New DOJ guidance helps companies understand their obligations under the DSP, which could severely impact investment agreements and ordinary commercial data transactions.
On April 11, 2025, the US Department of Justice...more
Latham & Watkins and Privacy Laws & Business recently co-hosted a webinar looking back on the first eight months since the UK-US Data Bridge entered into force. Speakers from the UK Information Commissioner’s Office (ICO) and...more
9/6/2024
/ Bilateral Agreements ,
Data Protection ,
Department of Transportation (DOT) ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Jurisdiction ,
Personal Data ,
Self-Certification ,
Standard Contractual Clauses ,
U.S. Commerce Department ,
UK
Covered financial institutions now face heightened expectations in relation to cybersecurity governance, risk assessment, and incident reporting.
The New York State Department of Financial Services’ (DFS) amendments (the...more
Oregon and Delaware have become the seventh and eighth US states this year to enact general data privacy legislation — growing the US state privacy framework to 13 states. This blog post analyzes the key requirements of both...more
The new framework provides an additional route for personal data transfers from the EEA to the US.
On 10 July 2023, the European Commission (EC) took the final step to enable businesses to start relying on the new EU-US...more
8/1/2023
/ Adequacy Requirement ,
Certification Requirements ,
Compliance ,
Data Privacy ,
Department of Transportation (DOT) ,
Enforcement Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
Framework Agreement ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Privacy Framework ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Surveillance ,
Switzerland ,
US-EU Safe Harbor Framework
Washington State and Nevada have now passed health data privacy laws that impose obligations relating to the collection, processing, and sharing of “consumer health data.” Both laws (collectively, State Health Data Privacy...more
7/26/2023
/ Compliance ,
Covered Entities ,
Data Privacy ,
Enforcement ,
FERPA ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Patient Privacy Rights ,
Personal Information ,
PHI ,
Privacy Laws ,
Sensitive Personal Information ,
State Attorneys General ,
State Privacy Laws
Florida’s law introduces novel provisions that depart from existing US state privacy laws, which businesses will need to carefully consider.
With passage of Florida’s Digital Bill of Rights, along with the Texas Data...more
7/11/2023
/ Compliance ,
Consumer Privacy Rights ,
Covered Entities ,
Data Controller ,
Enforcement ,
Governor DeSantis ,
New Legislation ,
Notice Requirements ,
Privacy Laws ,
Search Engines ,
State Privacy Laws
The stringent law introduces several novel obligations and a unique approach to determining applicability that may broaden its reach.
On June 18, 2023, Texas enacted the Texas Data Privacy & Security Act (TDPSA), which...more
6/21/2023
/ Consumer Privacy Rights ,
Cross-Border Transactions ,
Data Privacy ,
Goods or Services ,
NAICS ,
New Legislation ,
Personal Data ,
SBA ,
Sensitive Personal Information ,
Small Business ,
State Privacy Laws
Iowa’s new data privacy law, which will come into force in 2025, adds to an increasingly complex patchwork of state laws.
On March 28, 2023, Iowa became the sixth US state to pass a comprehensive privacy law. The Iowa...more