The National Institute for Standards and Technology (NIST) recently unveiled the first version of its Artificial Intelligence Risk Management Framework (AI RMF 1.0, or “Framework”). This highly anticipated and detailed...more
On February 10, 2023, the California Privacy Protection Agency (CPPA) issued an invitation for public commentary on the topics that will be included in their future rulemaking: cybersecurity audits, risk assessments and...more
On Tuesday, December 13, the European Commission initiated its long-awaited process towards the adoption of an adequacy decision for the European Union (EU)-U.S. Data Privacy Framework (EU-U.S. DPF), which aims to address the...more
On November 20, 2022, the Saudi Data and Artificial Intelligence Authority (SDAIA) launched a public consultation (which is open until December 20, 2022) on its proposed amendments to the Personal Data Protection Law (PDPL)....more
On November 3, 2022, the California Privacy Protection Agency (CPPA) officially published modifications to the proposed regulations implementing the Consumer Privacy Rights Act (CPRA). These modified proposed regulations...more
Issued by the White House Office of Science and Technology Policy (OSTP) on October 4, 2022, the “Blueprint for an AI Bill of Rights” is the Biden-Harris administration’s seminal work on its vision for the future of...more
Key Points -
President Biden has signed the long-awaited executive order implementing U.S. commitments to the new successor agreement to the Privacy Shield, the EU-U.S. Data Privacy Framework—a historic step in respect of...more
10/20/2022
/ Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Transfers ,
EU-US Privacy Shield ,
European Commission ,
Executive Orders ,
General Data Protection Regulation (GDPR) ,
International Data Transfers
On August 24, 2022, California Attorney General Rob Bonta (AG) announced a proposed settlement with beauty retailer Sephora USA, Inc. to resolve claims that Sephora violated the California Consumer Privacy Act (CCPA). Under...more
Key Points -
As part of the antitrust agencies’ public commitment to investigate and prosecute competitive harm in labor markets, the DOJ Antitrust Division fined three major U.S. poultry processors and a data consulting...more
8/22/2022
/ Antitrust Division ,
Antitrust Violations ,
Data Privacy ,
Department of Justice (DOJ) ,
Employer Liability Issues ,
Hart-Scott-Rodino Act ,
Poultry ,
Sherman Act ,
State Data Privacy Laws ,
Wage and Hour ,
Wage-Fixing
Companies are now on the clock for comments on the new proposed California Privacy Rights Act (CPRA) regulations. On July 8, 2022, the California Privacy Protection Agency (CPPA) filed a Notice of Proposed Action, triggering...more
Key Points -
Three of the four bipartisan leaders of the House and Senate committees with jurisdiction over data privacy have struck a deal on a comprehensive federal bill, the American Data Privacy and Protection Act,...more
The Connecticut Data Privacy Act (CTDPA), which will go into effect July 1, 2023, is now the fifth and latest comprehensive state consumer privacy law, giving companies doing business in the state less than two years to...more
The Federal Trade Commission (FTC) reached a settlement with weight loss company WW International (formerly known as Weight Watchers) requiring the company to pay a $1.5 million penalty, delete the personal information of...more
In this episode, Natasha Kohne and Michelle Reed, who head Akin Gump’s cybersecurity, privacy and data protection practice, and counsel Lauren York discuss the firm’s new CCPA Litigation Annual Report – 2021 Trends and...more
With the recent signing of the Utah Consumer Privacy Act (UCPA) by Gov. Spencer J. Cox on March 24, 2022, Utah has become the fourth state to enact a comprehensive law addressing consumer data privacy, joining California,...more
Colorado requires businesses to take reasonable steps to protect consumer data under both the Colorado Consumer Protection Act and its landmark new data privacy law, the Colorado Privacy Act (CPA). The CPA comes into force on...more
On February 17, 2022, the California Privacy Protection Agency (CPPA) Board held its first Board meeting of 2022. Notably, CPPA Executive Director Ashkan Soltani delivered an update on the CPPA’s rulemaking activities and...more
The Federal Trade Commission (FTC) issued a surprisingly strong warning to companies that they may face potential regulatory action if they fail to address known vulnerabilities, focusing in particular on the Log4j...more
On January 28, 2022, the California Attorney General (AG) announced an “investigative sweep” of businesses operating loyalty programs in the state, which it launched by sending multiple businesses notice of noncompliance with...more
Public comments to recently published regulations governing compliance with the California Privacy Rights Act (CPRA) show that stakeholders sharply disagree on multiple areas of the CPRA. Seventy submissions totaling nearly...more
The National Institute of Standards and Technology (NIST) issued a request for public comment to help guide the development of the current and future state of technology in eight emerging technology areas. Those areas include...more
12/3/2021
/ America Competes Act ,
Comment Period ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Internet of Things ,
NIST ,
Public Comment ,
Request For Information ,
Software Developers
On 10 November 2021, the Supreme Court dismissed the United Kingdom’s first ever “opt-out” class action brought outside of the competition law sector, in Lloyd v Google LLC. The claim, seeking an award of damages of around £3...more
On October 27, 2021, Secretary of State Antony Blinken formally announced plans to modernize and reorient American diplomacy to meet the evolving demands of the 21st century. The State Department, in consultation with...more
On October 1, 2021, two Acts overhauling data privacy and cybersecurity in Connecticut took effect—the latest instance of stronger state breach reporting requirements with a safe harbor protection from litigation for...more
10/7/2021
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Notification Requirements ,
Personal Information ,
Popular ,
Safe Harbors ,
State Data Breach Notification Statutes
On August 30, 2021, the Securities and Exchange Commission announced three enforcement actions against registered investment advisers for alleged cybersecurity failures involving cloud-based email systems. All three actions...more