As the California Privacy Protection Agency (CPPA) prepares for its July 24, 2025, meeting, it released a revised set of California Consumer Privacy Act (CCPA) regulations that contain modest changes to the ones it released...more
On April 22, 2025, the Federal Trade Commission’s (FTC) changes to the Children’s Online Privacy Protection Rule (COPPA Rule) were published in the Federal Register. The updates will go into effect on June 23, 2025, and...more
5/15/2025
/ Advertising ,
COPPA ,
Data Collection ,
Data Privacy ,
Data Retention ,
Data Security ,
Data-Sharing ,
Parental Consent ,
Regulatory Agenda ,
Regulatory Oversight ,
Regulatory Requirements ,
Transparency
On April 14, 2025, the National Institute of Standards and Technology (NIST) released a draft update to the NIST Privacy Framework 1.1. The updates are meant to enhance organizations’ data governance and risk management and...more
On March 7, 2025, the California Privacy Protection Agency (CPPA) issued a settlement order imposing a $632,500 fine on American Honda Motor Co., Inc. for violations of the California Consumer Privacy Act (CCPA). The CPPA...more
3/17/2025
/ Automotive Industry ,
California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Honda ,
Personal Information ,
Privacy Laws ,
Regulatory Requirements ,
Settlement
On January 22, 2025, the New York Assembly passed Senate Bill S929, titled the New York Health Information Privacy Act (New York HIPA). The act is now on its way to Governor Kathy Hochul for her signature.
If signed into...more
1/27/2025
/ Compliance ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Privacy Acts ,
Privacy Laws ,
State Privacy Laws
Educational technology (EdTech) tools were critical during the COVID-19 pandemic and remain a key part of education, from digital textbooks and instructional material, to interactive applications for teachers, parents, and...more
10/31/2024
/ COPPA ,
Data Collection ,
EdTech ,
Educational Institutions ,
FERPA ,
Personal Data ,
Privacy Laws ,
Regulatory Agenda ,
SOPIPA ,
State Privacy Laws ,
Students ,
Technology Sector
California is set to amend the California Consumer Privacy Act of 2018 (CCPA) with two recent amendments that have been signed into law. Assembly Bill (AB 1008) and Senate Bill 1223 (SB 1223) aim to clarify how the law...more
On September 13, 2024, the Colorado Attorney General’s (AG) Office published proposed draft amendments to the Colorado Privacy Act (CPA) Rules. The proposals include new requirements related to biometric collection and use...more
On July 15, 2024, the California Privacy Protection Agency (CPPA) released proposed updates to the California Consumer Privacy Act (CCPA) regulations, including updates to the draft risk assessments, automated decisionmaking...more
On January 8, 2024, the New Jersey legislature passed the New Jersey Data Privacy Act (NJDPA). The bill, SB 332, will soon head to Governor Phil Murphy’s desk for signing. Assuming the bill is signed quickly, it will go into...more
On October 27, 2023, the Federal Trade Commission (FTC) finalized an amendment to the Safeguards Rule that will impose data breach reporting requirements on nonbanking financial entities subject to the Gramm-Leach-Bliley Act...more
Data governance is a mission-critical issue for every company and institution in the United States.
GCs face a host of pressing cybersecurity concerns. Triaging them requires time, attention, and a well-rounded strategy...more
8/18/2023
/ Cookies ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Healthcare ,
Legislative Agendas ,
Mobile Apps ,
New Legislation ,
New Rules ,
OCR ,
Personal Information ,
Regulatory Agenda ,
Risk Factors ,
Risk Management ,
State Privacy Laws ,
Technology Sector ,
Tracking Systems
On July 10, 2023, the European Commission adopted its adequacy decision for the EU-US Data Privacy Framework (DPF). The decision concluded that the United States does ensure an adequate level of protection for transferring...more
7/14/2023
/ Data Privacy ,
Data Protection ,
Data Security ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
SCC ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework
On June 30, 2023, the California Superior Court hearing Cal. Chamber of Commerce v. Cal. Privacy Prot. Agency, No. 34-2023-80004106 (Cal. Sup. Ct.), delayed enforcement of the latest California Consumer Privacy Act (CCPA)...more
During this session, the panel discussed strategies and business considerations when addressing compliance with the wide array of data protection and privacy laws and regulations across the United States and abroad. The panel...more
Join Elliot Golding, Daniel Gottlieb and Amy Pimentel for a deep dive into how the new state privacy laws impact the healthcare and financial services industries....more
6/9/2023
/ Banks ,
Continuing Legal Education ,
Data Privacy ,
Financial Institutions ,
Financial Services Industry ,
Health Care Providers ,
Personally Identifiable Information ,
PHI ,
Physicians ,
State Privacy Laws ,
Webinars
The legal privacy landscape is quickly shifting as new consumer privacy laws spring up each year. Alcohol companies looking to maximize their customer data must understand how to comply with applicable privacy rules and...more
6/2/2023
/ Breweries ,
Consumer Privacy Rights ,
Continuing Legal Education ,
Customer Information ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Use Policies ,
Distilleries ,
Marketing ,
Privacy Laws ,
Risk Mitigation ,
Supply Chain ,
Webinars ,
Wineries
Texas will likely become the 11th state to pass a consumer privacy law. H.B. 4, the Texas Data Privacy and Security Act (TDPSA), was passed by both houses of the Texas legislature last week, and the bill is now headed to...more
6/1/2023
/ Consumer Privacy Rights ,
Data Privacy ,
Data Security ,
Governor Abbott ,
Personal Information ,
Privacy Laws ,
Proposed Legislation ,
State and Local Government ,
State Legislatures ,
State Privacy Laws ,
Texas
Critical infrastructure and essential services in the United States—especially small or rural service providers—are highly vulnerable to disruptions from cyber attacks. Given the ever-growing need for cybersecurity services...more
There has been a flurry of state privacy activity in the past week, with Colorado becoming the latest state to finalize sweeping data privacy rules and Iowa on the precipice of becoming the sixth state to enact comprehensive...more
The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) issued a Bulletin (Dec. 2022) outlining the obligations for HIPAA covered entities and businesses when deploying online tracking...more
2/10/2023
/ Continuing Legal Education ,
Cookies ,
Covered Entities ,
Data Collection ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Mobile Apps ,
OCR ,
PHI ,
Unauthorized Disclosure ,
Web Tracking ,
Webinars ,
Websites
We would not blame companies for feeling fatigued after the race to comply with the amended California Consumer Privacy Act (CCPA), the soon-to-be finalized CCPA regulations and the new Virginia Consumer Data Protection Act...more
On January 1, 2023, the substantive provisions of the California Privacy Rights Act (CPRA) took effect, significantly amending the California Consumer Privacy Act (CCPA) and marking another milestone in the development of US...more
On December 21, 2022, the Colorado Attorney General (AG) released its newest set of draft regulations to the Colorado Privacy Act (CPA), which will take effect in July 2023. This latest draft includes updates to the proposed...more
Since Schrems II invalidated the US/EU Privacy Shield, the flow of personal data from the European Union to the United States has been subject to intense regulatory scrutiny. Companies transferring personal data to the United...more