New York recently passed new cybersecurity regulations for hospitals licensed in New York to enhance patient safety and cybersecurity....more
11/7/2024
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
Hospitals ,
Information Technology ,
New Legislation ,
New York ,
Personally Identifiable Information ,
PHI ,
Regulatory Reform
The first wave of Australia's expansive privacy law reforms has been introduced into Federal Parliament in the Privacy and Other Legislation Amendment Bill 2024 (Cth) ("Bill")....more
10/29/2024
/ Australia ,
Cybersecurity ,
Damages ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Invasion of Privacy ,
Personally Identifiable Information ,
Proposed Regulation ,
Regulatory Agenda ,
Regulatory Reform
On September 4, 2024, U.S. Securities and Exchange Commission ("SEC") Chair Gary Gensler reiterated concerns about artificial intelligence-related ("AI") disclosures and the need for companies to communicate accurately about...more
10/24/2024
/ Artificial Intelligence ,
Boilerplate Language ,
Broker-Dealer ,
Class Action ,
Disclosure Requirements ,
Investment Adviser ,
Machine Learning ,
Misrepresentation ,
Publicly-Traded Companies ,
Regulatory Requirements ,
Securities and Exchange Commission (SEC) ,
Securities Regulation ,
Securities Violations ,
Shareholder Litigation
On September 19, 2024, California adopted the California AI Transparency Act ("SB 942") to create transparency mechanisms that allow consumers to determine whether an "image, video, or audio content, or content that is any...more
The Federal Aviation Administration ("FAA") has proposed new rules to standardize its criteria for addressing cybersecurity threats for transport category airplanes, engines, and propellers....more
On June 20, 2024, a U.S. federal district court held, in a suit brought by Jones Day, that the Department of Health and Human Services ("HHS") had misapplied the Health Insurance Portability and Accountability Act ("HIPAA")...more
8/2/2024
/ Confidential Information ,
Covered Entities ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Medical Records ,
New Guidance ,
PHI
The U.S. District Court for the Southern District of New York dismissed the majority of claims that the Security and Exchange Commission ("SEC") asserted against SolarWinds, including claims that the company's alleged...more
Rhode Island is the latest state to adopt a comprehensive data privacy law, titled the Data Transparency and Privacy Protection Act....more
The Federal Trade Commission ("FTC") intends to "strengthen and modernize" the Health Breach Notification Rule with revamped and increased scrutiny on entities holding health information, including health apps, websites, and...more
The sweeping FAA Reauthorization Act of 2024 includes measures intended to improve safety and cybersecurity for the U.S. aviation sector....more
California's privacy enforcement agency has published crucial data minimization guidance for businesses....more
With the bipartisan, bicameral proposed American Privacy Rights Act of 2024, the U.S. Congress seeks to adopt the first national personal data privacy and security law that would preempt comprehensive state privacy laws....more
4/30/2024
/ Algorithms ,
Artificial Intelligence ,
Covered Entities ,
Data Protection ,
Federal Data Privacy ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Personal Information ,
Preemption ,
Proposed Legislation ,
Regulatory Agenda ,
Regulatory Reform ,
State Privacy Laws
The U.S. Food and Drug Administration ("FDA") has proposed updated guidance, intended to assist individuals in meeting the cybersecurity requirements for FDA medical device submissions....more
CISA's proposed rules will require organizations operating in U.S. critical infrastructure sectors to report cyber incidents within 72 hours and ransom payments within 24 hours. ...more
New, first-of-their-kind consumer health data privacy laws in Washington and Nevada are designed to provide state-level protections for personal health data not covered by the Health Insurance Portability and Accountability...more
Chinese authorities issued new regulations and guidance governing cross-border transfers of data and personal information, which will significantly reduce procedural and compliance burdens for many multinationals....more
In two back-to-back announcements, California and the FTC reemphasized their enforcement efforts related to the sale of personal information....more
3/14/2024
/ California ,
California Consumer Privacy Act (CCPA) ,
CalOPPA ,
Data Privacy ,
Data Selling ,
DoorDash ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Mobile Apps ,
Personal Information ,
Privacy Concerns ,
State and Local Government ,
State Attorneys General
The National Institute of Standards and Technology ("NIST") released a significant update to its framework, expanding its scope and reach to cover a broader audience and evolving cybersecurity risks and management issues....more
Proposed amendments to the California Consumer Privacy Act would require businesses to obtain opt-in consent prior to collecting, selling, sharing, using, or disclosing a minor's personal information....more
The U.S. Government has identified the exploitation of Americans' bulk sensitive personal data and U.S. government-related data by "countries of concern" as posing a national security risk....more
The California Privacy Protection Agency ("CPPA") will be able to immediately enforce regulations issued under the California Consumer Privacy Act ("CCPA"), as amended, after a recent California appeals court decision...more
On January 15, 2024, the American Arbitration Association ("AAA") published updates to its Mass Arbitration Supplementary Rules and Fee Schedule, aimed at streamlining the mass arbitration process and reducing costs....more
The Background: The California Privacy Protection Agency board ("CPPA" or "Board") is in the process of issuing new regulations as authorized under the California Privacy Rights Act. These three sets of proposed regulations...more
2/14/2024
/ Audits ,
Automation Systems ,
California ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Decision-Making Process ,
Innovative Technology ,
New Regulations ,
Personal Information ,
Privacy Concerns ,
Risk Assessment ,
Rulemaking Process ,
Software
On December 26, 2023, the Department of Defense ("DoD") published a proposed rule to implement the Cybersecurity Maturity Model Certification ("CMMC") 2.0, which will establish comprehensive cybersecurity requirements for...more
On 22 December 2023, the Regulation on harmonized rules on fair access to and use of data ("Data Act") was published in the EU's Official Journal. The Data Act lays down rules on fair access to and use of personal and...more