Happy Information Governance Day

By David Kessler (US) & Andrea D'Ambra (US) on February 20, 2025

Happy February 20^th and Information Governance Day! Today is an opportunity to reflect on the evolution of information governance and, more importantly, its future. In our view, information governance is in its ascendency and is only becoming more and…

New York changes data breach law—in December and February

By Annmarie Giblin (US), Susan Ross (US), Gerar Mazarakis (US) & Phillip Pang (US) on February 19, 2025

New York just finished a series of adjustments to its data breach notification requirements. Effective immediately, organizations must notify impacted individuals of a data breach within 30 days of its discovery instead of “in the most expedient time possible and…

FTC settlement requires disconnection of hardware from all no longer supported software

By David Kessler (US) & Susan Ross (US) on February 18, 2025

On January 16, 2025, the FTC announced a proposed complaint and consent agreement with one of the largest hosting companies in the world: GoDaddy. According to the complaint, the FTC found GoDaddy’s security practices “unreasonable for a company of its…

The Commission’s guidelines on AI systems – what can we infer?

By Rosie Nance, Marcus Evans (UK) & Peter McBurney on February 13, 2025

The EU’s AI Act imposes extensive obligations on the development and use of AI. Most of the obligations in the AI Act look to regulate the impact of the specific use cases on health, safety, or fundamental rights. These sets…

CJEU Advocate General clarifies when pseudonymised data falls outside the definition of personal data

By Marcus Evans (UK), Rosie Nance & Alice Knowles on February 10, 2025

On 5 February 2025, the Advocate General of the Court of Justice of the European Union (CJEU) issued its opinion in the case of C 413/23 P European Data Protection Supervisor (EDPS) v Single Resolution Board…

US Dept of Health proposes Security Rule amendments that includes new deadlines

By Will Daugherty (US), David Kessler (US), Sarah Knight (US), Susan Ross (US) & Megan Kunnel (US) on February 4, 2025

On December 27, 2024, the United States Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), issued a proposed rule to improve data protection measures in the healthcare sector.

Learn more about the…

Online Safety Act: Protecting Children from Harmful Content Online – Ofcom’s Guidance on Age Assurance for Part 3 Services

By Farah Mukaddam (UK), Marcus Evans (UK) & Rosie Nance on January 28, 2025

Ofcom has published its guidance for implementing age assurance measures for regulated service providers. User-to-user (U2U) services and search services take note: a decision not to implement highly effective age assurance measures means that your service may be deemed by…

Abstract neural network. Big data concept. Global database and artificial intelligence. Bright, colorful 3D illustration with bokeh effect

FTC finalizes COPPA rule amendments

By Steve Roosa (US), Philip Hodgkins (US), Susana Medeiros (US) & Wenda Tang (US) on January 22, 2025

On January 16, 2025, the Federal Trade Commission (FTC) announced significant amendments to the Children’s Online Privacy Protection Act (COPPA) Rule after a comprehensive review that began in 2019. This marks the first major update since 2013 and represents a…

$3 million HIPAA Settlement

By David Kessler (US) & Susan Ross (US) on January 21, 2025

On January 14, 2025, the U.S. Department of Health and Human Services (“HHS”) entered into a settlement agreement relating to alleged HIPAA regulation violations with Solara Medical Supplies LLC, a direct-to-consumer distributer of continuous glucose monitors, insulin pumps, and other…

New Horizons in Data Protection: Malaysia’s Personal Data Protection (Amendment) Act 2024

By Wilson Ang, Jeremy Lua & Terence De Silva on January 17, 2025

On 24 December 2024, Malaysia’s Minister of Digital stipulated the dates on which the provisions of the Malaysian Personal Data Protection (Amendment) Act 2024 (Amendment Act) will come into force. The Amendment Act will take effect in three…

Data Protection Report

Happy Information Governance Day

New York changes data breach law—in December and February

FTC settlement requires disconnection of hardware from all no longer supported software

The Commission’s guidelines on AI systems – what can we infer?

CJEU Advocate General clarifies when pseudonymised data falls outside the definition of personal data

US Dept of Health proposes Security Rule amendments that includes new deadlines

Online Safety Act: Protecting Children from Harmful Content Online – Ofcom’s Guidance on Age Assurance for Part 3 Services

$3 million HIPAA Settlement

New Horizons in Data Protection: Malaysia’s Personal Data Protection (Amendment) Act 2024

Test

FAITS RELEVANT DE LA VIE PRIVEE ET LICENCIEMENT DISCIPLINAIRE

New Global Regulation Tomorrow Plus podcast: CCI transaction costs, cost disclosures and transitional provisions

FCA publishes data flow diagrams for consumer credit reporting

PRA publishes policy statement on its approach to branch and subsidiary supervision

Global Regulation Tomorrow Plus: EMEA insights series: Episode 21 – Update from Italy on MiCA, DORA, CRD 6 and AI

SEC Updates Guidance to Facilitate Broker-Dealer Involvement in Crypto

IOSCO reports on finfluencers, online imitative trading practices and digital engagement practices

Published in OJ – Regulation (EU) 2025/914 amending the BMR

About

Topics

Archives