors in states across the country, with nineteen state laws now on the books. Since we wrote our 2023 Round-Up on State Consumer Data Privacy Laws article...more
This article is the first in a series that will address privacy concerns for insurance carriers, agents and brokers. The insurance industry is uniquely situated at the confluence of multiple data privacy regimes....more
The rule aims to reduce market concentration by guaranteeing consumer access to personal financial data, but faces strident criticism and immediate legal challenge....more
With the publication of a recent Notice of Proposed Rulemaking (NPRM), the Department of Justice National Security Division will soon become an important new regulator of transactions involving the transfer of sensitive U.S....more
A recent cyber attack targeting ZircoDATA, a data firm contracted by Australia’s Department of Home Affairs, has raised significant concerns about data privacy and cybersecurity in government-linked organizations. This breach...more
On October 21, 2024, the Department of Justice (DOJ) released an unpublished Notice of Proposed Rulemaking (NPRM), Provisions Pertaining to Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by...more
On October 21, 2024, the U.S. Department of Justice (Department or DOJ) and the U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued proposals – required by the...more
The U.S. Department of Defense (DOD) has published a Final Rule to implement the Cybersecurity Maturity Model Certification (CMMC) program, which establishes minimum cybersecurity requirements for nearly all DOD contracts....more
October has already been a busy month for the Court of Justice of the European Union (“CJEU”), which has published a number of judgments on the interpretation and application of the GDPR, including five important decisions,...more
Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more
In today's digital era, the volume of electronic data generated by organizations is staggering. For law firms conducting due diligence, managing this data while ensuring compliance with stringent data privacy regulations is a...more
On September 24, 2024, the State Council released the Regulations on the Management of Network Data Security (《网络数据安全管理条例》) (“Regulations”). The Regulations focus on prominent issues related to Personal Information (PI),...more
When one hears the term “neural data,” a brain implant comes to mind, alongside concerns about these neurotechnologies being able to read our innermost thoughts. Generally, implantable devices such as these are considered...more
The federal government is the biggest purchaser in America and that extends to the SaaS space. On September 24, 2024, the Office of Management and Budget (OMB) released Memorandum M-24-18, offering updated guidelines for the...more
On September 29, 2024, California took a significant step forward in data privacy protection by passing a law that extends the California Consumer Privacy Act (CCPA) to cover neural data—brain activity and related information...more
Your real estate firm is at risk from the growing threat of cybersecurity attacks. The days of retaining hard copies and physical files are increasingly phasing out. In an era where digital transformation is altering the...more
During the final days of the California legislative session, which ended on August 31, 2024, the California legislature passed several privacy bills, described below, that would amend the California Consumer Privacy Act...more
Many lawyers today are wrestling with the question of whether they should inform clients that artificial intelligence technologies are being used on their case matters. Ethical advice from state bar regulators has been slowly...more
California is set to amend the California Consumer Privacy Act of 2018 (CCPA) with two recent amendments that have been signed into law. Assembly Bill (AB 1008) and Senate Bill 1223 (SB 1223) aim to clarify how the law...more
We previously wrote about proposed changes to the definition of sensitive personal information under a June 2024 draft of the Guide for Sensitive Personal Information Identification (“Guide“). The Guide has now (September...more
With the United States preparing to host the 2026 FIFA World Cup, the 2028 Summer Olympics in Los Angeles and the 2034 Winter Olympics in Salt Lake City, the race is on for venues, individual states and the federal government...more
As January 2025 privacy strategy planning ramps up this fall, our Privacy, Security, & Artificial Intelligence team has put together a planning alert for 2024–2025. In this installment, we review the following nine state...more
Actions in the last six months of the Brazilian National Data Protection Authority (“ANPD”) suggest that it intends to aggressively enforce the Brazilian Data Protection Law (“LGPD”). The LGPD applies to any entity that...more
The Israeli Privacy Protection Authority recently published a binding directive addressing the board of director’s responsibilities for the fulfillment of a company’s obligations prescribed in the Privacy Protection...more