On April 14, 2025, the National Institute of Standards and Technology (NIST) released a draft update to the NIST Privacy Framework 1.1. The updates are meant to enhance organizations’ data governance and risk management and...more
On March 7, 2025, the California Privacy Protection Agency (CPPA) issued a settlement order imposing a $632,500 fine on American Honda Motor Co., Inc. for violations of the California Consumer Privacy Act (CCPA). The CPPA...more
3/17/2025
/ Automotive Industry ,
California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Honda ,
Personal Information ,
Privacy Laws ,
Regulatory Requirements ,
Settlement
On January 22, 2025, the New York Assembly passed Senate Bill S929, titled the New York Health Information Privacy Act (New York HIPA). The act is now on its way to Governor Kathy Hochul for her signature.
If signed into...more
1/27/2025
/ Compliance ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Privacy Acts ,
Privacy Laws ,
State Privacy Laws
Educational technology (EdTech) tools were critical during the COVID-19 pandemic and remain a key part of education, from digital textbooks and instructional material, to interactive applications for teachers, parents, and...more
10/31/2024
/ COPPA ,
Data Collection ,
EdTech ,
Educational Institutions ,
FERPA ,
Personal Data ,
Privacy Laws ,
Regulatory Agenda ,
SOPIPA ,
State Privacy Laws ,
Students ,
Technology Sector
California is set to amend the California Consumer Privacy Act of 2018 (CCPA) with two recent amendments that have been signed into law. Assembly Bill (AB 1008) and Senate Bill 1223 (SB 1223) aim to clarify how the law...more
On September 13, 2024, the Colorado Attorney General’s (AG) Office published proposed draft amendments to the Colorado Privacy Act (CPA) Rules. The proposals include new requirements related to biometric collection and use...more
On July 15, 2024, the California Privacy Protection Agency (CPPA) released proposed updates to the California Consumer Privacy Act (CCPA) regulations, including updates to the draft risk assessments, automated decisionmaking...more
On January 8, 2024, the New Jersey legislature passed the New Jersey Data Privacy Act (NJDPA). The bill, SB 332, will soon head to Governor Phil Murphy’s desk for signing. Assuming the bill is signed quickly, it will go into...more
On October 27, 2023, the Federal Trade Commission (FTC) finalized an amendment to the Safeguards Rule that will impose data breach reporting requirements on nonbanking financial entities subject to the Gramm-Leach-Bliley Act...more
Data governance is a mission-critical issue for every company and institution in the United States.
GCs face a host of pressing cybersecurity concerns. Triaging them requires time, attention, and a well-rounded strategy...more
8/18/2023
/ Cookies ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Healthcare ,
Legislative Agendas ,
Mobile Apps ,
New Legislation ,
New Rules ,
OCR ,
Personal Information ,
Regulatory Agenda ,
Risk Factors ,
Risk Management ,
State Privacy Laws ,
Technology Sector ,
Tracking Systems
On July 10, 2023, the European Commission adopted its adequacy decision for the EU-US Data Privacy Framework (DPF). The decision concluded that the United States does ensure an adequate level of protection for transferring...more
7/14/2023
/ Data Privacy ,
Data Protection ,
Data Security ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
SCC ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework
On June 30, 2023, the California Superior Court hearing Cal. Chamber of Commerce v. Cal. Privacy Prot. Agency, No. 34-2023-80004106 (Cal. Sup. Ct.), delayed enforcement of the latest California Consumer Privacy Act (CCPA)...more
During this session, the panel discussed strategies and business considerations when addressing compliance with the wide array of data protection and privacy laws and regulations across the United States and abroad. The panel...more
Join Elliot Golding, Daniel Gottlieb and Amy Pimentel for a deep dive into how the new state privacy laws impact the healthcare and financial services industries....more
6/9/2023
/ Banks ,
Continuing Legal Education ,
Data Privacy ,
Financial Institutions ,
Financial Services Industry ,
Health Care Providers ,
Personally Identifiable Information ,
PHI ,
Physicians ,
State Privacy Laws ,
Webinars
The legal privacy landscape is quickly shifting as new consumer privacy laws spring up each year. Alcohol companies looking to maximize their customer data must understand how to comply with applicable privacy rules and...more
6/2/2023
/ Breweries ,
Consumer Privacy Rights ,
Continuing Legal Education ,
Customer Information ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Use Policies ,
Distilleries ,
Marketing ,
Privacy Laws ,
Risk Mitigation ,
Supply Chain ,
Webinars ,
Wineries
Texas will likely become the 11th state to pass a consumer privacy law. H.B. 4, the Texas Data Privacy and Security Act (TDPSA), was passed by both houses of the Texas legislature last week, and the bill is now headed to...more
6/1/2023
/ Consumer Privacy Rights ,
Data Privacy ,
Data Security ,
Governor Abbott ,
Personal Information ,
Privacy Laws ,
Proposed Legislation ,
State and Local Government ,
State Legislatures ,
State Privacy Laws ,
Texas
Critical infrastructure and essential services in the United States—especially small or rural service providers—are highly vulnerable to disruptions from cyber attacks. Given the ever-growing need for cybersecurity services...more
There has been a flurry of state privacy activity in the past week, with Colorado becoming the latest state to finalize sweeping data privacy rules and Iowa on the precipice of becoming the sixth state to enact comprehensive...more
The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) issued a Bulletin (Dec. 2022) outlining the obligations for HIPAA covered entities and businesses when deploying online tracking...more
2/10/2023
/ Continuing Legal Education ,
Cookies ,
Covered Entities ,
Data Collection ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Mobile Apps ,
OCR ,
PHI ,
Unauthorized Disclosure ,
Web Tracking ,
Webinars ,
Websites
We would not blame companies for feeling fatigued after the race to comply with the amended California Consumer Privacy Act (CCPA), the soon-to-be finalized CCPA regulations and the new Virginia Consumer Data Protection Act...more
On January 1, 2023, the substantive provisions of the California Privacy Rights Act (CPRA) took effect, significantly amending the California Consumer Privacy Act (CCPA) and marking another milestone in the development of US...more
On December 21, 2022, the Colorado Attorney General (AG) released its newest set of draft regulations to the Colorado Privacy Act (CPA), which will take effect in July 2023. This latest draft includes updates to the proposed...more
Since Schrems II invalidated the US/EU Privacy Shield, the flow of personal data from the European Union to the United States has been subject to intense regulatory scrutiny. Companies transferring personal data to the United...more
On December 1, 2022, the Office for Civil Rights (OCR) at the US Department of Health and Human Services (HHS) issued a Bulletin on the obligations of covered entities and business associates (regulated entities) under the...more
12/6/2022
/ Data Privacy ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Mobile Apps ,
New Guidance ,
OCR ,
Personally Identifiable Information ,
PHI ,
Tracking Systems ,
Web Tracking
On September 30, 2022, the Colorado Attorney General’s Office (the AG’s Office) released draft regulations to the Colorado Privacy Act (the CPA). Before these proposed regulations take effect, however, there will be a lengthy...more
10/4/2022
/ Appeals ,
Automation Systems ,
Biometric Information ,
California Consumer Privacy Act (CCPA) ,
Colorado ,
Consent ,
Corporate Counsel ,
Customer-Loyalty Programs ,
Data Protection ,
Data Rights ,
Disclosure Requirements ,
Opt-Outs ,
Privacy Acts ,
Privacy Policy ,
Proposed Regulation ,
Public Comment ,
State Attorneys General