The U.S. Securities and Exchange Commission (SEC) appears to have big plans for cybersecurity regulation in 2023....more
On December 21, 2023, the Colorado Attorney General released a second draft of the Colorado Privacy Act Rules, revising the previous draft of the proposed rules. Our analysis of the first draft of the rules can be found here....more
In a significant move toward replacing the invalidated Privacy Shield, the European Commission (EC) released a draft Adequacy Decision on December 13, 2022, concluding that the U.S. legal framework provides an adequate level...more
The New York Department of Financial Services (NYDFS) has proposed significant amendments (Proposed Amendments) to its Cybersecurity Requirements for Financial Services Companies (Cybersecurity Regulation)....more
The New York Department of Financial Services (NYDFS) continues to be a major player in data security enforcement. On Oct. 18, 2022, NYDFS announced that it had entered into a consent order with EyeMed Vision Care LLC...more
The New York Department of Financial Services (NYDFS) continues to be a major player in data security enforcement. On Oct. 18, 2022, NYDFS announced that it had entered into a consent order with EyeMed Vision Care LLC...more
October was a busy month in New York for cybersecurity enforcement. In addition to a $4.5 million settlement between the New York Department of Financial Services and EyeMed Vision Care (discussed in a forthcoming blog post),...more
In March 2022, the US and EU announced they had agreed in principle to a new Trans-Atlantic Data Privacy Framework (Framework) intended to simplify transfers of personal information. After months of waiting for the final...more
The Colorado Attorney General's Office has published its much-anticipated proposed rules (Proposed Rules) implementing the Colorado Privacy Act (CPA), which, as we discussed in an earlier blog post, was enacted on July 7,...more
New York City has proposed rules for implementing its new law requiring bias audits of automated employment decision-making tools (AEDTs) used within the city. The proposed rules answer some of the open questions about how...more
On August 18, the National Institute of Standards and Technology (NIST) released a second draft of its Artificial Intelligence Risk Management Framework (the Second Draft) for public comment. The first draft was released in...more
The Federal Trade Commission has formally launched a rulemaking proceeding that nominally is focused on consumer privacy issues, but actually raises significant questions about the impact of artificial intelligence/machine...more
Newly proposed amendments to the New York Department of Financial Services' (NYDFS) already-comprehensive cybersecurity rules would impose heightened cybersecurity requirements on large financial institutions and additional...more
Last week, the First Circuit issued a decision that could be destined for Supreme Court review, but that nonetheless will immediately impact the course of criminal defendants' Fourth Amendment rights, particularly concerning...more
On May 25, 2022, the European Commission announced the release of a new guidance document relating to standard contractual clauses (SCCs) and international data transfers. The guidance is included in a series of questions and...more
TThe Federal Trade Commission (FTC) recently published a blog post asserting that Section 5 of the FTC Act may require companies to notify individuals of breaches of their personal data, even where there is no specific breach...more
The California Privacy Protection Agency Board (the "CPPA Board") announced on May 27, 2022, that it would hold a public meeting on June 8 to discuss, among other things, a set of detailed proposed regulations to "Implement,...more
6/6/2022
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Proposed Regulation ,
State Privacy Laws
On March 31, 2022, the Payment Card Industry Security Standards Council published version 4.0 of its PCI Data Security Standard (PCI DSS). The updated standards provide significant new guidance on the scope and applicability...more
On March 16 and 17, 2022, the National Institute of Standards and Technology (NIST) released two documents as part of its effort to establish a voluntary framework for developing trustworthy and responsible artificial...more
On March 9, 2022, the Securities and Exchange Commission (SEC) announced proposed rules requiring publicly listed companies to make several specific disclosures related to cybersecurity incidents and the registrant's...more
Algorithmic disgorgement is back in the spotlight at the FTC, this time in connection with a recently announced settlement with WW International, Inc., formerly known as Weight Watchers (WW), and a subsidiary called Kurbo,...more
On February 9, 2021, the Securities and Exchange Commission (SEC) announced new proposed cybersecurity rules (Proposed Rules) for registered investment advisors and investment companies (funds) addressing cybersecurity risk...more