On February 10, 2023, the California Privacy Protection Agency (CPPA) issued an invitation for public commentary on the topics that will be included in their future rulemaking: cybersecurity audits, risk assessments and...more
On Tuesday, December 13, the European Commission initiated its long-awaited process towards the adoption of an adequacy decision for the European Union (EU)-U.S. Data Privacy Framework (EU-U.S. DPF), which aims to address the...more
On November 3, 2022, the California Privacy Protection Agency (CPPA) officially published modifications to the proposed regulations implementing the Consumer Privacy Rights Act (CPRA). These modified proposed regulations...more
Issued by the White House Office of Science and Technology Policy (OSTP) on October 4, 2022, the “Blueprint for an AI Bill of Rights” is the Biden-Harris administration’s seminal work on its vision for the future of...more
Key Points -
President Biden has signed the long-awaited executive order implementing U.S. commitments to the new successor agreement to the Privacy Shield, the EU-U.S. Data Privacy Framework—a historic step in respect of...more
10/20/2022
/ Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Transfers ,
EU-US Privacy Shield ,
European Commission ,
Executive Orders ,
General Data Protection Regulation (GDPR) ,
International Data Transfers
On August 24, 2022, California Attorney General Rob Bonta (AG) announced a proposed settlement with beauty retailer Sephora USA, Inc. to resolve claims that Sephora violated the California Consumer Privacy Act (CCPA). Under...more
Key Points -
As part of the antitrust agencies’ public commitment to investigate and prosecute competitive harm in labor markets, the DOJ Antitrust Division fined three major U.S. poultry processors and a data consulting...more
8/22/2022
/ Antitrust Division ,
Antitrust Violations ,
Data Privacy ,
Department of Justice (DOJ) ,
Employer Liability Issues ,
Hart-Scott-Rodino Act ,
Poultry ,
Sherman Act ,
State Data Privacy Laws ,
Wage and Hour ,
Wage-Fixing
Companies are now on the clock for comments on the new proposed California Privacy Rights Act (CPRA) regulations. On July 8, 2022, the California Privacy Protection Agency (CPPA) filed a Notice of Proposed Action, triggering...more
Key Points -
Three of the four bipartisan leaders of the House and Senate committees with jurisdiction over data privacy have struck a deal on a comprehensive federal bill, the American Data Privacy and Protection Act,...more
The Connecticut Data Privacy Act (CTDPA), which will go into effect July 1, 2023, is now the fifth and latest comprehensive state consumer privacy law, giving companies doing business in the state less than two years to...more
The Federal Trade Commission (FTC) reached a settlement with weight loss company WW International (formerly known as Weight Watchers) requiring the company to pay a $1.5 million penalty, delete the personal information of...more
In this episode, Natasha Kohne and Michelle Reed, who head Akin Gump’s cybersecurity, privacy and data protection practice, and counsel Lauren York discuss the firm’s new CCPA Litigation Annual Report – 2021 Trends and...more
With the recent signing of the Utah Consumer Privacy Act (UCPA) by Gov. Spencer J. Cox on March 24, 2022, Utah has become the fourth state to enact a comprehensive law addressing consumer data privacy, joining California,...more
Colorado requires businesses to take reasonable steps to protect consumer data under both the Colorado Consumer Protection Act and its landmark new data privacy law, the Colorado Privacy Act (CPA). The CPA comes into force on...more
On February 17, 2022, the California Privacy Protection Agency (CPPA) Board held its first Board meeting of 2022. Notably, CPPA Executive Director Ashkan Soltani delivered an update on the CPPA’s rulemaking activities and...more
The Federal Trade Commission (FTC) issued a surprisingly strong warning to companies that they may face potential regulatory action if they fail to address known vulnerabilities, focusing in particular on the Log4j...more
On January 28, 2022, the California Attorney General (AG) announced an “investigative sweep” of businesses operating loyalty programs in the state, which it launched by sending multiple businesses notice of noncompliance with...more
Public comments to recently published regulations governing compliance with the California Privacy Rights Act (CPRA) show that stakeholders sharply disagree on multiple areas of the CPRA. Seventy submissions totaling nearly...more
On October 1, 2021, two Acts overhauling data privacy and cybersecurity in Connecticut took effect—the latest instance of stronger state breach reporting requirements with a safe harbor protection from litigation for...more
10/7/2021
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Notification Requirements ,
Personal Information ,
Popular ,
Safe Harbors ,
State Data Breach Notification Statutes
A number of important new privacy law developments arrived in the month of August, chiefly enactment of the new Illinois Protecting Household Privacy Act, which restricts law enforcement access to data collected from the home...more
On August 30, 2021, the Securities and Exchange Commission announced three enforcement actions against registered investment advisers for alleged cybersecurity failures involving cloud-based email systems. All three actions...more
On August 20, 2021, the 30th session of the Standing Committee of the 13th National People’s Congress (NPC) adopted China’s new PRC Personal Information Protection Law (PIPL), which will take effect on November 1, 2021. The...more
8/27/2021
/ China ,
Criminal Liability ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Use Policies ,
International Data Transfers ,
National Security ,
Personal Information
Recent developments in the tech sector in China, including government directives concerning heightened regulatory scrutiny of tech companies listed or looking to list in the US or on exchanges in other overseas jurisdictions,...more
With the passage of the Colorado Privacy Act (CPA) during its latest legislative session, Colorado has become the third state to enact a comprehensive consumer data privacy law, following California and Virginia. Corporations...more
Throughout the month of March, states continued to introduce new privacy laws of their own as Congress focused on enacting President Biden’s $1.9 trillion COVID-19 relief plan—H.R. 1319, the American Rescue Plan Act of...more