X Agrees to Stop Processing EU Data to Train its Grok AI -
Ireland’s Data Protection Commission (“DPC”) recently filed an urgent High Court application against X (formerly Twitter) for using the personal data of European...more
9/13/2024
/ Artificial Intelligence ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Data Security ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
Fines ,
Ireland ,
Liability ,
Personal Data ,
Sensitive Personal Information ,
Twitter ,
Uber
SEC Issues New Guidance as to 8-K Disclosures Relating to Cybersecurity Incidents -
On June 27, 2024, the U.S. Securities and Exchange Commission (the “SEC”) issued new guidance on the agency’s guidelines for cybersecurity...more
7/19/2024
/ Artificial Intelligence ,
Bots ,
California Consumer Privacy Act (CCPA) ,
COPPA ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Healthcare ,
Online Safety for Children ,
Ransomware ,
Securities and Exchange Commission (SEC) ,
Settlement ,
Tracking Systems ,
UK ,
Websites
CFPB Director Chopra Emphasizes “Pressing Need” for Data Protections -
On June 12, 2024 and June 13, 2024, Consumer Financial Protection Bureau Director Rohit Chopra appeared before the Senate Banking Committee and the...more
7/1/2024
/ Breach Notification Rule ,
Consumer Financial Protection Bureau (CFPB) ,
Court of Justice of the European Union (CJEU) ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Multi-Factor Authentication ,
Personal Data ,
Securities and Exchange Commission (SEC) ,
Settlement ,
State Privacy Laws ,
UK GDPR ,
Vermont
April 2024 On April 4, 2024, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (“CISA”) published a 447-page Notice of Proposed Rulemaking (“Proposed Rules”) in accordance with the...more
4/19/2024
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Government Agencies ,
Machine Learning ,
OMB ,
Online Safety for Children ,
Privacy Laws ,
Proposed Rules ,
Reporting Requirements ,
UK ,
Voluntary Compliance
Biden Administration Issues Executive Order Restricting Bulk Transfers of U.S. Citizens' Personal Data to “Countries of Concern” -
On February 28, 2024, President Biden issued an Executive Order (“EO”) to address the...more
3/15/2024
/ Biden Administration ,
California ,
Cybersecurity Framework ,
Data Privacy ,
Data Protection ,
Data Selling ,
Employee Monitoring ,
Executive Orders ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
High-Risk Countries ,
NIST ,
Opt-Outs ,
Personal Data ,
Sensitive Personal Information ,
UK
FTC Announces Proposed Settlement with Software Provider to Settle Allegations that its Inadequate Security Safeguards Led to Cyberattack -
On February 1, 2024, the Federal Trade Commission (“FTC”) announced a proposed...more
NSA and CISA Release Report on “Top Ten” Cybersecurity Misconfigurations; CISA Calls for Software Manufacturers to Implement Best Practices -
On October 5, 2023, the United States National Security Agency (NSA) and...more
10/20/2023
/ Artificial Intelligence ,
Cybersecurity ,
Data Breach ,
Data Transfers ,
European Data Protection Board (EDPB) ,
Federal Trade Commission (FTC) ,
Fines ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Investigations ,
Law Enforcement ,
Manufacturers ,
National Security Agency (NSA) ,
Personal Data ,
Popular ,
Settlement ,
Software ,
UK ICO
SEC Finalizes Cybersecurity Disclosure Rules for Public Companies -
On July 26, 2023, the Securities and Exchange Commission (“SEC”) voted to adopt new rules requiring public companies to make certain disclosures...more
8/4/2023
/ California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Enforcement ,
Federal Trade Commission (FTC) ,
Final Rules ,
Foreign Private Issuers ,
Form 8-K ,
Hospitals ,
Investment Company Act of 1940 ,
Mobile Apps ,
Securities and Exchange Commission (SEC) ,
Telehealth ,
Tracking Systems ,
Websites
Montana and Tennessee on Verge of Joining Other States in Passing Comprehensive Privacy Laws -
On April 21, 2023, the state legislatures of Montana and Tennessee passed comprehensive privacy legislation bills. To become...more
5/15/2023
/ Cyber Threats ,
Department of Justice (DOJ) ,
ENISA ,
Equal Employment Opportunity Commission (EEOC) ,
EU ,
Federal Trade Commission (FTC) ,
FTC Act ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Privacy Laws ,
State Privacy Laws
Biden Administration to Introduce New National Cyber Strategy for Critical Infrastructure -
The Biden administration is reportedly working on a National Cyber Strategy for critical infrastructure that will advocate a more...more
1/20/2023
/ Biden Administration ,
Chemicals ,
Class Action ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Collection ,
Data Security ,
Energy Sector ,
Facial Recognition Technology ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
National Security ,
NIST ,
Oil & Gas ,
OMB ,
Pipelines ,
Proposed Legislation ,
Public Safety ,
Railways ,
Settlement ,
TSA ,
Water
CJEU: Special Category Data Just Got More Complicated -
On August 1, 2022, the Court of Justice of the European Union (“CJEU”) delivered a preliminary ruling on the legal interpretation of special categories of personal...more
8/19/2022
/ CNIL ,
Court of Justice of the European Union (CJEU) ,
Do Not Call List ,
EU ,
FCC ,
General Data Protection Regulation (GDPR) ,
Online Safety for Children ,
Personal Data ,
Proposed Legislation ,
Regulatory Agenda ,
Regulatory Reform ,
Scams ,
UK ICO
California Privacy Protection Agency Proposes CPRA Regulations as the ADPPA Continues to Advance in Congress -
On July 8, 2022, the California Privacy Protection Agency (“CPPA”) filed a Notice of Proposed Rulemaking...more
7/22/2022
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Financial Protection Bureau (CFPB) ,
Consumer Privacy Rights ,
Cyber Attacks ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Digital Markets Strategy ,
Digital Services ,
Fair Credit Reporting Act (FCRA) ,
Proposed Regulation
Clearview AI Settles Biometric Data Privacy Suit with ACLU -
On May 9, 2022, Clearview AI, Inc. (“Clearview”) and the American Civil Liberties Union (“ACLU”) announced an agreement to settle a lawsuit involving Clearview...more
5/27/2022
/ American Civil Liberties Union (ACLU) ,
Americans with Disabilities Act (ADA) ,
Artificial Intelligence ,
Biden Administration ,
Biometric Information ,
Clearview AI ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
European Data Protection Board (EDPB) ,
Facial Recognition Technology ,
Malware ,
Managed Service Providers (MSPs) ,
Popular ,
Regulatory Reform
FTC Chair Lina Khan Questions Current Data Collection Practices by Private Industry at IAPP Global Privacy Summit, Suggests New Rulemaking May Be Necessary -
In her first major privacy address since taking the helm of the...more
4/29/2022
/ Administrative Appointments ,
Artificial Intelligence ,
Court of Justice of the European Union (CJEU) ,
Criminal Investigations ,
Critical Infrastructure Sectors ,
Data Breach ,
Data Collection ,
Data Protection ,
Federal Trade Commission (FTC) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Location Data ,
Monetization ,
Personally Identifiable Information ,
Popular ,
U.S. Commerce Department ,
US Department of State
SEC Proposes New Cybersecurity Rules for Public Companies -
On March 9, 2022, the Securities and Exchange Commission (“SEC”) announced proposed amendments to its rules on cybersecurity. The proposed rules aim to “enhance and...more
3/25/2022
/ Cookie Banners ,
COPPA ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Disclosure Requirements ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Mobile Apps ,
Popular ,
Privacy Concerns ,
Publicly-Traded Companies ,
Regulatory Agenda ,
Regulatory Reform ,
Regulatory Violations ,
Securities and Exchange Commission (SEC)
SEC Proposes and Seeks Comments on New Cybersecurity Rules -
At an open meeting on February 9, 2022, the Securities and Exchange Commission (“SEC”) voted three-to-one to propose new and amended rules regarding cybersecurity...more
2/25/2022
/ Asset Management ,
Cybersecurity ,
Data Collection ,
Disclosure Requirements ,
EDPS ,
International Data Transfers ,
Personal Data ,
Policies and Procedures ,
Popular ,
Registered Investment Advisors ,
Registered Investment Companies (RICs) ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Spyware
The UK Home Office and the U.S. Department Of Justice (“DOJ”) have signed an agreement (the “Agreement”) which will enable British and U.S. law enforcement agencies to compel UK and U.S. cloud service providers (“CSPs”) to...more
10/10/2019
/ Bilateral Agreements ,
CLOUD Act ,
Cloud Service Providers (CSPs) ,
Crime (Overseas Production Orders) Act 2019 (the COPO Act) ,
Criminal Investigations ,
Cross-Border ,
Discovery ,
Electronically Stored Information ,
Enforcement Actions ,
Government Investigations ,
UK
Over a year following enactment of the U.S. “Clarifying Lawful Overseas Use of Data” or CLOUD Act, significant questions remain unanswered about the law and its potential impact on global investigations involving cloud stored...more
7/22/2019
/ Bilateral Agreements ,
CLOUD Act ,
Cloud Service Providers (CSPs) ,
Cloud Storage ,
Comity ,
Crime (Overseas Production Orders) Act 2019 (the COPO Act) ,
Criminal Investigations ,
Customer Information ,
Department of Justice (DOJ) ,
ECPA ,
Electronically Stored Information ,
EU ,
Extraterritoriality Rules ,
France ,
International Litigation ,
International Treaties ,
Law Enforcement ,
Qualified Foreign Governments (QFGs) ,
Self-Reporting ,
Stored Communications Act ,
Subpoenas ,
UK ,
Warrants ,
White Papers
The CLOUD Act resolves the central issue in United States v. Microsoft — U.S. law enforcement agencies now have explicit legal authority to obtain electronic data from U.S. cloud and communication companies regardless of...more
4/16/2018
/ CLOUD Act ,
Cloud Service Providers (CSPs) ,
Cloud Storage ,
Criminal Investigations ,
Data Privacy ,
Electronic Communications ,
Electronically Stored Information ,
Extraterritoriality Rules ,
Foreign Governments ,
General Data Protection Regulation (GDPR) ,
International Litigation ,
Law Enforcement ,
Motions to Quash ,
New Legislation ,
Search Warrant ,
Stored Communications Act ,
Subpoenas ,
US v Microsoft
In Google LLC v. Equustek Solutions Inc.,1 a United States district court enjoined the enforcement of an order by the Supreme Court of Canada that directed Google to remove content from Google search results. The Canadian...more
11/20/2017
/ Collusion ,
Communications Decency Act ,
Declaratory Rulings ,
EU ,
Extraterritoriality Rules ,
False Advertising ,
Foreign Judgments ,
Google ,
Imminent Harm ,
International Litigation ,
Internet ,
Post-Judgment Enforcement Actions ,
Preliminary Injunctions ,
Right to Be Forgotten ,
Search Engines ,
Section 230 ,
Supreme Court of Canada ,
Trade Secrets