Category: Privacy

November 27, 2023

On November 27, 2023, the California Privacy Protection Agency (Agency) published draft automated decisionmaking technology regulations as well as revised draft risk assessment regulations. The draft regulations were released in connection with the Agency’s December 8 board meeting. Importantly, the […]

November 13, 2023

The Delaware Personal Data Privacy Act (DPDPA) takes effect January 1, 2025. Delaware generally followed the Connecticut model, but has some unique terms. We provide a non-exhaustive list of some of Delaware’s requirements here. A lower threshold for application; no […]

November 9, 2023

On Oct. 30, in honor of National Cybersecurity Awareness Month, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released a video regarding how the HIPAA Security Rule can help protect healthcare entities against cyberattacks. […]

November 7, 2023

The Situation: California has enacted a groundbreaking new privacy law aimed at data brokers—entities that sell information about consumers with whom they do not have a direct relationship. Under the Delete Act (SB 362), data brokers must allow California consumers […]

November 6, 2023

The NDPR was issued by the National Information Technology Development Agency (NITDA) on 25 January 2019. The NDPR provides a comprehensive set of rules governing data protection in Nigeria, many of which are GDPR-compatible. In November 2020, NITDA issued the […]

November 3, 2023

On October 27, the FTC has approved an amendment to the Safeguards Rule that would require non-banking institutions to report certain data breaches and other security events to the agency. The amendment requires financial institutions to notify the FTC as […]

November 2, 2023

In yet another example of its focus on imposing greater data security accountability, the New York Attorney General (“NYAG”) recently announced a significant settlement with Marymount Manhattan College (“the College”). The settlement stems from a data breach to which the […]

November 2, 2023

On October 27, 2023, the European Data Protection Board (“EDPB”) adopted an urgent binding decision instructing the Irish Data Protection Commissioner (the “Irish DPC”) to take final measures against Meta Ireland Limited (“Meta”) within two weeks and impose a ban […]

October 23, 2023

Last week, the Attorney General for California filed a notice of appeal to overturn a federal court ruling that the state’s Age-Appropriate Design Code Act (“CAADCA”) likely violates the First Amendment. The appeal will put the constitutionality of California’s act […]

October 19, 2023

The Delete Act (SB 362), signed into law by California Gov. Gavin Newsom on October 10, imposes additional disclosure and registration requirements on data brokers. It requires data brokers to support deletion requests through a central “deletion mechanism” managed by […]

October 13, 2023

The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (the “CCPA”), is regarded as one of the strongest and most comprehensive privacy laws in the United States and in recent days it […]

October 12, 2023

This is the seventh installment in our monthly data privacy litigation reports to provide updates on how courts in the United States have handled emerging data privacy trends. In this post we look at advancements in data privacy litigation in […]

October 10, 2023

The UK government has published the Data Protection (Adequacy) (United States of America) Regulations 2023 (SI 2023/1028) (the UK-US Data Bridge Regulations) which adopted an adequacy decision for the US (the UK-US Data Bridge) and will come into force on […]

October 3, 2023

The FTC recently issued a Notice of Penalty Offences (Notice) to certain tax preparation companies concerning the potential misuse of consumer data collected in confidential contexts in violation of the FTCA. The FTC warns that these companies may face civil […]

September 28, 2023

In this day and age, data privacy is a hot topic. Many Americans believe their personal data is less secure now than ever and that data collection poses more risks than benefits.[1] For this reason, among others, businesses must consider […]

September 27, 2023

The Appellate Court of Illinois, First District, applying New York law, has held that an insurer owed a duty to defend an insured in a lawsuit alleging Biometric Information Privacy Act (BIPA) violations because the allegations constituted violations of an […]

September 21, 2023

To whom does the Oregon Consumer Privacy Act apply? The Oregon Consumer Privacy Act imposes transparency and disclosure obligations on a “controller” (an individual or legal entity who, “alone or jointly with another person, determines the purposes and means for […]

September 20, 2023

On September 12, 2023, Delaware governor John Carney signed the Delaware Personal Data Privacy Act (the “DPDPA” or the “Act”) into law. The DPDPA protects the privacy rights of consumers in Delaware and regulates the collection, use, and disclosure of […]

September 13, 2023

Most modern U.S. state data privacy laws exempt from their definition of personal information “publicly available information.” What constitutes publicly available information differs between state privacy laws and may not correlate to the lay definition understood by many businesses and […]

September 12, 2023

As of now, 12 states (CA, CO, CT, DE, IA, IN, MT, OR, TN, TX, UT, and VA) have passed comprehensive privacy laws that are in effect (CA, CT, CO, and VA), or are about to go into effect sometime […]