On June 28, in Loper Bright Enterprises v. Raimondo, the Supreme Court overturned the longstanding Chevron doctrine, under which courts generally granted deference to a federal agency’s reasonable interpretation of ambiguous...more
7/9/2024
/ Administrative Procedure Act ,
Centers for Medicare & Medicaid Services (CMS) ,
Chevron Deference ,
Chevron v NRDC ,
Corner Post Inc v Board of Governors of the Federal Reserve System ,
Department of Health and Human Services (HHS) ,
Food and Drug Administration (FDA) ,
Government Agencies ,
Healthcare ,
Judicial Authority ,
Life Sciences ,
Loper Bright Enterprises v Raimondo ,
Regulatory Authority ,
SCOTUS ,
Statutory Interpretation
On April 4, 2024, Kentucky became the fifteenth state to enact a comprehensive data privacy law, with Governor Andy Beshear signing the Kentucky Consumer Data Protection Act (KCDPA) into law. The Kentucky law will go into...more
6/3/2024
/ Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Fair Credit Reporting Act (FCRA) ,
FERPA ,
General Data Protection Regulation (GDPR) ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opt-In ,
Popular ,
Right of Access ,
Sensitive Personal Information ,
State Data Privacy Laws
Key Points - Colorado's new Al law creates new obligations for developers and deployers of high-risk artificial intelligence (Al) systems. Similar to the EU Al Act, the law is risk-based and defines a "high-risk" Al system as...more
6/3/2024
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Bias ,
Colorado ,
Compliance ,
Disclosure Requirements ,
Governance Standards ,
High Risk Sectors ,
New Legislation ,
Penalties ,
Reporting Requirements ,
Risk Management ,
Transparency
Key Points - Colorado’s new AI law creates new obligations for developers and deployers of high-risk artificial intelligence (AI) systems. Similar to the EU AI Act, the law is risk-based and defines a “high-risk” AI system as...more
5/28/2024
/ Algorithms ,
Artificial Intelligence ,
Colorado ,
Consumer Protection Laws ,
Disclosure Requirements ,
Documentation ,
Enforcement ,
EU ,
General Data Protection Regulation (GDPR) ,
Proposed Legislation ,
Risk Assessment ,
Risk Management ,
Transparency ,
Watershed
Last week, the Securities and Exchange Commission imposed expanded privacy and cybersecurity obligations on fund managers and sponsors registered with the SEC as investment advisers. While many registered investment advisers...more
5/21/2024
/ Breach Notification Rule ,
Customer Information ,
Cybersecurity ,
Fund Managers ,
Incident Response Plans ,
Investment Adviser ,
Notice Requirements ,
Policies and Procedures ,
Privacy Laws ,
Private Funds ,
Recordkeeping Requirements ,
Regulation S-P ,
Securities and Exchange Commission (SEC) ,
Sponsors
In September 2023, Delaware became the seventh state in 2023 to enact comprehensive privacy law with the Delaware Personal Data Privacy Act (DPDPA), joining Indiana, Iowa, Montana, Oregon, Tennessee and Texas. The DPDPA will...more
5/14/2024
/ Consumer Privacy Rights ,
Covered Entities ,
Data Privacy ,
Data Protection ,
Data Protection Acts ,
Data Security ,
EU ,
Exemptions ,
General Data Protection Regulation (GDPR) ,
Legislative Agendas ,
New Legislation ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements ,
State and Local Government ,
State Privacy Laws
On February 8, 2024, the Centers for Medicare and Medicaid Services (CMS) released a memorandum from the Quality, Safety & Oversight Group (QSOG) updating its 2018 guidance on texting patient information among healthcare...more
On February 9, 2024, California’s Third District Court of Appeals ruled that the California Privacy Protection Agency (CPPA) may begin enforcing its finalized data privacy regulations immediately, overturning the lower...more
Beginning May 11, 2024, non-banking financial institutions regulated by the Federal Trade Commission (FTC) will be required to submit notifications of data breaches or other security events that impact 500+ consumers. The FTC...more
On January 16, 2024, New Jersey became the first state to enact a comprehensive data privacy law in the new year, with Gov. Phil Murphy (D-NJ) signing the New Jersey Privacy Act (NJPA) (SB 332) into law. The New Jersey law...more
2/14/2024
/ Confidential Information ,
Consent ,
Data Collection ,
Data Protection ,
Data Security ,
DPPA ,
EU ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Minors ,
New Jersey ,
Opt-In ,
Opt-Outs ,
Sensitive Personal Information ,
State Privacy Laws ,
Subcontractors
2024 is shaping up to be a busy year in Washington for telecom, media and technology (TMT) companies. A number of notable topics will require public comment this year, including net neutrality, digital discrimination, data...more
2/9/2024
/ Artificial Intelligence ,
Broadband ,
Consumer Protection Laws ,
FCC ,
Federal Aviation Administration (FAA) ,
NDAA ,
Outer Space ,
Public Comment ,
Regulatory Requirements ,
Spectrum ,
Technology Sector ,
Telecommunications
On February 1, 2024, the Federal Trade Commission (FTC) announced that it had reached a proposed settlement with that would require Blackbaud Inc. (“Blackbaud”) to delete personal data it does not need to retain and upgrade...more
2/7/2024
/ Certifications ,
Cyber Attacks ,
Cyber Incident Reporting ,
Data Deletion ,
Data Management ,
Data Protection ,
Data Retention ,
Data Security ,
Federal Trade Commission (FTC) ,
Personal Data ,
Ransomware ,
Settlement ,
Third-Party
The California Consumer Privacy Protection Agency (CPPA) issued draft rulemaking on automated decision-making technologies as part of its implementing regulations under the California Consumer Privacy Act (as revised, CCPA). ...more
At the end of 2023, the Federal Communications Commission (“FCC” or “the Commission”) adopted updates to its existing 16-year-old data breach notification rules (“prior rules”) designed to ensure that sensitive customer...more
In a key move to further expand consumer data rights, California Gov. Gavin Newson signed The Delete Act (S.B. 362) (the Act) into law on October 10, 2023. The Act amends California’s data broker registration law (Cal. Civ....more
11/8/2023
/ Cal Code of Civil Procedure ,
California ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Data Brokers ,
Data Rights ,
Families First Coronavirus Response Act (FFCRA) ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
Penalties ,
Personal Information ,
Registration Requirement ,
Right to Delete
Two years after the Department of Justice (DOJ) established its Civil-Cyber Fraud Initiative, there has been a recent uptick in enforcement and regulatory activity related to cybersecurity. September opened with the unsealing...more
11/3/2023
/ Cyber Threats ,
Cybersecurity ,
Data Breach ,
Department of Defense (DOD) ,
Department of Justice (DOJ) ,
Enforcement Actions ,
False Claims Act (FCA) ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Fraud ,
General Services Administration (GSA) ,
Proposed Rules ,
Reporting Requirements ,
Settlement ,
Verizon ,
Whistleblowers
On October 8, 2023, Gov. Gavin Newsom (D-CA) signed Assembly Bill 947 (AB 947) into law, adding citizenship and immigration status to the California Consumer Privacy Act’s (CCPA) definition of “sensitive personal...more
On August 7, 2023, the Commissioner of Data Protection of the Dubai International Financial Centre (the DIFC), a financial free-zone in the United Arab Emirates, issued the first adequacy decision regarding the California...more
8/18/2023
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Dubai ,
Information Governance ,
International Data Transfers ,
Personal Data ,
United Arab Emirates (UAE)
On May 11, 2023, Tennessee joined the rapidly growing ranks of U.S. states to enact a comprehensive data privacy law as Gov. Bill Lee (R-TN) signed the Tennessee Information Protection Act (TIPA) into law. Taking effect July...more
In a policy statement released on May 18, 2023, the Federal Trade Commission (FTC) warned of several consumer data privacy risks related to the increasing commercial use of biometrics technologies. The Commission unanimously...more
On June 18, 2023, Texas enacted the Texas Data Privacy and Security Act (TDPSA), joining the rapidly growing list of U.S. states with comprehensive data privacy laws.1 The statute will take effect on July 1, 2024, except for...more
On April 27, 2023, Washington Governor Jay Inslee signed the My Health My Data Act (the “Act”) into law, establishing new limits on the collection, use and sharing of “consumer health data” and creating numerous compliance...more
On March 15, 2023, the Colorado Attorney General (AG) finalized its set of regulations implementing the Colorado Privacy Act (CPA) – the Colorado Privacy Act Rules (“Colorado Rules”). The Colorado Rules clarify and expand...more
On March 30, 2023, the California Privacy Protection Agency (CPPA) announced that the California Office of Administrative Law (OAL) has approved the CPPA’s regulations and filed them with the Secretary of State, completing...more
Growing regulatory action to combat so-called “dark patterns” used in web design to influence consumer choice has resulted in hundreds of millions of dollars in fines, and promises to continue to be an area of enforcement in...more