The Federal Trade Commission has published a Final Rule relating to changes in the Children’s Online Privacy Protection Act (“COPPA”) regulations, which will go into effect on Monday, June 23, 2025. The final Rule generally provides 365 days from the
North Dakota law heightens data security requirements for some financial institutions
Background
On January 7, 2025, North Dakota’s House Industry, Business, and Labor Committee introduced HB 1127, at the request of the Department of Financial Institutions. HB 1127 successfully passed through both legislative chambers and was signed into law by the
The differences between non-disclosure, exfiltration and notice – a court’s view
By David Kessler and Sue Ross
Although there is scant case law on the question, it is generally accepted that it is not a violation of one’s duty not to disclose information if it is stolen from you. Put another
Happy Information Governance Day
Happy February 20th and Information Governance Day! Today is an opportunity to reflect on the evolution of information governance and, more importantly, its future. In our view, information governance is in its ascendency and is only becoming more and
FTC settlement requires disconnection of hardware from all no longer supported software
On January 16, 2025, the FTC announced a proposed complaint and consent agreement with one of the largest hosting companies in the world: GoDaddy. According to the complaint, the FTC found GoDaddy’s security practices “unreasonable for a company of its
US Dept of Health proposes Security Rule amendments that includes new deadlines
On December 27, 2024, the United States Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), issued a proposed rule to improve data protection measures in the healthcare sector.
Learn more about the
$3 million HIPAA Settlement
On January 14, 2025, the U.S. Department of Health and Human Services (“HHS”) entered into a settlement agreement relating to alleged HIPAA regulation violations with Solara Medical Supplies LLC, a direct-to-consumer distributer of continuous glucose monitors, insulin pumps, and other
Two HIPAA settlements, $1.6 million in penalties
New York hospitals have new cybersecurity requirements
On October 2, 2024, the New York State Department of Health (DOH) published a new cybersecurity regulation (10 NYCRR 405.46) for all general hospitals licensed pursuant to article 28 of the Public Health Law. Although most of the regulation will
New York Department of Financial Services addresses cybersecurity risks from artificial intelligence
On October 16, 2024, the New York Department of Financial Services (“NYDFS” or “DFS”) issued guidance raising awareness about combatting cybersecurity risks arising from artificial intelligence (“AI”) used by DFS licensees, such as insurers and virtual currency businesses. Risks revolve