In July 2025, the California Privacy Protection Agency (CPPA) Board unanimously approved new regulations pursuant to the California Consumer Privacy Act (CCPA) that specifically address the use of automated decisionmaking...more
8/8/2025
/ Audits ,
Automated Decision Systems (ADS) ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Selling ,
Data-Sharing ,
New Regulations ,
Reporting Requirements ,
Risk Assessment ,
Risk Management
On June 22, 2025, Texas became the latest state to enact comprehensive AI legislation with a uniquely Texan twist through the passage of the Texas Responsible Artificial Intelligence Governance Act....more
In the first five months of 2025, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) announced it had entered into ten Health Insurance Portability and Accountability Act (HIPAA) resolution...more
5/21/2025
/ Business Associates ,
Covered Entities ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
HIPAA Violations ,
OCR ,
Penalties ,
Risk Assessment ,
Risk Management ,
Settlement Agreements
Recently, there has been an increase in individual rights activity across Europe, particularly organizations receiving Data Subject Access Requests (DSARs) from former employees. ...more
The concept of the “supergroup” may have originated with rock and roll, but on April 16, 2025, privacy practitioners in the United States learned that a whole new type of supergroup has been formed. ...more
On March 20, 2025, President Donald Trump issued Executive Order 14242 directing the Secretary of Education “to the maximum extent appropriate and permitted by law, [to] take all necessary steps to facilitate the closure of...more
The European Data Protection Board (EDPB) recently announced the launch of its 2025 Coordinated Enforcement Framework (CEF) action, which will focus on the right to erasure, also known as the “right to be forgotten,” or, in...more
Virginia Governor Glenn Youngkin has vetoed House Bill (HB) No. 2094, a bill that would have created a new regulatory framework for businesses that develop or use “high-risk” artificial intelligence (AI) systems in the...more
Virginia has taken a step closer to becoming the second state (after Colorado) to enact comprehensive legislation addressing discrimination stemming from the use of artificial intelligence (AI), with the states taking...more
An online retailer was recently hit with the first class action under Washington’s consumer health data privacy law alleging that it used advertising software attached to certain third-party mobile phone apps to unlawfully...more
2/21/2025
/ Class Action ,
Consumer Privacy Rights ,
Consumer Protection Laws ,
Data Collection ,
Data Privacy ,
Internet Retailers ,
Location Data ,
Mobile Apps ,
Personal Data ,
PHI ,
Privacy Laws ,
State Privacy Laws ,
Third-Party Service Provider
The U.S. Department of Homeland Security (DHS) recently published new security requirements for certain restricted transactions covered by the U.S. Department of Justice’s (DOJ) sensitive data export rules. ...more
2/4/2025
/ Biden Administration ,
China ,
Corporate Counsel ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Protection ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
Executive Orders ,
National Security ,
Restricted Transactions ,
Russia ,
Security and Privacy Controls
Just over one year after the Colorado Privacy Act Rules took effect, the Colorado Attorney General’s Office filed a set of proposed draft amendments that, if implemented, would significantly modify the Rules to reflect recent...more
The Consumer Financial Protection Bureau (CFPB) recently issued guidance that takes an aggressive position regarding the scope of the Fair Credit Reporting Act (FCRA) as covering certain employee monitoring and assessment...more
11/6/2024
/ Algorithms ,
Artificial Intelligence ,
Consumer Financial Protection Bureau (CFPB) ,
Consumer Reporting Agencies ,
Data Collection ,
Employee Monitoring ,
Fair Credit Reporting Act (FCRA) ,
New Guidance ,
Risk Management ,
Screening Procedures ,
Third-Party Service Provider
In an era when artificial intelligence (AI) is rapidly transforming the workplace, Illinois has joined the growing list of states taking legislative action to further regulate the use of AI in employment settings, which...more
The Federal Trade Commission (FTC) has a long-standing habit of creating legal obligations through blog posts. Recent communications from the FTC by way of its Office of Technology Blog evidence an aggressive expectation...more
8/19/2024
/ Anonymization ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Data Protection ,
De-Identification ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Safe Harbors ,
Subject Matter Experts (SMEs)
Twelve new state comprehensive data privacy laws are set to go into effect over the next two years as the United States continues to catch up to foreign jurisdictions like the European Economic Area (EEA), making a total of...more
On February 28, 2024, the Biden administration announced new cybersecurity-related measures, including an executive order (EO) and advance notice of proposed rulemaking (ANPRM), intended to address the bulk flow of Americans’...more
3/4/2024
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Biden Administration ,
China ,
Covered Entities ,
Covered Person ,
Cuba ,
Data Transfers ,
Department of Justice (DOJ) ,
Executive Orders ,
General Data Protection Regulation (GDPR) ,
Hong Kong ,
International Data Transfers ,
International Emergency Economic Powers Act (IEEPA) ,
Iran ,
North Korea ,
Prohibited Transactions ,
Rulemaking Process ,
Russia ,
Schrems I & Schrems II ,
Sensitive Personal Information ,
Venezuela