As we enter the end of the summer, the AI regulatory steam is not slowing down. Colorado is now the first US state to have a comprehensive AI law (going into effect February 1, 2026), and the EU published its sweeping AI law...more
8/14/2024
/ Algorithms ,
Artificial Intelligence ,
Automation Systems ,
Colorado ,
Computer Programmers ,
Enforcement ,
EU ,
General Data Protection Regulation (GDPR) ,
Innovative Technology ,
Machine Learning ,
New Legislation ,
Non-Discrimination Rules ,
Popular ,
Regulatory Reform ,
Regulatory Requirements ,
Risk Management ,
Software Developers
As we enter into the heart of the summer there is no time to relax in privacy-land with the next batch of “comprehensive” privacy laws coming into effect on July 1. Namely, those in Texas and Oregon (and Florida if you count...more
Minnesota’s governor has now signed into law that state’s comprehensive privacy law. For those keeping count – that is number 19 of state “comprehensive” privacy laws, with six in 2024 alone. The Minnesota law will go into...more
6/10/2024
/ Consumer Privacy Rights ,
Data Collection ,
Data Protection ,
Legislative Agendas ,
New Legislation ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Popular ,
Privacy Laws ,
Recordkeeping Requirements ,
Regulatory Requirements ,
Sensitive Business Information ,
State Privacy Laws
Nebraska’s governor has now signed into law the state’s “comprehensive” privacy law making it the fourth one this year, and the 17th overall. It will take effect on January 1, 2025 – the same day as Delaware, Iowa, and New...more
4/26/2024
/ Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Protection ,
New Regulations ,
Opt-Outs ,
Personal Data ,
Personal Information ,
Popular ,
Privacy Laws ,
State Privacy Laws
As we pass the half-way mark of 2022, many are reflecting on their privacy compliance progress. One area that seems to be a constant battle is training. How much is needed? What kind of training? What are expectations from...more
The Food and Drug Administration recently sought comments on the role of transparency for artificial intelligence and machine learning-enabled medical devices. The FDA invited comments in follow up to a recent workshop on the...more
11/23/2021
/ Artificial Intelligence ,
Digital Health ,
EU ,
Federal Trade Commission (FTC) ,
Food and Drug Administration (FDA) ,
Life Sciences ,
Machine Learning ,
Medical Devices ,
Patients ,
Popular ,
Privacy Laws ,
Transparency
In the wake of increased ransomware attacks over the course of the last several months, the US Department of Treasury’s Office of Foreign Assets Control (OFAC) has updated a guidance it released last year on potential...more
10/5/2021
/ Compliance ,
Cryptocurrency ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Security ,
New Guidance ,
Office of Foreign Assets Control (OFAC) ,
Penalties ,
Popular ,
Ransomware ,
Sanctions ,
U.S. Treasury
The New York State Department of Financial Services recently issued recommendations to financial institutions in the aftermath of the SolarWinds cyberattack. In that attack, hackers inserted malware into SolarWinds software...more
5/26/2021
/ Cybersecurity ,
Cybersecurity Framework ,
Data Security ,
Financial Institutions ,
Financial Services Industry ,
New York ,
NYDFS ,
Popular ,
Software ,
SolarWinds ,
Supply Chain ,
Third-Party Service Provider
China is continuing to move forward with its first comprehensive privacy law. China recently issued a second version of the draft Personal Information Protection Law (Draft PIPL) which will be open for public comments until...more
5/14/2021
/ Breach Notification Rule ,
China ,
Cross-Border ,
Cybersecurity ,
Data Breach ,
Data Localization Law ,
Data Privacy ,
Data Security ,
Data Transfers ,
General Data Protection Regulation (GDPR) ,
Penalties ,
Personal Information ,
Popular ,
Proposed Regulation
Utah recently amended its breach notice law to provide certain defenses to companies who suffer a data breach. It is now the second state, after Ohio, to include such provisions. Specifically, entities that create and...more
Artificial intelligence continues to remain a focus in 2021, as we predicted at the start of the year. From the FTC, to the EU, to others, regulators of all kinds are paying attention to companies’ use of these tools. In the...more
4/6/2021
/ Artificial Intelligence ,
Business Strategies ,
Cybersecurity ,
Data Privacy ,
Data Security ,
FDIC ,
Federal Trade Commission (FTC) ,
Government Agencies ,
Popular ,
Public Comment ,
Regulatory Requirements
Artificial intelligence continues to be a focus and concern for businesses, regulators, and lawmakers alike. As we recently wrote, there was much activity and focus on artificial intelligence and the impact on privacy laws....more
Late this summer the New York Department of Financial Services (NYDFS) announced its first enforcement action since the cybersecurity rules went into effect in March 2017. The action was brought against First American Title...more
9/24/2020
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Enforcement Actions ,
Financial Services Industry ,
First American Title Insurance Co. ,
Internal Investigations ,
Non-Public Information ,
NYDFS ,
Popular ,
State Attorneys General
The FTC recently issued comments on how companies can use artificial intelligence tools without engaging in deceptive or unfair trade practices or running afoul of the Fair Credit Reporting Act. The FTC pointed to enforcement...more
Apple recently revised its review guidelines to allow push notifications that include “advertising, promotions, or direct marketing.” This changes a prior -and longstanding- prohibition on push notices that contain such...more
January 1, 2020, organizations that employ individuals based in Illinois will need to keep in mind the Artificial Intelligence Video Interview Act. This Act sets forth new requirements for video-recorded interviews using AI...more
12/4/2019
/ Artificial Intelligence ,
Consent ,
Employer Liability Issues ,
Hiring & Firing ,
Human Resources Professionals ,
Interviews ,
Job Applicants ,
New Legislation ,
Popular ,
State Labor Laws ,
Video Recordings ,
Videoconference
The FTC recently settled with Infotrax Systems, L.C. a technology company providing software to the direct sales industry. The settlement followed a breach suffered by the company, and involved allegations the company had...more
11/21/2019
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Hackers ,
Personally Identifiable Information ,
Popular ,
Settlement ,
Software Developers ,
Technology Sector
International companies should keep in mind recent developments coming out of Asia on the privacy front. Chinese authorities are reported to be confiscating smartphones at the border to install surveillance apps. Companies...more
7/25/2019
/ China ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Government Investigations ,
Hong Kong ,
Law Enforcement ,
Memorandum of Understanding ,
Personal Data ,
Popular ,
Singapore ,
Trade Secrets
Modern sock maker, Bombas, recently settled with New York over a credit card breach, agreeing to pay $65,000 in penalties. According to the NYAG, malicious code was injected into Bombas’ Magento ecommerce platform in 2014...more
Citing cybersecurity concerns with a children’s smartwatch, the European Commission recently issued a recall of the device. The Safe-KID-One is a smartwatch that gives parents the ability to track and communicate with their...more
2/14/2019
/ Children's Toys ,
Connected Items ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
European Commission ,
GPS ,
Hackers ,
Internet of Things ,
Popular ,
Smart Devices ,
Technology Sector ,
Toy Recalls
Five companies settled with the New York Attorney General over mobile app data security issues at the end of last year. The AG alleged that the companies, Western Union, Priceline, Equifax, Spark Networks, and Credit Sesame,...more
The UK Information Commissioner’s Office recently released helpful encryption guidance. Although released to address the GDPR security requirements, this document may be helpful more broadly because of the detail around...more
The Federal Trade Commission recently issued a cyber guide that, while intended for small businesses, can be of help for all businesses. The purpose of the guide, which includes various modules, is to help smaller businesses...more
11/13/2018
/ Cyber Insurance ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
New Guidance ,
Phishing Scams ,
Popular ,
Risk Mitigation ,
Small Business ,
Vendor Contacts
Effective November 2, 2018, companies that suffer a breach may have certain defenses in Ohio if they have a written cybersecurity program in place. Under this new law, companies can use as an affirmative defense the existence...more
10/30/2018
/ Affirmative Defenses ,
Confidential Information ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
NIST ,
Policies and Procedures ,
Popular ,
Safe Harbors ,
Security Controls ,
State Data Breach Notification Statutes