The development of artificial intelligence (AI) and particularly Generative Artificial Intelligence (GenAI) has exploded in recent years, prompting government officials including the Biden administration to call for studies...more
10/11/2023
/ Artificial Intelligence ,
Biden Administration ,
Colleges ,
Critical Infrastructure Sectors ,
Executive Orders ,
Machine Learning ,
Private Sector ,
Public Sector ,
Risk Assessment ,
Risk Management ,
Universities ,
Vulnerability Assessments
In response to the exponential growth of artificial intelligence (AI) technologies over the past few years, the United States (U.S.) Department of Commerce’s National Institute of Standards and Technology (NIST) has been...more
On May 11, 2023, Tennessee joined the rapidly growing ranks of U.S. states to enact a comprehensive data privacy law as Gov. Bill Lee (R-TN) signed the Tennessee Information Protection Act (TIPA) into law. Taking effect July...more
In a policy statement released on May 18, 2023, the Federal Trade Commission (FTC) warned of several consumer data privacy risks related to the increasing commercial use of biometrics technologies. The Commission unanimously...more
On June 18, 2023, Texas enacted the Texas Data Privacy and Security Act (TDPSA), joining the rapidly growing list of U.S. states with comprehensive data privacy laws.1 The statute will take effect on July 1, 2024, except for...more
As state-level data protection legislation steadily expands, one of the country’s early comprehensive privacy laws to be enacted, the Connecticut Data Privacy Act (CTDPA), will take effect on July 1, 2023. The CTDPA imposes...more
The Illinois Supreme Court issued a pair of decisions related to the Illinois Biometric Information Privacy Act (BIPA) that continue to ratchet up compliance pressure on businesses. On February 17, 2023, the Illinois Supreme...more
On March 29, 2023, Iowa Gov. Kim Reynolds signed into law Senate File 262, the Iowa Act Relating to Consumer Data Protection (ICDPA). Taking effect nearly two years from now on January 1, 2025, the ICDPA makes Iowa the sixth...more
On March 15, 2023, the Colorado Attorney General (AG) finalized its set of regulations implementing the Colorado Privacy Act (CPA) – the Colorado Privacy Act Rules (“Colorado Rules”). The Colorado Rules clarify and expand...more
On March 15, 2023, the U.S. Securities and Exchange Commission (SEC) voted to propose three measures to protect customer information and hold covered institutions accountable for cyberattacks....more
Growing regulatory action to combat so-called “dark patterns” used in web design to influence consumer choice has resulted in hundreds of millions of dollars in fines, and promises to continue to be an area of enforcement in...more
[co-author: Christina Barone]
The Infrastructure Investment and Jobs Act (the “bill”) is historic bipartisan legislation that will make available $1.2 trillion in funding for infrastructure programs across the...more
A number of important new privacy law developments arrived in the month of August, chiefly enactment of the new Illinois Protecting Household Privacy Act, which restricts law enforcement access to data collected from the home...more
With the passage of the Colorado Privacy Act (CPA) during its latest legislative session, Colorado has become the third state to enact a comprehensive consumer data privacy law, following California and Virginia. Corporations...more
While some states have enacted privacy laws granting consumers the right to bring a private right of action in a data breach context, federal courts have struggled to fit data breach injury into traditional Article III...more
On April 14, 2021, the Department of Labor (DOL) issued its first set of guidance documents related to the cybersecurity of retirement benefit plans covered by the Employee Retirement Income Security Act (ERISA). The...more
On Tuesday, April 20, the Senate Commerce, Science and Transportation Committee held a hearing on the Federal Trade Commission’s (FTC) authority to protect consumers.
The hearing featured discussion from lawmakers on the...more
In this episode, Akin Gump cybersecurity, privacy and data protection practice co-heads Natasha Kohne and Michelle Reed, and counsel Molly Whitman discuss the firm’s new 2020 CCPA Litigation Annual Report and its...more
4/7/2021
/ California Consumer Privacy Act (CCPA) ,
Class Action ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Defense Strategies ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action
On March 2, 2021, the Governor of Virginia signed the Virginia Consumer Data Protection Act (CDPA) into law, which goes into effect on January 1, 2023. The law applies only to businesses with large amounts of consumer data...more
In ongoing multidistrict litigation concerning Capital One’s 2019 data breach, Capital One succeeded in defeating a motion to compel disclosure of a privileged root cause analysis conducted by PwC. In contrast to an earlier...more
3/1/2021
/ Attorney-Client Privilege ,
Capital One ,
Cybersecurity ,
Data Breach ,
Discovery ,
FBI ,
Forensic Examination ,
Motion to Compel ,
Multidistrict Litigation ,
Popular ,
Privileged Communication ,
Work-Product Doctrine
The California Department of Motor Vehicles issued the state’s first autonomous vehicle deployment permit to Nuro, Inc. The deployment permit authorizes Nuro to operate commercially in two counties in the Bay Area. NHTSA...more
Voters in Massachusetts overwhelmingly approved a ballot initiative that gives independent mechanics greater access to vehicle data, a move that vehicle manufacturers have foreshadowed could have significant cyber and privacy...more
11/18/2020
/ Auto Repair Regulations ,
Automotive Industry ,
Ballot Measures ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Motor Vehicles ,
Popular ,
Right to Repair ,
Telematics
The newly passed Proposition 24, the California Privacy Rights Act (CPRA), represents the second time in two years that California has instituted a comprehensive privacy statute that fundamentally changes data privacy...more
On Friday, August 14, California’s Office of Administrative Law (OAL) approved the final draft of the Attorney General’s (AG) regulations under the California Consumer Privacy Act (CCPA). Attorney General Xavier Becerra’s...more
8/20/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Subjects Rights ,
Office of Administrative Law ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Private Right of Action ,
Regulatory Requirements ,
State Attorneys General
On March 5, 2020, Gov. Phil Scott (VT-R) signed into law amendments to the Security Breach Notice Act (the “Act”). The amendments, which originated in the State Senate as part of an initiative addressing a number of data...more
8/10/2020
/ Amended Legislation ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Governor Scott ,
New Guidance ,
Notice Requirements ,
Personally Identifiable Information ,
Popular ,
State Attorneys General