On June 18, 2023, Texas Governor Greg Abbott signed the Texas Data Privacy and Security Act (HB 4) (“TDPSA”) into law, making Texas the latest contributor to the growing patchwork of comprehensive U.S. state privacy laws....more
The New York Department of Financial Services (“NY DFS”) published an updated proposed Second Amendment to its Cybersecurity Regulation (23 NYCRR Part 500) in the New York State Register on June 28, 2023, updating its...more
On June 13, 2023, the Securities and Exchange Commission (“SEC”) published its Spring 2023 rulemaking agenda that delayed finalizing the proposed Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure...more
On June 7, 2023, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Joint Cybersecurity Advisory in connection with a recent zero-day (or previously...more
On May 1, 2023, bitFlyer USA, Inc. (“bitFlyer”) entered into a Consent Order with the New York Department of Financial Services (“DFS”) for multiple deficiencies in bitFlyer’s cybersecurity program, most notably for failure...more
Publications and Advisories - April 5, 2023 – Kate Hanniford and Elinor Hiller published “Healthy Byte: White House and HHS Both Update Their Cybersecurity Guidance.”...more
On February 24, 2023, the Cyberspace Administration of China (“CAC”) released its final version of the Standard Contract Measures for Exporting Personal Information (“Standard Contract Measures”), accompanied by a template...more
Our Privacy, Cyber & Data Strategy Team breaks down how the two dozen strategic objectives in Biden’s National Cybersecurity Strategy will fundamentally shift how the United States allocates roles, responsibilities, and...more
The National Association of Insurance Commissioners (NAIC) Privacy Protections Working Group (the “Working Group”) released Insurance Consumer Privacy Protection Model Law #674 (“Model 674”) for comment on February 1, 2023....more
Publications and Advisories - February 10, 2023 – Kathleen Benway, David Keating, and Sara Pullen Guercio published “Privacy, Cyber & Data Strategy / Consumer Protection/FTC Advisory: Limit Your Health Data Sharing and Call...more
2/15/2023
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
FCC ,
Federal Trade Commission (FTC) ,
Personal Information ,
Popular ,
State Privacy Laws
What data can companies collect, and how long can they keep it? Our Privacy, Cyber & Data Strategy Team outlines best practices for companies to comply with international, federal, and state laws and guidance to avoid...more
On January 6, 2023, the FCC released a Notice of Proposed Rulemaking (the “Notice”) proposing to “modernize the Commission’s data breach rules,” and thereby launching a formal effort to gather information from the industry on...more
Artificial intelligence (AI) is expanding into more industries (often in surprising ways) and has inevitably caught the attention of federal and state regulators. Our Privacy, Cyber & Data Strategy Team summarizes the...more
12/12/2022
/ Algorithms ,
Artificial Intelligence ,
Corporate Counsel ,
Data Processors ,
Data Protection ,
Federal Trade Commission (FTC) ,
FinTech ,
Health Technology ,
Machine Learning ,
Medical Devices ,
NIST ,
Popular ,
Regulatory Oversight ,
Regulatory Standards ,
Risk Assessment ,
Technology Sector
The New York Department of Financial Services (“DFS”) released their proposed second amendment to the Cybersecurity Regulation, 23 NYCRR Part 500 (“Proposed Second Amendment”) on October 9, 2022....more
Selected U.S. Privacy and Cyber Updates - California Privacy Protection Agency Issues Notice of Modifications to Proposed CPRA Regulations - On November 3, 2022, the California Privacy Protection Agency (CPPA) issued a notice...more
The United Kingdom’s National Cyber Security Centre (NCSC) recently released its 2022 Annual Review, which reports on the state of cyber security threats in the country. As the UK’s technical authority for cyber security, the...more
On October 31, 2022, the Federal Trade Commission (FTC) announced it has taken action against education technology provider Chegg Inc. (“Chegg”) for its “careless” cybersecurity practices that exposed sensitive personal...more
On October 24, 2022, the Federal Trade Commission (“FTC”) announced a proposed consent order against both Drizly LLC, an online marketplace for alcohol delivery, and its CEO over the company’s alleged security failures that...more
On October 18, 2022, EyeMed Vision Care LLC (“EyeMed”) entered into a Consent Order with the New York Department of Financial Services (“DFS”) relating to a cybersecurity event from 2020 that exposed consumer nonpublic...more
Our Privacy, Cyber & Data Strategy and White Collar, Government & Internal Investigations teams offer key takeaways that companies should consider in the wake of the Justice Department’s first prosecution of a corporate...more
On October 4, 2022, the White House Office of Science and Technology released the Blueprint for an AI Bill of Rights (the Bill) to guide the development and use of artificial intelligence (AI) in the United States. The White...more
On August 9, 2022, the Conference of State Bank Supervisors (CSBS) released two cybersecurity tools for nonbank financial services institutions to help prepare for state cybersecurity exams and, ultimately, improve...more
On September 7, 2022 the U.S. Department of Transportation’s National Highway Traffic Safety Administration (NHTSA) released an updated edition of its Cybersecurity Best Practices for the Safety of Modern Vehicles, the last...more
On September 12, 2022, the Cybersecurity and Infrastructure Security Agency (CISA) issued a request for information (RFI) seeking input from stakeholders on the Cyber Incident Reporting for Critical Infrastructure Act of 2022...more
Enhancing data security programs to protect personal information is a critical area companies cannot ignore. Our Privacy, Cyber & Data Strategy and Financial Services & Products groups unpack the latest moves by the Consumer...more