Leading businesses continue to suffer cyber attacks at the hands of sophisticated ransomware groups. For example, the threat group “Scattered Spider” (also known as UNC3944, Octo Tempest, 0ktapus) is once again making...more
Like a zombie apocalypse, hordes of California Invasion of Privacy Act (“CIPA”) claims have chased corporate defendants to court where they were held off for a time, until, clawing at the courthouse doors, CIPA claims broke...more
The Ninth Circuit recently issued two back-to-back memoranda of dispositions addressing claims under the California Invasion of Privacy Act (“CIPA”) Section 631 and the common law tort of intrusion upon seclusion. First, on...more
The California Privacy Protection Agency (CPPA) has intensified its enforcement activities in 2025, bringing enforcement actions under both the California Consumer Privacy Act (CCPA) and the California Delete Act in the last...more
On April 22, 2025, the Federal Trade Commission (FTC) published substantial amendments to the Children’s Online Privacy Protection Rule (COPPA), which will take effect on June 23, 2025. Businesses subject to COPPA must ensure...more
AT A GLANCE -
As the digital world becomes an integral part of children's lives, state legislatures are placing greater emphasis on regulating how companies handle children’s personal information. This Legal Update...more
3/4/2025
/ Consent ,
COPPA ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
Minor Children ,
Online Platforms ,
Online Safety for Children ,
Personal Data ,
Personal Information ,
Privacy Laws ,
Social Media ,
State Privacy Laws ,
Websites
On December 21, 2024, while many Americans were busy signing holiday cards and exchanging gifts, New York Governor Kathy Hochul was signing six significant pieces of legislation aimed at enhancing online safety and...more
12/31/2024
/ Breach Notification Rule ,
Consumer Privacy Rights ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Identity Theft ,
New Legislation ,
New York ,
Notice Requirements ,
Personal Data ,
Personal Information ,
Social Media ,
State Privacy Laws
The US privacy legal landscape continues to expand in 2024, with most of the momentum led by state laws.
...more
10/23/2024
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
New Legislation ,
Popular ,
Regulatory Reform ,
Regulatory Requirements ,
State Data Privacy Laws ,
State Privacy Laws
By now, companies across all industries have become familiar with the lifecycle and stages of a ransomware incident. Generally, once an attack is contained, remediation and rebuilding will follow. Shortly after, the crisis...more
10/14/2024
/ Attorney-Client Privilege ,
Class Action ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Incident Response Plans ,
Invasion of Privacy ,
Litigation Strategies ,
Personally Identifiable Information ,
Ransomware ,
Risk Mitigation
On May 17, 2024, Colorado became the first state to enact comprehensive AI legislation. Governor Jared Polis signed Senate Bill 24-205, “Concerning Consumer Protections in Interactions with Artificial Intelligence Systems,”...more
On May 15, 2024, the Bipartisan Senate AI Working Group—Senate Majority Leader Chuck Schumer (D-NY) and Senators Mike Rounds (R-SD), Todd Young (R-IN), and Martin Heinrich (D-NM)—released a report titled "Driving U.S....more
On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) within the US Department of Homeland Security released a much-anticipated notice of proposed rulemaking (NPRM) to implement the Cyber Incident...more
4/1/2024
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Data Breach ,
Data Preservation ,
Data Protection ,
Data Security ,
Department of Homeland Security (DHS) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
NPRM ,
Proposed Rules ,
Ransomware ,
Regulatory Agenda
On December 12, 2023, the Department of Justice (DOJ) issued guidelines for companies to follow in requesting that the Attorney General authorize delays of cyber incident disclosures required by the U.S. Securities and...more
12/13/2023
/ Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
FBI ,
Form 8-K ,
New Guidance ,
Publicly-Traded Companies ,
Reporting Requirements ,
Securities and Exchange Commission (SEC) ,
Securities Regulation