State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: CFIUS Update: Key Takeaways from the FIRRMA Implementing Regulations
California regulators unanimously approved a sweeping set of regulations on July 24 governing the use of automated decision-making technology (ADMT) and mandating risk assessments and cybersecurity audits for businesses...more
It’s well-known that China’s data protection laws define sensitive personal information very differently to other jurisdictions. Instead of a closed list of data types, sensitive personal information in China has...more
Online political advertising has become central to modern electoral campaigns. However, the growing lack of transparency, particularly regarding funding, targeting, and data processing practices, raises serious concerns about...more
In this Privacy, Cyber & AI Decoded alert, we cover Colorado’s Biometric Identifier Requirements, Delaware’s Data Protection Assessment Requirement, Minnesota’s new comprehensive privacy law going into effect, Tennessee’s...more
This monthly report outlines key developments in China’s data protection sector for June. TC260 Two Cybersecurity Practice Guidelines on Personal Information Protection Compliance Audits: On May 19, 2025, TC260 issued two...more
The State Administration for Market Regulation and the Standardization Administration of China have jointly issued a new national standard applicable to companies conducting business in China, GB/T 45574-2025, Data Security...more
Health Insurance Portability and Accountability Act (HIPAA)-covered entities and business associates should be familiar with restrictions on the use or disclosure of protected health information (PHI) under HIPAA rules....more
U.S. organizations should carefully review and ensure their privacy and cybersecurity practices comply with a wide-ranging new federal rule establishing data transfer restrictions regarding sensitive U.S. personal data. The...more
The guide outlines the requirements of a newly implemented Data Security Program designed to prevent China, Russia and other foreign adversaries designated by the U.S. Department of Justice from accessing American’s sensitive...more
On April 11, 2025, the Department of Justice's National Security Division (NSD) issued additional guidance to assist U.S. organizations in understanding and complying with the Data Security Program (DSP). As discussed in our...more
On April 11, the Department of Justice issued an extensive set of FAQs on its Bulk Data Access Rule and advised that it “will not prioritize civil enforcement actions against any person for violations” of the Rule through...more
Many “good government” initiatives continue to be enacted or implemented on Capitol Hill or in the Executive Branch — notwithstanding changes in political control. While working on Capitol Hill, the bulk of the legislative...more
On January 8, 2025, the U.S. Department of Justice (Department or DOJ) issued new rules required by then-President Biden’s February 2024 Executive Order (EO) 14117 to establish a new regulatory framework aimed at “Preventing...more
The newly promulgated measures increase the threshold of data triggering security assessments and contract requirements while leaving room for Chinese authorities to heavily restrict cross-border data transfers. In...more
On January 16, 2024, New Jersey Governor Phil Murphy signed into law Senate Bill 332 (the "New Jersey Data Privacy Law") making New Jersey the thirteenth state to adopt comprehensive data privacy legislation. This signing...more
On 24 January 2024, the European Commission (EC) published its proposed reform of foreign investment screening in the EU. The proposal introduces more comprehensive rules for the review of foreign investments and strengthens...more
The U.S. Department of Homeland Security (DHS) has issued comprehensive cybersecurity regulations aimed at protecting Controlled Unclassified Information (CUI). These regulations were long-awaited, as the original proposed...more
The California Privacy Protection Agency (CPPA) held a board meeting on October 28 - 29, 2022 (the “Meeting”) to review proposed modifications to the California Privacy Rights Act (CPRA). The CPRA is effectively an amendment...more
On May 27, 2022, the California Privacy Protection Agency (CPPA or Agency) released a much-anticipated draft of the regulations that would implement certain provisions of the California Privacy Rights Act (CPRA)....more
Following the SolarWinds and the Colonial Pipeline cyberattacks, the Biden Administration emphasized a shift toward mandatory cybersecurity requirements. Throughout 2021, government agencies issued new cybersecurity guidance,...more
The Regulation on Management of Automobile Data Security (Trial) (Regulation) was passed on the 101st meeting of Cyberspace Administration of China (CAC), approved by four other Chinese ministries and officially published on...more
Based on China’s Cybersecurity Law (effective from June 1, 2017), the latest draft of Personal Information Protection Law and draft of Data Security Law, the new draft regulations would apply not only to automobile producers...more
Recent regulatory and enforcement developments in the area of access to patient information create significant new risks for radiology providers. In particular, imaging providers should pay close attention to these...more
On January 13, 2020, the U.S. Department of the Treasury, which chairs the Committee on Foreign Investment in the United States (“CFIUS”), released the final regulations to implement the 2018 CFIUS reform law, the Foreign...more
The Committee on Foreign Investment in the United States ("CFIUS") issued final regulations on January 13, 2020 to comprehensively implement the Foreign Investment Risk Review Modernization Act of 2018 ("FIRRMA") (the...more