Proposed amendments to the California Consumer Privacy Act would require businesses to obtain opt-in consent prior to collecting, selling, sharing, using, or disclosing a minor's personal information....more
The U.S. Government has identified the exploitation of Americans' bulk sensitive personal data and U.S. government-related data by "countries of concern" as posing a national security risk....more
The California Privacy Protection Agency ("CPPA") will be able to immediately enforce regulations issued under the California Consumer Privacy Act ("CCPA"), as amended, after a recent California appeals court decision...more
The Department of Health and Human Services ("HHS") has released voluntary cybersecurity performance goals for the health care and public health sectors, which outline an increasingly standardized regulatory approach and...more
2/19/2024
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Healthcare ,
Popular ,
Proposed Regulation ,
Public Health
The Background: The California Privacy Protection Agency board ("CPPA" or "Board") is in the process of issuing new regulations as authorized under the California Privacy Rights Act. These three sets of proposed regulations...more
2/14/2024
/ Audits ,
Automation Systems ,
California ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Decision-Making Process ,
Innovative Technology ,
New Regulations ,
Personal Information ,
Privacy Concerns ,
Risk Assessment ,
Rulemaking Process ,
Software
On December 26, 2023, the Department of Defense ("DoD") published a proposed rule to implement the Cybersecurity Maturity Model Certification ("CMMC") 2.0, which will establish comprehensive cybersecurity requirements for...more
The Department of Health and Human Services ("HHS") has released a concept paper outlining its new cybersecurity strategies for the health care sector, identifying cybersecurity priorities, potential future regulations and...more
1/12/2024
/ Centers for Medicare & Medicaid Services (CMS) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Popular ,
Proposed Rules ,
Public Health ,
Regulatory Requirements ,
Risk Mitigation
On 22 December 2023, the Regulation on harmonized rules on fair access to and use of data ("Data Act") was published in the EU's Official Journal. The Data Act lays down rules on fair access to and use of personal and...more
On December 20, 2023, the Federal Trade Commission ("FTC") announced a Notice of Proposed Rulemaking ("NPRM") to revise the Children's Online Privacy Protection Act ("COPPA") Rule to reduce the amount of information...more
12/28/2023
/ Comment Period ,
COPPA ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Authority ,
Federal Trade Commission (FTC) ,
Notice of Proposed Rulemaking (NOPR) ,
Online Platforms ,
Online Safety for Children ,
Personal Information ,
Regulatory Agenda ,
Social Media
The U.S. Department of Health and Human Services ("HHS") Office of Civil Rights ("OCR") has entered into its first settlement of potential Health Insurance Portability and Accountability Act ("HIPAA") violations arising out...more
12/6/2023
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Violations ,
Hospitals ,
Life Sciences ,
OCR ,
Ransomware
New York is the first state to propose cybersecurity requirements for all hospitals operating in the state to address patient safety and other cybersecurity related issues....more
12/1/2023
/ Chief Information Security Officer (CISO) ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
Hospitals ,
New York ,
NYDFS ,
Patient Privacy Rights ,
Popular ,
Proposed Regulation ,
Regulatory Agenda ,
Regulatory Reform
A major amendment to the New York State Department of Financial Services' cybersecurity regulations establishes affirmative cybersecurity oversight duties and requires companies to report extortion payments to the agency....more
11/16/2023
/ Chief Information Security Officer (CISO) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Extortion ,
Financial Institutions ,
Financial Services Industry ,
Information Technology ,
NYDFS ,
Popular ,
Risk Assessment ,
Third-Party Service Provider
On Friday, October 27, the Federal Trade Commission ("FTC") announced new amendments to the Safeguards Rule, requiring covered financial institutions to report certain data breaches to the FTC and reflecting its continuing...more
11/13/2023
/ Cybersecurity ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Financial Regulatory Reform ,
Financial Services Industry ,
FTC Act ,
Gramm-Leach-Blilely Act ,
New Amendments ,
Non-Bank Lenders ,
Personal Information ,
Popular ,
Privacy Rule ,
Risk Assessment ,
Risk Management ,
Safeguards Rule ,
Section 5
The Situation: California has enacted a groundbreaking new privacy law aimed at data brokers—entities that sell information about consumers with whom they do not have a direct relationship. Under the Delete Act (SB 362), data...more
11/7/2023
/ California ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Data Brokers ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Sellers ,
New Regulations ,
Personal Information ,
Privacy Laws ,
Regulatory Requirements
On October 30, 2023, President Biden signed a first-of-its-kind executive order entitled, "Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence" ("AI")....more
11/1/2023
/ Algorithms ,
Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Executive Orders ,
Machine Learning ,
Regulatory Reform ,
Security Standards
The United States Patent and Trademark Office, along with the U.S. Departments of State and Commerce, sought initial public comment last week on draft guidelines entitled "International Guiding Principles for Organizations...more
10/31/2023
/ Algorithms ,
Artificial Intelligence ,
Comment Period ,
Copyright ,
Copyright Litigation ,
Cybersecurity ,
Intellectual Property Protection ,
Machine Learning ,
Technology ,
U.S. Commerce Department ,
USPTO
Delaware is the latest state to enact a comprehensive data privacy law, which creates unique compliance challenges and risks for companies....more
On August 15, 2023, the Consumer Financial Protection Bureau ("CFPB") announced it was launching a rulemaking aimed at subjecting any company or entity that collects and sells consumer data to the Fair Credit Reporting Act...more
8/28/2023
/ Consumer Financial Protection Bureau (CFPB) ,
Consumer Reporting Agencies ,
Consumer Reports ,
Cybersecurity ,
Data Brokers ,
Data Collection ,
Data Privacy ,
Data Protection ,
Fair Credit Reporting Act (FCRA) ,
Financial Services Industry ,
Personal Data ,
Popular ,
Rulemaking Process
California is the first U.S. state to secure an adequacy decision from the Dubai International Financial Center Authority....more
On July 18, 2023, Oregon Governor Tina Kotek signed Senate Bill 619, referred to as the "Oregon Consumer Privacy Act" ("OCPA" or "the Act"), making Oregon the 11th state to enact a comprehensive data privacy law....more
In Short -
The Situation: Following a cyberattack on a law firm's systems, the Securities and Exchange Commission ("SEC") subpoenaed the firm for information, including the identity of clients whose information may have...more
8/15/2023
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Discovery ,
Enforcement Actions ,
Evidence ,
Fourth Amendment ,
Government Investigations ,
Hackers ,
Material Nonpublic Information ,
Personally Identifiable Information ,
Securities and Exchange Commission (SEC) ,
Subpoenas
In Short -
The Background: The prevalence of generative artificial intelligence ("GenAI") is rapidly expanding, providing vast opportunities for efficiency and innovation, while also creating new risks....more
8/7/2023
/ Algorithms ,
Artificial Intelligence ,
Confidentiality Agreements ,
Data Privacy ,
End-Users ,
EULA ,
Innovation ,
Liability ,
License Agreements ,
Machine Learning ,
Popular
The Federal Aviation Administration ("FAA") released an updated Fact Sheet clarifying its perspective on the limits of state and local governments to regulate drones. ...more
8/3/2023
/ Air Traffic Control Systems ,
Airline Deregulation Act ,
Airspace ,
Aviation Industry ,
Commercial Use ,
Drones ,
Federal Aviation Administration (FAA) ,
Preemption ,
Regulatory Oversight ,
Regulatory Standards ,
Unmanned Aircraft Systems
In Short -
The Situation: On July 26, 2023, the U.S. Securities and Exchange Commission ("SEC") adopted final rules that significantly alter cybersecurity disclosure obligations for companies. The SEC's final rules adopt...more
8/2/2023
/ Corporate Governance ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 10-K ,
Form 8-K ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
On July 21, 2023, the White House announced that seven leading technology companies—Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI—voluntarily committed to mitigating the risks posed by artificial...more
7/25/2023
/ Algorithms ,
Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Innovative Technology ,
Machine Learning ,
Regulatory Agenda ,
Regulatory Oversight ,
Risk Mitigation