Compliance

Privacy, Cybersecurity and Access to Beneficial Ownership Information: FinCEN Issues Notice of Proposed Regulations Under the Corporate Transparency Act

By Peter D. Hardy, Philip N. Yannella & Sarah B. Dannecker on January 4, 2023

Posted in Banking and Financial Services, Compliance, FinCEN, Uncategorized

A Deep Dive Into FinCEN’s Latest Proposals Under the CTA

On December 16, the Financial Crimes Enforcement Network (“FinCEN”) issued a 54-page notice of proposed rulemaking (“NPRM”) regarding access by authorized recipients to beneficial ownership information (“BOI”) that will be reported to FinCEN under the Corporate Transparency Act (“CTA”). The CTA requires covered entities –…

Lessons from the Texas Biometric Data Action Against Google

By Gregory P. Szewczyk & John Georgievski on November 7, 2022

Posted in Biometrics, Compliance, State Attorneys General

On October 20, 2022, Texas Attorney General Ken Paxton brought suit in Texas district court against Google for alleged violations of the Texas Capture or Use of Biometric Identifier Act (“CUBI”). The petition claims that Google violated CUBI by collecting, analyzing, and storing the facial geometry of individuals who appear in photos that have…

Real World Implications of Sephora

By Gregory P. Szewczyk & Doris Yuen on October 5, 2022

Posted in California Consumer Privacy Act (CCPA), Compliance, Consumer Protection, Digital Advertising and Marketing, Enforcement, Personal Information, Privacy Law and Regulation, Regulatory Compliance, State Attorneys General, State Law

On August 24, California Attorney General Rob Bonta announced a $1.2 million settlement with Sephora over allegations that the cosmetic retailer had violated the California Consumer Privacy Act (CCPA). This first public enforcement action—and subsequent noncompliance letters the Attorney General sent to other retailers—clearly highlight the continued focus of regulators on online tracking practices and opt-out signals such…

CPRA’s Employee and B2B Exemptions Appear Destined to Sunset

By Gregory P. Szewczyk, Timothy Dickens & Kelsey Fayer on August 31, 2022

Posted in California Consumer Privacy Act (CCPA), Compliance, Employment Law, Privacy Law and Regulation

The August 31 closing of the California legislative session likely marked the end of hopes for an extension of the limited exemptions for employee and business-to-business (B2B) data that have existed for the California Consumer Privacy Act (“CCPA”) since its inception. As a result, when the the California Privacy Rights Act (CPRA) goes into effect…

NYDFS Announces Draft Amendments to Cybersecurity Regulation

By Gregory P. Szewczyk & Philip N. Yannella on August 5, 2022

Posted in Compliance, Consumer Protection, Data Protection, Information Security Standards, New York Department of Financial Services (NYDFS), Personal Information, Regulatory Compliance

On July 29, 2022, the New York Department of Financial Services (“NYDFS”) released Draft Amendments to its Cyber Security Regulations. The Amendments, if adopted, would further regulatory trends and impose important new requirements on covered entities.

The Amendments contain three significant changes relating to ransomware. First, the Amendment specifically adds “the deployment of ransomware…

Trafficking and Child Exploitation Online: The Growing Responsibilities of Online Platforms

By Jill Steinberg & Kelly McGlynn on March 10, 2022

Posted in Compliance, Emerging Technologies, Internet Crimes

Introduction

Section 230 immunity, which long has protected entities that host online platforms from liability for their users’ actions, may be significantly cut back. Although the U.S. Supreme Court recently declined to hear Doe v. Facebook, which would have given it an opportunity to clarify and/or narrow existing interpretations of Section 230, there are calls from members of Congress to amend the law, in addition to agreement from executive agencies to do so. Section 230 may be amended further to create a duty of reasonable care, particularly with respect to online trafficking and child exploitation. Even in the absence of legislative change, lower courts have begun and may continue to chip away at what previously was considered Section 230’s broad immunity.
Continue Reading Trafficking and Child Exploitation Online: The Growing Responsibilities of Online Platforms

Predictions for Privacy & Data Security in 2022

By Philip N. Yannella, Kim Phan & Gregory P. Szewczyk on January 21, 2022

Posted in Banking and Financial Services, California Consumer Privacy Act (CCPA), Class Action, Colorado Law, Compliance, Consumer Protection, Cross-Border Data Flow, Cybersecurity, Data Breach, Data Transfer, Legislation, National Privacy Law, Privacy Law and Regulation

2021 proved to be a momentous year for privacy and data security law. The scourge of ransomware continued last year, leading to record-setting ransomware payments, a muscular response from the federal government, a hardening insurance market, and significant corporate anxiety. Two more U.S. states passed comprehensive data privacy laws in 2021. The FTC was very active, issuing new guidance for artificial intelligence (AI), publishing revisions to the GLBA Safeguards Rule, and bringing new enforcement actions. The U.S. Supreme Court issued a number of opinions that had the effect of narrowing the scope of key privacy statutes while biometric litigation in Illinois exploded. The European Commission promulgated new rules for cross-border transfers, and U.S. state regulatory enforcement activities ramped up. …
Continue Reading Predictions for Privacy & Data Security in 2022

FTC Guidance Affirms Breach Notification Obligations for Health Apps and Connected Devices

By Philip N. Yannella & Doris Yuen on September 27, 2021

Posted in Compliance, Data Breach, Federal Trade Commission (FTC), Health Care, Health Information Technology for Economic and Clinical Health Act (HITECH), Health Insurance Portability and Accountability Act (HIPAA), Internet of Things (IoT), Mobile Devices, Personal Information, Regulatory Compliance

On September 15, 2021, the Federal Trade Commission (“FTC”) issued a policy statement affirming the applicability of its Health Breach Notification Rule (the “Rule”), 16 CFR Part 318, to health apps and connected devices that are not subject to the Health Insurance Portability and Accountability Act (“HIPAA”) but are capable of drawing information from multiple sources. …
Continue Reading FTC Guidance Affirms Breach Notification Obligations for Health Apps and Connected Devices

California Enforcement Updates and Privacy Tools Highlight Regulatory Scrutiny of Right to Opt Out

By Philip N. Yannella & Doris Yuen on August 9, 2021

Posted in California Consumer Privacy Act (CCPA), Compliance, CPRA, Data Protection, Enforcement

With a little over a year of enforcing the California Consumer Privacy Act (CCPA) under its belt, the Office of the California Attorney General (OAG) recently held a press conference to announce updates on its CCPA enforcement efforts and promote new tools relating to California consumers’ right to opt out of the sale of their personal information. …
Continue Reading California Enforcement Updates and Privacy Tools Highlight Regulatory Scrutiny of Right to Opt Out

CCPA Regulations Go Into Effect – With a Few Final Changes

By Gregory P. Szewczyk, Kim Phan & Philip N. Yannella on August 19, 2020

Posted in California Consumer Privacy Act (CCPA), Compliance, Privacy Law and Regulation, State Law

On August 14, 2020, the California Office of Administrative Law (“OAL”) approved in part and withdrew in part the Regulations regarding the California Consumer Privacy Act (“CCPA”). While most of the changes are non-substantive, the OAL withdrew certain provisions of the Regulations and resubmitted them to the Attorney General’s Office for further review. Approved sections…

Menu

CyberAdviser