On November 1, 2023, the New York Department of Financial Services (NYDFS) finalized the second amendment to its cybersecurity regulations, which are available here. The rules contain the provisions we had described in the original NYDFS proposal a year
US SEC issues final rule on cybersecurity disclosures
On July 26, 2023, the US SEC issued the long-awaited final rules for public companies and foreign private issuers requiring rapid disclosure of material cybersecurity incidents as well as periodic disclosure of cybersecurity risk management and policies and procedures (the
European Commission adopts its adequacy decision for the EU-US Data Privacy Framework
On 10 July, the European Commission adopted its adequacy decision for the EU-US Data Privacy Framework (the DP Framework). It thereby declared that the United States (the US) ensures an adequate level of protection for personal data transferred
Court delays new California privacy regulations
On June 30, 2023—the day before the regulations were scheduled to go into effect—the Superior Court of California halted the enforcement of the California regulations that had been finalized on March 29, 2023 until March 29, 2024. (California Chamber
Texas enacts comprehensive privacy law
On June 13, 2023, the Texas Governor signed HB4, making Texas the tenth state to have a comprehensive privacy law, joining California, Colorado, Connecticut, Montana, Virginia, and Utah (all in effect or going into effect in 2023), Montana and
Biden restricts U.S. government use of commercial spyware
Governments state that they use commercial spyware exclusively for criminal investigations, but critics claim such spyware has purportedly been used for human rights abuses targeting journalists, human rights defenders, lawyers, and political dissidents. Moreover, the U.S. Government and its employees
Privacy law is becoming more technically sophisticated. So should you.
As privacy laws and requirements become more technically sophisticated, businesses may want to consider how they can follow suit.
FTC proposed consent order prohibits perpetual retention of personal information
We had previously written about an FTC proposed consent order that would prohibit a company from perpetual retention of personal health information. On March 2, 2023, the FTC announced a complaint and proposed consent with BetterHelp, Inc. that would prohibit
BIPA damages accrue per transaction
On February 17, 2023, the Illinois Supreme Court decided, by a 4-3 vote, that each time a private entity scans or transmits an individual’s biometric information without complying with Illinois Biometric Information Privacy Act (BIPA), that constitutes a separate violation
“Forever and forever, farewell”: FTC prohibits indefinite retention of PHI in consent order
On February 1, 2023, the Federal Trade Commission announced a complaint and stipulated order with GoodRx, with the FTC using for the first time its interpretation of the Health Breach Notification Rule. Under the Rule, the FTC interpreted a