The first compliance deadline set out in the European Union (EU)’s Regulation (EU) 2024/1689, or the EU AI Act, took effect on February 2, 2025. ...more
Employers had a big win in late June 2023 when a trial court in Sacramento enjoined until March 29, 2024, enforcement of the final regulations under the California Privacy Rights Act (CPRA), the only one of 14 recently...more
Two months ago, the White House released its National Cybersecurity Strategy. Since then, various government agencies have issued new cybersecurity guidance for certain critical infrastructure subsectors. For example, the...more
Last month, on Data Privacy Day, Colorado’s Attorney General Philip Weiser released prepared remarks entitled “The Way Forward on Data Privacy and Data Security” that shed some light on his approach to enforcing Colorado’s...more
The U.S. Department of Justice announces an initiative targeting cybersecurity-related fraud by government contractors and grant recipients. On October 6, 2021, the U.S. Department of Justice ("DOJ") announced a new Civil...more
Investment Advisers - ANNUAL COMPLIANCE REVIEWS - All investment advisers registered with the Securities and Exchange Commission (“SEC”) or at the state level are required to review their compliance policies and procedures...more
Under Russian Data Protection Law, when collecting personal data, data operators (controllers) must ensure that recording, systematization, accumulation, storage, updating and extraction of personal data relating to Russian...more
On October 22, the Interactive Advertising Bureau (IAB), a media and marketing industry trade group, released for public comment the California Consumer Privacy Act Compliance Framework for Publishers and Technology Companies...more
I. Summary of effective dates - – Effective January 1, 2020 – Enforcement starting July 1, 2020 – Employees not covered for first 12 months*...more
The Office of the Under Secretary of Defense for Acquisition and Sustainment has been on a fast track mission to shore up the cybersecurity measures of defense contractors and the supply chain to the Department of Defense...more
The California Consumer Privacy Act (CCPA) imposes a broad array of new legal obligations on businesses to inform consumers about the categories of personal information being collected online and how it will be used....more
On September 13, the final day of its legislative session, the California Legislature approved five amendments to the California Consumer Privacy Act (CCPA), the state’s sweeping new privacy law that takes effect on January...more
As we sip champagne reflecting on the first anniversary of the effective date of the European General Data Protection Regulation (GDPR), we consider the obligations that employers should bear in mind....more
When the European Union’s General Data Protection Regulation (GDPR) became effective on May 25, 2018, many US-based hospitals struggled to determine whether they were subject to the GDPR and, if so, what they must do to...more
Words matter. Nowhere is this truer than in legislation, where word choices—often the product of long debate and imperfect compromise—determine the scope and impact of a law. ...more
The European Union’s General Data Protection Regulation (commonly known as GDPR) has broad implications that reach even local public agencies in the United States. GDPR, which took effect May 25, is a sweeping global privacy...more
The New York Department of Financial Services issued new regulations requiring every consumer credit reporting agency that “assembles, evaluates, or maintains a consumer credit report on any consumers located in New York...more
How does a company transfer data from the European Union (EU) to the US under the General Data Protection Regulation (GDPR) which went live on May 25, 2018? I recently had the opportunity to visit Jonathan Armstrong, partner...more
Worldwide, companies are scrambling to meet the May 25th deadline to comply with the European Union’s General Data Protection Regulation (GDPR). For companies with physical operations in an EU member state, this deadline is...more
As part of the Rocky Mountain Information Security Conference hosted in Denver from May 8 to 10, 2018, Ballard Spahr Privacy and Data Security attorney David Stauss sat down with Robb Reck, Chief Information Security Officer...more
It is safe to say that there has been much fear and confusion over the European Union (EU) General Data Protection Rule, or GDPR. ...more
Data protection law is undergoing radical change that is impacting employers and trustees of pension schemes and all service providers to them. With effect from 25 May 2018 the European General Data Protection Regulation...more