California's privacy enforcement agency has published crucial data minimization guidance for businesses....more
New, first-of-their-kind consumer health data privacy laws in Washington and Nevada are designed to provide state-level protections for personal health data not covered by the Health Insurance Portability and Accountability...more
In two back-to-back announcements, California and the FTC reemphasized their enforcement efforts related to the sale of personal information....more
3/14/2024
/ California ,
California Consumer Privacy Act (CCPA) ,
CalOPPA ,
Data Privacy ,
Data Selling ,
DoorDash ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Mobile Apps ,
Personal Information ,
Privacy Concerns ,
State and Local Government ,
State Attorneys General
Proposed amendments to the California Consumer Privacy Act would require businesses to obtain opt-in consent prior to collecting, selling, sharing, using, or disclosing a minor's personal information....more
The Department of Health and Human Services ("HHS") has released voluntary cybersecurity performance goals for the health care and public health sectors, which outline an increasingly standardized regulatory approach and...more
2/19/2024
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Healthcare ,
Popular ,
Proposed Regulation ,
Public Health
The Department of Health and Human Services ("HHS") has released a concept paper outlining its new cybersecurity strategies for the health care sector, identifying cybersecurity priorities, potential future regulations and...more
1/12/2024
/ Centers for Medicare & Medicaid Services (CMS) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Popular ,
Proposed Rules ,
Public Health ,
Regulatory Requirements ,
Risk Mitigation
On December 20, 2023, the Federal Trade Commission ("FTC") announced a Notice of Proposed Rulemaking ("NPRM") to revise the Children's Online Privacy Protection Act ("COPPA") Rule to reduce the amount of information...more
12/28/2023
/ Comment Period ,
COPPA ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Authority ,
Federal Trade Commission (FTC) ,
Notice of Proposed Rulemaking (NOPR) ,
Online Platforms ,
Online Safety for Children ,
Personal Information ,
Regulatory Agenda ,
Social Media
The U.S. Department of Health and Human Services ("HHS") Office of Civil Rights ("OCR") has entered into its first settlement of potential Health Insurance Portability and Accountability Act ("HIPAA") violations arising out...more
12/6/2023
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Violations ,
Hospitals ,
Life Sciences ,
OCR ,
Ransomware
The Situation: California has enacted a groundbreaking new privacy law aimed at data brokers—entities that sell information about consumers with whom they do not have a direct relationship. Under the Delete Act (SB 362), data...more
11/7/2023
/ California ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Data Brokers ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Sellers ,
New Regulations ,
Personal Information ,
Privacy Laws ,
Regulatory Requirements
In light of the DOJ’s most recent guidance on the use of personal devices and third-party messaging applications by corporate personnel, this White Paper addresses issues and challenges that companies are facing in this area...more
10/18/2023
/ CFTC ,
Compliance ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Department of Justice (DOJ) ,
Electronic Communications ,
Financial Industry Regulatory Authority (FINRA) ,
Guidance Update ,
Instant Messaging Apps ,
Mobile Devices ,
Policies and Procedures ,
Securities and Exchange Commission (SEC) ,
White Collar Crimes ,
Workplace Communication
Delaware is the latest state to enact a comprehensive data privacy law, which creates unique compliance challenges and risks for companies....more
On August 15, 2023, the Consumer Financial Protection Bureau ("CFPB") announced it was launching a rulemaking aimed at subjecting any company or entity that collects and sells consumer data to the Fair Credit Reporting Act...more
8/28/2023
/ Consumer Financial Protection Bureau (CFPB) ,
Consumer Reporting Agencies ,
Consumer Reports ,
Cybersecurity ,
Data Brokers ,
Data Collection ,
Data Privacy ,
Data Protection ,
Fair Credit Reporting Act (FCRA) ,
Financial Services Industry ,
Personal Data ,
Popular ,
Rulemaking Process
California is the first U.S. state to secure an adequacy decision from the Dubai International Financial Center Authority....more
On July 18, 2023, Oregon Governor Tina Kotek signed Senate Bill 619, referred to as the "Oregon Consumer Privacy Act" ("OCPA" or "the Act"), making Oregon the 11th state to enact a comprehensive data privacy law....more
On July 10, 2023, the EU Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework, concluding that the United States ensures an adequate level of protection for personal data transferred from the...more
On May 3, 2023, the Federal Trade Commission ("FTC") issued an Order to Show Cause against Meta for alleged violations of Meta's 2012 and 2020 privacy orders and seeks to bar the company from monetizing data related to...more
The sweeping law imposes new requirements on the processing and sale of consumer health data in the state.
On April 27, 2023, Washington State Governor Inslee signed the "My Health My Data Act" ("Act"). This Act marks the...more
On March 28, 2023, Iowa—following California, Colorado, Connecticut, Utah, and Virginia—became the sixth state to adopt a comprehensive consumer data privacy law.
On March 28, 2023, Iowa Governor Kim Reynolds signed "An...more
In Short -
The Situation: The California Privacy Protection Agency ("CPPA" or "Agency") has modified its proposed regulations implementing many key California Privacy Rights Act ("CPRA") requirements....more
On October 7, 2022, President Biden signed an executive order on "Enhancing Safeguards for United States Signals Intelligence Activities," outlining the measures that the United States will take to implement its commitments...more
On August 24, 2022, California Attorney General Rob Bonta announced his office's first privacy enforcement action and settlement against a publicly disclosed entity, Sephora, Inc., for violations of the CCPA, including the...more
The Federal Trade Commission announced on August 11, 2022, that it is seeking public comment regarding its Advanced Notice of Proposed Rulemaking on commercial surveillance and data security.
The Federal Trade Commission...more
On July 8, the CPPA officially began the formal rulemaking process for new privacy regulations—many of which operationalize new CPRA requirements. With the publication of the Notice of Proposed Rulemaking, the 45-day initial...more
On May 10, 2022, Connecticut, following Utah, California, Virginia, and Colorado, became the fifth state to adopt a comprehensive consumer data privacy law.
On May 10, 2022, Connecticut Governor Ned Lamot signed "An Act...more
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
President Biden Issues Cybersecurity Executive Order -
On May 12, 2021, President Biden issued an executive order that placed new standards on the...more
8/10/2021
/ Article III ,
Biden Administration ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Executive Orders ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Technology ,
Mobile Apps ,
Personal Data ,
Popular ,
Ransomware ,
SCOTUS ,
Standing ,
TransUnion LLC v Ramirez