Comprehensive state privacy laws often task a state regulator to promulgate accompanying regulations that clarify the law’s requirements and to enforce the law by providing further guidance through its enforcement actions....more
Welcome back to the last installment of our three-part series for Data Privacy Week. We previously discussed the foundations of data privacy law and the current state of privacy landscape for companies, and we will now turn...more
Welcome back to the second installment of our three-part series for Data Privacy Week 2025. We previously discussed the foundations of data privacy laws, and now we will focus on the current landscape of U.S. state privacy...more
1/29/2025
/ Artificial Intelligence ,
Biometric Information ,
California Consumer Privacy Act (CCPA) ,
COPPA ,
Cybersecurity ,
Data Privacy ,
Machine Learning ,
Personal Information ,
Regulatory Requirements ,
Rulemaking Process ,
State Privacy Laws
Each year, Data Privacy Week offers an opportunity for companies and professionals to revisit the fundamentals of data privacy. This year, we are celebrating Data Privacy Week, which runs through January 31, by releasing a...more
Companies continue to face a patchwork of state data privacy laws, federal agencies targeted companies' collection of sensitive consumer information, and a handful of states passed artificial intelligence-related regulation...more
1/22/2025
/ Artificial Intelligence ,
Biometric Information ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
PHI ,
Popular ,
Privacy Laws ,
State Privacy Laws
It is challenging for businesses to maintain their competitive marketing edge while simultaneously reacting to ever-changing regulations on consumer data collection, usage, and sharing....more
Artificial intelligence transcription tools are changing how internal and external meetings are recorded and notes are shared. These tools generate real-time transcripts of meetings, letting participants focus on the...more
The U.S. Department of Justice (DOJ) recently updated its Evaluation of Corporate Compliance Programs (ECCP), which prosecutors consider when investigating, charging, and negotiating plea or other agreements with...more
11/8/2024
/ Analytics ,
Artificial Intelligence ,
Chief Compliance Officers ,
Compliance ,
Department of Justice (DOJ) ,
New Guidance ,
Risk Assessment ,
Risk Management ,
Whistleblower Awards ,
Whistleblower Protection Policies ,
Whistleblowers
On July 18, a New York federal judge threw out most of the SEC’s claims brought against both SolarWinds Corp. and the company’s chief information security officer (CISO), Timothy Brown....more
7/25/2024
/ Board of Directors ,
Chief Information Security Officer (CISO) ,
Corporate Governance ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Enforcement Actions ,
Fraud ,
Incident Response Plans ,
Misleading Statements ,
Publicly-Traded Companies ,
Risk Mitigation ,
Securities and Exchange Commission (SEC) ,
Securities Fraud ,
SolarWinds ,
Supply Chain
Last month, the Securities and Exchange Commission (SEC) reemphasized just how serious companies must be about maintaining a vigilant cybersecurity posture and procedures to report cyber incidents in a timely manner....more
6/21/2024
/ Corporate Governance ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement Actions ,
Form 8-K ,
Materiality ,
Publicly-Traded Companies ,
Regulation SCI ,
Securities and Exchange Commission (SEC) ,
Settlement
By now, companies that collect, process, and store the personal data of consumers are used to a fast pace of state privacy and cybersecurity legal activity. This year, companies should also expect increased activity from...more
5/1/2024
/ Comment Period ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Collection ,
Data Privacy ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Proposed Legislation ,
Proposed Rules ,
State Privacy Laws
The Federal Trade Commission (FTC) on Tuesday, April 23, issued its final rule that prevents most employers from enforcing noncompetes against workers. The 3-2 vote by commissioners comes nearly a year and a half after the...more
In today's evolving world of security and data privacy, K-12 schools, universities, local governments, and hospitals are increasingly finding themselves on the same list: vulnerable to the threat of a cyberattack....more
The legal significance of President Joe Biden's "Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence" is immense, marking a pivotal moment in the governance of AI technologies...more
Compliance assessments can be a valuable tool during the mergers and acquisitions process, but the Department of Justice (DOJ) is incentivizing due diligence reviews under a newly announced policy.
Deputy Attorney...more
10/27/2023
/ Acquisitions ,
Compliance ,
Cooperation ,
Corporate Governance ,
Corporate Misconduct ,
Department of Justice (DOJ) ,
Due Diligence ,
Mergers ,
Policy Statement ,
Safe Harbors ,
Voluntary Disclosure
In less than three months, public companies and certain foreign private companies will have to take additional steps after cybersecurity breaches: deciding whether an incident meets the materiality threshold that requires...more
9/29/2023
/ Compliance ,
Compliance Dates ,
Corporate Governance ,
Customer Proprietary Network Information (CPNI) ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
FCC ,
Final Rules ,
Foreign Private Issuers ,
Form 8-K ,
Materiality ,
Publicly-Traded Companies ,
Regulation S-K ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
Previously relegated to purely civil enforcement, in the last year the U.S. Department of Justice (DOJ) has increased its focus on pursuing criminal charges for anti-poach agreements between companies that attempt to...more
5/5/2023
/ Acquittals ,
Antitrust Violations ,
Competition ,
Criminal Prosecution ,
Department of Justice (DOJ) ,
Health Care Providers ,
Home Health Agencies ,
No-Poaching ,
Price-Fixing ,
Restraint of Trade ,
Wage-Fixing
The Washington state My Health My Data Act (MHMDA) casts a wide net of business and data it intends to regulate. Passed on April 17, the law places restrictions on the collection, sharing, and selling of “consumer health...more
Iowa became the sixth state with a comprehensive privacy law after passing the Act Relating to Consumer Data Protection (ICDPA), with Indiana’s Senate Bill 5 set to cause Indiana to become the seventh, following Governor...more
The Seventh Circuit Court of Appeals requested that the Illinois Supreme Court (ILSC) weigh in on how claims accrue under the Illinois Biometric Information Privacy Act (BIPA). BIPA requires companies, often employers, to get...more
In a few months, certain businesses with California-based employees may face new data privacy requirements as an exemption to the Golden State’s comprehensive privacy and security statute sunsets. In recent years,...more
It is becoming increasingly difficult for businesses to keep up with the growing patchwork of privacy laws. A fifth state is added to the list of those with comprehensive privacy laws, Virginia passed multiple amendments to...more
On March 24, 2022, Utah Governor Spencer Cox signed the Utah Consumer Privacy Act (“UCPA”) into law, making it the fourth state to pass a comprehensive data privacy law - joining California, Virginia, and Colorado. The UCPA...more
Beyond causing long lines and shortages at the gas pump, the cyberattack on the Colonial Pipeline this month may have important implications for federal contractors. As part of the federal government’s response, President Joe...more
5/28/2021
/ Biden Administration ,
Cloud Computing ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Data Management ,
Department of Homeland Security (DHS) ,
Executive Orders ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Government Agencies ,
National Security ,
Pipelines ,
Software ,
TSA
The Economic Growth, Regulatory Relief, and Consumer Protection Act takes effect on Friday, September 21. The act modifies the Dodd-Frank Wall Street Reform and Consumer Protection Act in a variety of ways, including with...more