In the entertainment industry, Sony Music asserted that AI companies don’t have permission to use its recording artists’ works for AI training. In response to the industry’s concerns over the use of AI, members of Congress...more
6/24/2024
/ Actors ,
Artificial Intelligence ,
Artists ,
Class Action ,
Copyright ,
Copyright Infringement ,
Deep Fake ,
Entertainment Industry ,
Executive Orders ,
Facial Recognition Technology ,
Google ,
International Olympic Committee (IOC) ,
Microsoft ,
Music ,
Music Industry ,
Musical Sound Recordings ,
Sony ,
Technology Sector ,
TikTok ,
U.S. Commerce Department
Businesses interacting with Utah residents should act quickly to ensure compliance with newly in effect obligations requiring certain disclosures regarding use of generative AI tools as Utah joins the growing patchwork of...more
On April 22, 2024, the Office for Civil Rights (“OCR”) at the U.S. Department of Health and Human Services issued a Final Rule, entitled ‘HIPAA Privacy Rule to Support Reproductive Health Care Privacy’....more
5/13/2024
/ Abortion ,
Covered Entities ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Dobbs v. Jackson Women’s Health Organization ,
Final Rules ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
OCR ,
Patient Privacy Rights ,
PHI ,
Reproductive Healthcare Issues
The newly promulgated measures increase the threshold of data triggering security assessments and contract requirements while leaving room for Chinese authorities to heavily restrict cross-border data transfers.
In...more
4/1/2024
/ China ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Free Trade Zone ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
New Regulations ,
Personal Information ,
Personal Information Protection Law (PIPL) ,
Regulatory Requirements ,
Risk Assessment ,
Security Risk Assessments ,
Sensitive Personal Information ,
Standard Contractual Clauses
New Hampshire joins New Jersey as the second state passing a data protection law in 2024. New Hampshire is the 15th overall US state to do so.
Last year proved to be a huge year in U.S. state data protection law, ending...more
New Jersey continues the 2023 trend into 2024 of U.S. states quickly passing similar, omnibus data protection laws, becoming the 14th such state to do so.
Last year proved to be a huge year in U.S. state data protection...more
Last year proved to be a big year in data protection with U.S. state data protection laws popping up across the country, the FTC updating its guidance and regulations on everything from data breaches and biometric...more
1/18/2024
/ Adtech ,
Artificial Intelligence ,
Biden Administration ,
Biometric Information ,
Breach Notification Rule ,
California Privacy Protection Agency (CPPA) ,
COPPA ,
Data Breach ,
Data Protection ,
EU ,
Executive Orders ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
India ,
Minors ,
Opt-Outs ,
Personal Data ,
Popular ,
Privacy Laws ,
Securities and Exchange Commission (SEC) ,
State Privacy Laws ,
UK ,
Website Design ,
Websites
Utah became the fourth U.S. state to pass an omnibus data protection law when the Utah Consumer Privacy Act was signed into law March 24, 2022.
As the page turns to a new year, a new U.S. state data protection law will...more
Efforts to Address the Lack of Federal Data Privacy Legislation in the U.S. Have Continued -
The need for federal data privacy legislation was reiterated in the House Energy and Commerce Committee’s Subcommittee on...more
8/7/2023
/ Artificial Intelligence ,
Biometric Information ,
Congressional Committees ,
Congressional Investigations & Hearings ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Legislative Agendas ,
Machine Learning ,
New Legislation ,
Pending Legislation ,
Personal Data ,
Personal Information ,
PHI ,
Policy Statement ,
Popular ,
Proposed Legislation ,
Regulatory Agenda ,
State Privacy Laws ,
TikTok ,
Tracking Systems ,
Web Tracking ,
Websites
Data privacy laws have been progressing globally, but federal legislation in the U.S. has been lacking -
Businesses are facing a growing number of data privacy regulations. This is especially apparent among those in highly...more
5/22/2023
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Compliance ,
Consumer Privacy Rights ,
COPPA ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Data-Sharing ,
Electronic Protected Health Information (ePHI) ,
EU ,
General Data Protection Regulation (GDPR) ,
PHI ,
Popular ,
Proposed Legislation ,
Ransomware ,
State Privacy Laws
In 2023, a number of state data protection laws will be coming into effect and a number of entities who previously were not subject to data security and data privacy obligations will soon be within the scope of these laws....more
Dobbs v. Jackson Women's Health Organization -
..6-3 decision: Justice Alito wrote the majority opinion, with separate concurrences from Justices Thomas, Kavanaugh, and Roberts, and dissent by Justices Breyer, Sotomayor,...more
9/13/2022
/ Abortion ,
Discrimination ,
Dobbs v. Jackson Women’s Health Organization ,
Employee Benefits ,
Employee Retirement Income Security Act (ERISA) ,
Employment Policies ,
Family and Medical Leave Act (FMLA) ,
Medical Leave ,
Pregnancy ,
Protected Activity ,
Reproductive Healthcare Issues ,
Roe v Wade ,
SCOTUS
Entities facing significant legal risk, no matter the circumstances, if they make ransom payments to attackers connected to, or originating from Russia.
As the Russian invasion of Ukraine continues, the U.S. government...more
4/27/2022
/ Cyber Attacks ,
Cyber Crimes ,
Economic Sanctions ,
FinCEN ,
Foreign Relations ,
Office of Foreign Assets Control (OFAC) ,
Ransomware ,
Risk Assessment ,
Risk Mitigation ,
Russia ,
Ukraine
The new law will require critical infrastructure entities to report certain covered cybersecurity incidents to government agencies within 72 hours; ransomware payments within 24 hours.
On March 15, President Biden signed...more
The amended law comes into effect in April and covers new categories of personal information, including personal-related information and sensitive personal information.
In June 2021, Japan enacted an amendment to its privacy...more
The new mechanisms, which are likely to pass Parliament, will become effective on March 21, 2022 and will require businesses and organizations to review existing and new contracts.
The Information Commissioner’s Office...more
Beginning in January 2023, three new state privacy laws (and their applicable regulations) come into effect. They largely follow in the footsteps of the California Consumer Privacy Act that took effect in 2018. The new laws...more
Beginning in January 2023, three new state privacy laws (and their applicable regulations) come into effect. Additionally, several other countries have taken steps to implement or shore up their own privacy and data...more
More, possibly similar decisions are expected in the coming months, throwing cross-Atlantic data transfers and trade into doubt as diplomats seek a Privacy Shield replacement.
In late December, the Austrian Data...more
2/3/2022
/ Analytics ,
Austria ,
Binding Corporate Rules ,
Cookies ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
FISA ,
General Data Protection Regulation (GDPR) ,
Google ,
International Data Transfers ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The brief FTC note indicates the agency will look to combat poor security practices, protect against the misuse of personal information, and discrimination arising from algorithmic decision-making.
Last month, the...more
1/21/2022
/ Algorithms ,
Congressional Committees ,
Consent ,
Data Security ,
Federal Trade Commission (FTC) ,
Personal Data ,
Personal Information ,
Privacy Concerns ,
Proposed Rules ,
Rulemaking Process ,
Unfair or Deceptive Trade Practices
Banking organizations must notify the appropriate agency within 36 hours of certain computer-security incidents; and banking service providers must notify affected banking organizations as soon as possible in the event of an...more
12/22/2021
/ Banking Sector ,
CFTC ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
FDIC ,
Federal Reserve ,
Financial Services Industry ,
Notice Requirements ,
OCC ,
Popular ,
Securities and Exchange Commission (SEC)
Investors filed a derivative suit claiming that the company knew about, and failed to mitigate known, existing cybersecurity risks and shortfalls prior to the security breach.
In early November, pension funds and...more
12/7/2021
/ Board of Directors ,
Breach of Duty ,
Cybersecurity ,
Data Breach ,
Derivative Suit ,
Duty of Care ,
Duty of Loyalty ,
False Claims Act (FCA) ,
Federal Contractors ,
Fiduciary Duty ,
Good Faith ,
Home Depot ,
Institutional Investors ,
Marriott ,
Material Misstatements ,
Pension Funds ,
Popular ,
Security Breach ,
Shareholder Litigation ,
Shareholders ,
SolarWinds ,
Yahoo!
As drafted the new measures specify security assessment and contract requirements but leave ample room for Chinese authorities to heavily restrict cross-border data transfers.
At the end of October, China’s top privacy...more
The updated rule also includes new exemptions, expands the definition of “financial institution,” and creates new accountability requirements.
On October 27th the Federal Trade Commission (“FTC”) adopted and published...more
11/11/2021
/ Customer Information ,
Cybersecurity ,
Data Security ,
Equifax ,
Exemptions ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Personally Identifiable Information ,
Regulatory Requirements ,
Safeguards Rule
Contracts entered into prior to Sept. 27 will need to be amended to adopt the new standard contractual clauses by Dec. 27, 2022.
As of Sept. 27, entities entering new contracts that are subject to the General Data...more