On October 27, the Federal Trade Commission (“FTC”) unanimously voted to amend the Safeguards Rule to require non-banking financial institutions to report data breaches and security events to the Agency. This amendment will...more
The California Privacy Protection Agency (CPPA) recently published two new sets of draft regulations addressing a range of cutting-edge data protection issues. Although the CPPA has not officially started the formal...more
9/8/2023
/ Algorithms ,
Artificial Intelligence ,
California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Financial Products ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Draft Guidance ,
Financial Services Industry ,
Machine Learning ,
Personal Information ,
Regulatory Agenda ,
Risk Assessment
The California Privacy Protection Agency (CPPA) recently published two new sets of draft regulations addressing a range of cutting-edge data protection issues. Although the Agency has not officially started the formal...more
9/6/2023
/ Algorithms ,
Artificial Intelligence ,
California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Financial Products ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Draft Guidance ,
Machine Learning ,
Personal Information ,
Regulatory Agenda ,
Risk Assessment
California continues to be at vanguard of data privacy rights. The latest effort by California legislators to protect consumer privacy rights focuses on data brokers, who under the proposed California Senate Bill 362, aka...more
8/23/2023
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Data Brokers ,
Data Privacy ,
Do Not Sell ,
Fair Credit Reporting Act (FCRA) ,
Opt-Outs ,
Personal Information ,
Right to Delete ,
Third-Party
After an extensive comment period, the SEC announced on July 26 that it was formally adopting new rules for public companies governing cybersecurity disclosures. The rules had generated significant backlash from public...more
8/7/2023
/ Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Final Rules ,
Popular ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)
Shortly before the July Fourth holiday, the California Superior Court issued an important, but subtly complex ruling that pushes back the date when the California Privacy Protection Agency (CPPA) may begin enforcing the...more
On May 28, Texas became the sixth state this year to pass a comprehensive data protection law. Although the Texas Data Privacy and Security Act (“TDPSA”) is largely in line with the Virginia Consumer Data Protection Act and...more
The State of Washington appears close to enacting a new law that regulates the privacy of consumer health information. If passed, the new law – the My Health My Data Act (MHMDA) –would take effect March 31, 2024 and apply...more
On March 15, 2023, the Iowa House passed Senate Bill 262 on a 97-0 vote. The Bill had previously passed the Iowa Senate on March 6, 2023. If ultimately signed by Iowa Governor Kim Reynolds, Iowa would join California,...more
The AI application ChatGPT quickly became a household name, but already is morphing into a more advanced version of generative AI. At the same time, Microsoft’s redesigned Bing search engine will soon run on a new,...more
2022 proved to be an historic year for privacy and data security, and 2023 is likely to follow suit. With privacy compliance deadlines looming under three state laws, a surge in data privacy litigation, new federal...more
2022 proved to be an historic year for privacy and data security. Connecticut and Utah joined the list of states that have now passed comprehensive data privacy laws, bringing the total to five (5) states. For the first...more
With its draft rules, Colorado has set forth a new model for state privacy laws. While there are many areas that are interoperable with the California model, the Colorado draft rules include important differences, as well as...more
As we discussed in a recent webcast, there has been a surge in litigation focused on companies’ use of Meta Pixel, which is tracking code that enables the sharing of user online activity with Facebook. Recent litigation has...more
With the CPRA set to become effective in a little more than three months, Ballard Spahr partners Phil Yannella and Greg Szewczyk discuss CPRA rule-making, the recent Sephora settlement, and outline key compliance steps that...more
In the latest episode in our monthly webcast series, Privacy and Data Security practice co-leaders Phil Yannella and Greg Szewczyk give a comprehensive rundown of the American Data Privacy and Protection Act (ADPPA),...more
In this initial episode of Ballard Spahr’s new privacy and data security webcast series, Phil Yannella and Greg Szewczyk – co-chairs of the Privacy & Data Security Group – discuss regulatory scrutiny concerning the use of...more
In a surprising development, the California Privacy Protection Agency (CPPA) published proposed amendments to the CCPA regulations recently. The proposed amendments were initially made public in a package of materials to be...more
The California Privacy Protection Agency (“CPPA”) scheduled a Board Meeting for June 8th, in which it will be discussing and possibly taking action with regard to the much anticipated CPRA enforcing regulations. To...more
Connecticut is the next in a growing list of states to pass comprehensive data privacy legislation. Last Friday, the Connecticut legislature passed, by large margins, Senate Bill 6 — which we are referring to as...more
In a series of recent statements and releases, Lina Khan, the Chair of the FTC, made clear the Commission’s intention to revamp its oversight of consumer data privacy and establish more substantive limits on commercial data...more
The California AG recently released its first Opinion interpreting the California Consumer Privacy Act (CCPA), highlighting a brewing conflict over the inferences that businesses generate about their consumers. This Opinion...more
Following the lead of California, Colorado, and Virginia, Utah is set to become the fourth state to pass a comprehensive privacy law.
As of March 4, the Utah Consumer Privacy Act (SB 227) cleared both houses of the Utah...more
2021 proved to be a momentous year for privacy and data security law. The scourge of ransomware continued last year, leading to record-setting ransomware payments, a muscular response from the federal government, a hardening...more
California continues to be at the vanguard of privacy protection. On October 11, 2021 California’s Governor Newsom signed several bills addressing privacy and data security. These new laws go into effect January 1, 2022 and...more