States have been active in passing and enacting comprehensive consumer privacy laws in the absence of a federal statute. To date, 19 states have passed such laws, starting with the California Consumer Privacy Act (“CCPA”),...more
Effective companies use their websites to engage with visitors, understand their market, and drive sales — but the legal landscape has grown in complexity in recent years such that maintaining a strong website for your...more
Daytime television inundates American seniors with advertisements for UnitedHealthcare’s (“UHC”) Medicare Advantage Plans. On its website, UHC claims its Medicare Advantage Plans “stand out from the rest,” providing...more
3/6/2025
/ Algorithms ,
Artificial Intelligence ,
Class Action ,
Data Privacy ,
Denial of Insurance Coverage ,
Health Insurance ,
Healthcare ,
Insurance Claims ,
Insurance Industry ,
Insurance Litigation ,
Medicare ,
Medicare Advantage ,
Unfair Competition ,
UnitedHealth
In the Federal Trade Commission’s (“FTC”) first action related to connected vehicle data, the agency announced that it reached a settlement with General Motors (“GM”) over GM’s unauthorized collection, use, and sale of driver...more
On January 16, 2025, the Federal Trade Commission (“FTC”) announced its Final Rule amendments to the Children’s Online Privacy Protection Act (“COPPA”) Rule, which imposes requirements on website and online service operators...more
The Department of Justice (“DOJ”) published its final regulations on “Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons” (the “Final Rule”). The Final...more
2/3/2025
/ Data Privacy ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Enforcement Actions ,
Executive Orders ,
Federal Contractors ,
Final Rules ,
National Security ,
Recordkeeping Requirements ,
Regulatory Requirements ,
Risk Management ,
Sensitive Personal Information
Recent statements by South Africa’s Information Regulator (“IR”) indicate an impending crackdown on data privacy compliance, specifically within the banking and insurance sectors. The IR has announced its intention to enforce...more
Over the past year, lawsuits under the California Invasion of Privacy Act (“CIPA”) have gained significant momentum, and there’s no sign of them slowing down. Both state and federal courts in California are seeing a rise in...more
10/28/2024
/ California ,
CIPA ,
Class Action ,
Consent ,
Consumer Privacy Rights ,
Cookies ,
Data Collection ,
Invasion of Privacy ,
Web Tracking ,
Website Owner Liability ,
Websites
The Digital Operational Resilience Act (“DORA”), an EU regulation designed to bolster the resilience of financial entities against Information and Communications Technology (“ICT”) risks, entered into force on January 16,...more
In this episode, AGG Women in Tech Law attorneys Jackie Cooney, Allison Raley, and Sara Lord explore the complexities of the False Claims Act ("FCA") and its recent application to cybersecurity. They provide a comprehensive...more
In this episode, AGG Women in Tech Law attorneys Jackie Cooney, Madison Pool, and Michelle Davis discuss the intersection of AI and healthcare, focusing on how providers can effectively deploy AI tools while navigating the...more
In this episode, Allison Raley, AGG’s Women in Tech Law co-chair, is joined by Susan Lam, chief risk officer of Bakkt, to discuss the path to cybersecurity and risk roles, including specific training and educational programs...more
California continues to grapple with a significant surge in lawsuits and arbitration demands aimed at businesses operating websites employing technology to monitor online activities. These cases hinge on the California...more
Cyberattacks and data incidents are rapidly increasing, and third-party services companies are a frequent source of exposure for healthcare providers. Healthcare is a prime target for cybercriminals, with ransomware and...more
3/21/2024
/ Compliance ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Popular ,
Risk Management
In this episode, Mike Burke, AGG Corporate partner and co-leader of the firm’s international initiative, is joined by Jackie Cooney, AGG Privacy & Cybersecurity co-chair, to discuss privacy and cybersecurity issues impacting...more
SEC Cybersecurity Rule Fact Sheet What Is the New Rule? In late July 2023, the SEC adopted new rules that will require publicly traded companies to: disclose cybersecurity incidents within four business days of determining...more
Summary - On July 10, 2023, the European Commission issued an adequacy decision for the EU-U.S. Data Privacy Framework (“EU-U.S. DPF” or “DPF”). The decision concludes that the U.S. ensures an adequate level of protection...more
Summary - On May 18, 2023, the Federal Trade Commission (“FTC”) announced a Notice of Proposed Rulemaking (the “Proposed Rule”), which both clarifies the scope of the Health Breach Notification Rule (“HBN Rule”) to include...more