On September 1, 2025, Texas Senate Bill 140 (SB 140) becomes effective, broadening certain aspects of the state’s telemarketing law to cover text messages, multimedia messages and similar electronic communications. The...more
8/28/2025
/ Consent ,
Consumer Protection Laws ,
Do Not Call List ,
New Legislation ,
Penalties ,
Private Right of Action ,
Registration Requirement ,
Regulatory Requirements ,
State Legislatures ,
Telemarketing ,
Texas ,
Text Messages ,
Unfair or Deceptive Trade Practices
On Aug. 14, 2025, the New York Department of Financial Services (NYDFS) issued a Consent Decree announcing that Healthplex, Inc. (Healthplex) has agreed to pay a $2 million fine, as a result of an investigation into a 2021...more
8/22/2025
/ Chief Information Security Officer (CISO) ,
Consent Decrees ,
Corporate Counsel ,
Covered Entities ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Retention ,
Enforcement Actions ,
Insurance Industry ,
Multi-Factor Authentication ,
NYDFS ,
Personal Data ,
PHI ,
Phishing Scams ,
Popular ,
Regulatory Requirements
The UK Information Commissioner’s Office’s (the ICO’s) latest Annual Report summarises its accomplishments and priorities, including last year’s enforcement actions. Based on our review of the report, we see the ICO focusing,...more
7/22/2025
/ Artificial Intelligence ,
Biometric Information ,
Compliance ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Enforcement Actions ,
EU ,
Information Commissioner's Office (ICO) ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements ,
Telecommunications ,
UK GDPR ,
Web Tracking
New biometric protections went into effect in Colorado on July 1. The Colorado Act on biometric identifiers and biometric data (the Act), House Bill 24-1130, amends the existing Colorado Privacy Act (CPA) (CO Rev Stat §...more
7/16/2025
/ Biometric Information ,
Biometric Information Privacy Act ,
Colorado ,
Data Privacy ,
Disclosure Requirements ,
Employee Rights ,
Employees ,
Employer Responsibilities ,
New Legislation ,
Notice Requirements ,
Privacy Laws ,
State Privacy Laws
Citing “escalating global conflict,” the New York Department of Financial Services issued an alert on Monday, June 22, 2025, to its regulated covered entities, urging them to be vigilant against potential security threats,...more
6/27/2025
/ Covered Entities ,
Cyber Attacks ,
Cybersecurity ,
Data Security ,
Financial Services Industry ,
Global Disputes ,
Multi-Factor Authentication ,
NYDFS ,
Phishing Scams ,
Ransomware ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Assessment ,
Risk Management
On May 1, the California Privacy Protection Agency (CPPA) Board held a meeting to discuss proposed amendments to the CPPA draft regulations on cybersecurity audits, risk assessments and automated decision-making technology...more
On June 23, 2025, businesses will face a new world of children’s privacy regulation, with amendments to the Children’s Online Privacy Protection Act (COPPA) imposing a host of requirements on operators. The sweeping new...more
Earlier this week, the California Privacy Protection Agency (CPPA) and California Attorney General Rob Bonta announced the formation of a new bipartisan coalition called the Consortium of Privacy Regulators. This consortium...more
The Department of Justice’s National Security Division (NSD) released several documents on April 11, 2025, to assist entities that must comply with the Final Rule regulating or prohibiting the transfer of bulk U.S. sensitive...more
Three months into 2025, there appears to be no slowdown in the flood of privacy legislation being considered and enacted by both Congress and state legislatures. Since the California Consumer Privacy Protection Act was passed...more
3/28/2025
/ Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Corporate Counsel ,
Data Privacy ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Online Safety for Children ,
Privacy Laws ,
Proposed Legislation ,
State Legislatures ,
State Privacy Laws
The Department of Justice (DOJ) released a Final Rule restricting certain transfers of Americans’ sensitive personal data to identified countries of concern or covered individuals. The Final Rule continues to assert the DOJ...more
2/14/2025
/ Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Executive Orders ,
Export Controls ,
Final Rules ,
Government Agencies ,
National Security ,
Personal Data ,
Regulatory Requirements
On December 27, 2024, the U.S. Department of Health and Human Services (HHS), through the Office for Civil Rights (OCR), announced a Notice of Proposed Rulemaking (NPRM) to amend the Security Standards for the Protection of...more
1/23/2025
/ Business Associates ,
Compliance ,
Critical Infrastructure Sectors ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
HITECH Act ,
Multi-Factor Authentication ,
OCR ,
PHI ,
Proposed Rules ,
Public Comment ,
Risk Management
Paul Hastings released its SEC Cyber Incident Disclosure Report today, providing a unique look at how public companies have responded to new incident disclosure requirements. The Securities Exchange Commission (SEC) approved...more
12/19/2024
/ Compliance ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Form 10-K ,
Form 10-Q ,
Form 8-K ,
Publicly-Traded Companies ,
Ransomware ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Whistleblowers
On October 15, 2024, the Department of Defense (“DoD”) published the final version of its rule implementing the Cybersecurity Maturity Model Certification (“CMMC”) Program under Title 32 of the Code of Federal Regulations...more
10/24/2024
/ Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Contracts ,
Defense Sector ,
Department of Defense (DOD) ,
DFARS ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
NIST ,
Prime Contractor ,
Proposed Rules ,
Subcontractors
As we have previously written, late last year the New York Department of Financial Services (NYDFS) adopted long-awaited amendments to its Part 500 Cybersecurity Regulations (Part 500). These are some of the most significant...more
The Department of Justice (DOJ) recently raised the stakes for businesses under investigation who use artificial intelligence (AI). The Evaluation of Corporate Compliance Program (ECCP) outlines the criteria to be considered...more
On September 13, 2024, the Colorado Attorney General’s Office (AG) published proposed amendments to the Colorado Privacy Act (CPA) Rules that create new requirements for the collection and use of biometric data and children’s...more
On September 4, 2024, the California Privacy Protection Agency (CPPA) issued an Enforcement Advisory on the importance of avoiding dark patterns. As we have previously written, dark patterns were first addressed in detail in...more