On February 1, Connecticut Attorney General (AG) William Tong released a report detailing the AG’s initial efforts to enforce the Connecticut Data Privacy Act (CTDPA or “the Act”) and providing recommendations on how the Act...more
2/13/2024
/ Consumer Privacy Rights ,
Data Privacy ,
Enforcement Authority ,
Enforcement Priorities ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Reports ,
Privacy Policy ,
State Attorneys General ,
State Data Breach Notification Statutes ,
State Privacy Laws
On January 9, 2024, the Federal Trade Commission (FTC) issued its first ever prohibition on the use, sale and disclosure of sensitive location data against X- Mode Social and Outlogic (“X-Mode”), a location data broker. Only...more
2/12/2024
/ Data Brokers ,
Data Collection ,
Data Deletion ,
Data Processors ,
Data Retention ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Informed Consent ,
Location Data ,
Location Privacy ,
Sensitive Personal Information
This post is part of a series of articles we are doing on 2023 data protection litigation trends.
2023 saw a rise in class action litigation related to internet tracking technology employed by companies to enhance user...more
This post is part of a series of articles we are doing on 2023 data protection litigation trends.
Since its enactment in 2008, Illinois’s Biometric Information Privacy Act (BIPA) has produced a wave of privacy-related...more
2/1/2024
/ Biometric Information ,
Biometric Information Privacy Act ,
Class Action ,
Compliance ,
Consent ,
Corporate Counsel ,
Data Collection ,
Data Privacy ,
Employer Liability Issues ,
Employment Litigation ,
Exemptions ,
Fingerprints ,
Health Care Providers ,
IL Supreme Court ,
PHI ,
Privacy Laws ,
Private Right of Action ,
State Privacy Laws ,
Statute of Limitations ,
Statutory Damages ,
Statutory Violations ,
Third-Party Liability
The Federal Trade Commission (FTC) recently published a post on their Business Guidance Blog discussing lessons learned from three enforcement actions against sellers of genetic testing products. These guidelines address...more
1/25/2024
/ Advertising ,
Artificial Intelligence ,
Biometric Information ,
Civil Monetary Penalty ,
Compliance ,
Data Privacy ,
Data Security ,
Enforcement Actions ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
Genetic Testing ,
HIPAA Breach Notification Rule ,
Rite Aid ,
Sensitive Personal Information
Following a busy 2023 in which seven states enacted comprehensive privacy laws, we entered this year expecting additional activity on this front across state legislatures. The opening weeks of 2024 have not disappointed. Most...more
On January 8, 2024, the New Jersey Assembly and Senate passed Senate Bill 332 (S. 332, or the “Act”), and it was signed into law by Governor Phil Murphy on January 16. This makes New Jersey the first state to enact a...more
1/18/2024
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Data Processors ,
Data Protection ,
Effective Date ,
Enforcement ,
Enforcement Authority ,
Exemptions ,
Governor Murphy ,
Minors ,
New Legislation ,
Opt-Outs ,
Prior Express Consent ,
Privacy Laws ,
Sensitive Personal Information ,
State Attorneys General ,
State Privacy Laws
As we have detailed previously, 2023 was a landmark year for privacy law, featuring numerous developments at the federal, state and international levels, ranging from newly enacted statutes to massive regulatory enforcement...more
1/17/2024
/ Adtech ,
Artificial Intelligence ,
Audits ,
Biden Administration ,
Breach Notification Rule ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
COPPA ,
Cybersecurity ,
Electronic Protected Health Information (ePHI) ,
Enforcement ,
Enforcement Actions ,
Executive Orders ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Popular ,
Privacy Laws ,
Proposed Legislation ,
Regulatory Requirements ,
Rulemaking Process ,
Sensitive Personal Information ,
State Privacy Laws
On December 19, 2023, the Federal Trade Commission (FTC) announced an enforcement action against the retail pharmacy Rite Aid for unfair practices associated with its use of a facial recognition technology (FRT) surveillance...more
1/15/2024
/ Artificial Intelligence ,
Biometric Information ,
Customer Privacy ,
Customers ,
Data Retention ,
Enforcement Actions ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Pharmacies ,
Retailers ,
Risk Assessment ,
Rite Aid ,
Surveillance ,
Third-Party Service Provider ,
Unfair or Deceptive Trade Practices
On December 20, the Federal Trade Commission (FTC or “the Commission”) published a notice of proposed rulemaking (NPRM) proposing amendments to the Children’s Online Privacy Protection Rule (the “COPPA Rule” or the “Rule”)....more
1/15/2024
/ Biometric Information ,
COPPA ,
Data Security ,
Enforcement Actions ,
Exceptions ,
Federal Trade Commission (FTC) ,
Microsoft ,
Notice Requirements ,
NPRM ,
Online Platforms ,
Parental Consent ,
Personal Information ,
Proposed Amendments ,
Public Schools ,
Safe Harbors ,
Websites
On January 4, 2023, the New Hampshire House of Representatives passed Senate Bill 255 (the “Act”) with amendments, setting the stage for New Hampshire to become the latest state with a comprehensive privacy law....more
1/10/2024
/ Compliance ,
Consent ,
Covered Entities ,
Data Privacy ,
Effective Date ,
Exemptions ,
Minors ,
Pending Legislation ,
Popular ,
Privacy Laws ,
Sensitive Personal Information ,
State Privacy Laws
2023 marked a pivotal moment in US data privacy and cybersecurity, characterized by substantial regulatory and legislative advances at the international, federal, and state levels. The Federal Trade Commission (FTC) took a...more
1/8/2024
/ Artificial Intelligence ,
Breach Notification Rule ,
California Privacy Protection Agency (CPPA) ,
Compliance ,
Consumer Financial Protection Act (CFPA) ,
Consumer Financial Protection Bureau (CFPB) ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Security ,
Enforcement Authority ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
International Data Transfers ,
OCR ,
PHI ,
Rulemaking Process ,
Safeguards Rule ,
Securities and Exchange Commission (SEC) ,
State Privacy Laws
On December 8, the California Privacy Protection Agency (CPPA or “the Agency”) held a public Board meeting to discuss a range of topics, including proposed regulations on cybersecurity audits, risk assessments, and automated...more
On December 8, representatives from the European Commission, the European Parliament, and the Council of the European Union (EU) reached political agreement on the shape and contents of the EU’s AI Act (the “Act”), setting...more
Earlier this year, Texas and Oregon each passed a data broker registration law, joining California and Vermont to double the number of states that have enacted such legislation. Texas Governor Greg Abbott signed SB 2105 into...more
On November 16, the Federal Trade Commission (FTC) announced an enforcement action against Global Tel*Link Corporation and two of its subsidiaries (collectively, “GTL”), which provide communications and payment services to...more
12/8/2023
/ Breach Notification Rule ,
Corporate Counsel ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Misrepresentation ,
Payment Systems ,
Popular ,
Prison ,
Proposed Standards ,
Section 5 ,
Telecommunications ,
Unfair or Deceptive Trade Practices
In the run-up to this Friday’s December Board meeting, the California Privacy Protection Agency (CPPA or the “Agency”) has continued its recent flurry of regulatory activity. Late last week, the CPPA published an additional...more
12/7/2023
/ Audits ,
Automated Decision Systems (ADS) ,
Automated Systems ,
Board Meetings ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Subject Access Requests ,
Insurance Industry ,
Mobile Apps ,
Opt-Outs ,
Popular ,
Proposed Regulation ,
Risk Assessment ,
Sensitive Personal Information
In advance of the California Privacy Protection Agency’s (CPPA) December 8 Board meeting, the Agency has published new draft automated decisionmaking technology (ADMT) regulations, as well as revisions to draft regulations on...more
12/1/2023
/ Artificial Intelligence ,
Audits ,
Automated Decision Systems (ADS) ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Machine Learning ,
Notice Requirements ,
Opt-Outs ,
Personal Information ,
Right of Access ,
Risk Assessment
On November 1, 2023, New York Department of Financial Services (NYDFS or the “Department”) released the finalized revisions (the “Second Amendment”) to 23 NYCRR Part 500 (Part 500) – the most significant modifications to Part...more
11/29/2023
/ Amended Regulation ,
Compliance ,
Compliance Dates ,
Covered Entities ,
Cyber Threats ,
Cybersecurity ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
Final Rules ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Incident Response Plans ,
Non-Bank Lenders ,
NYDFS ,
Policies and Procedures ,
Popular ,
Risk Management
On November 2, 2023, the American Hospital Association (AHA) – alongside the Texas Hospital Association, Texas Health Resources, and United Regional Health Care System – brought a lawsuit against the Department of Health and...more
On November 3, a federal court in the District of Idaho unsealed an amended complaint that the Federal Trade Commission (FTC) had filed in June 2023 against Kochava. The complaint alleges that Kochava engaged in unfair acts...more
On October 27, 2023, the Federal Trade FTC (FTC) approved amendments to its version of the Standards for Safeguarding Customer Information Rule (the Safeguards Rule) to require non-banking financial institutions regulated by...more
On October 15, the Utah Department of Commerce’s Consumer Protection Division published a Proposed Rule implementing elements of the Utah Social Media Regulation Act (SMRA), which was signed into law in March 2023....more
Artificial intelligence that can create new texts, images, and other content (or“generative AI”) is revolutionizing every industry, and healthcare is no exception. Doctors are experimenting with using generative AI to improve...more
10/27/2023
/ Artificial Intelligence ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
Patient Privacy Rights ,
Privacy Concerns ,
State Privacy Laws
Governor Gavin Newsom in California recently signed several bills into law that may have a significant impact on your company’s privacy compliance obligations. These new laws amend and build on existing California privacy...more