On October 1, 2022, the Colorado Attorney General‘s Office announced that it had submitted the first draft of its Rules implementing the Colorado Privacy Act.

The draft Colorado Rules run only 38 pages long—in notable contrast to the draft California regulations that run 66 pages (albeit in redline).  Moreover, the draft Colorado Rules address

Colorado Attorney General Philip Weiser gave his first public comments since April last Thursday at Ballard Spahr LLP’s 2022 Annual Colorado Privacy Summit.  In an hour-long fireside chat with Ballard Spahr’s Co-Chair of Privacy and Data Security Greg Szewczyk, AG Weiser discussed the rulemaking process under the Colorado Privacy Act.  A recording of the interview

The August 31 closing of the California legislative session likely marked the end of hopes for an extension of the limited exemptions for employee and business-to-business (B2B) data that have existed for the California Consumer Privacy Act (“CCPA”) since its inception.  As a result, when the the California Privacy Rights Act (CPRA) goes into effect

Businesses operating in New York City should be aware of a local law addressing the use of automated employment screening and decision-making tools coming into effect on January 1, 2023.  This law applies broadly to employers and employment agencies operating in New York City that target New York City residents using what it refers to

In the latest episode in our monthly webcast series, Privacy and Data Security practice co-leaders Phil Yannella and Greg Szewczyk give a comprehensive rundown of the American Data Privacy and Protection Act (ADPPA), including: The status of the bill, key components, the private right of action, and the bill’s differences from state laws. Phil

In an active week for federal regulators, the Federal Trade Commission (FTC) joined the CFPB in announcing important initiatives that may change privacy and data security practices in major ways.

On August 11, the FTC released its Advanced Notice of Proposed Rulemaking, seeking public input on a host of questions relating to what it

On July 29, 2022, the New York Department of Financial Services (“NYDFS”) released Draft Amendments to its Cyber Security Regulations.  The Amendments, if adopted, would further regulatory trends and impose important new requirements on covered entities.

The Amendments contain three significant changes relating to ransomware.  First, the Amendment specifically adds “the deployment of ransomware