On October 1, 2022, the Colorado Attorney General‘s Office announced that it had submitted the first draft of its Rules implementing the Colorado Privacy Act.

The draft Colorado Rules run only 38 pages long—in notable contrast to the draft California regulations that run 66 pages (albeit in redline).  Moreover, the draft Colorado Rules address

Colorado Attorney General Philip Weiser gave his first public comments since April last Thursday at Ballard Spahr LLP’s 2022 Annual Colorado Privacy Summit.  In an hour-long fireside chat with Ballard Spahr’s Co-Chair of Privacy and Data Security Greg Szewczyk, AG Weiser discussed the rulemaking process under the Colorado Privacy Act.  A recording of the interview

Businesses operating in New York City should be aware of a local law addressing the use of automated employment screening and decision-making tools coming into effect on January 1, 2023.  This law applies broadly to employers and employment agencies operating in New York City that target New York City residents using what it refers to

In this initial episode of Ballard Spahr’s new privacy and data security webcast series, Phil Yannella and Greg Szewczyk – co-chairs of the Privacy & Data Security Group – discuss regulatory scrutiny concerning the use of “dark patterns” to steer website visitors into purchasing products or making online choices they otherwise would not make.

Ballard Privacy & Data Security partners Phil Yannella, Kim Phan and Greg Szewczyk recently wrote an article on managing compliance with the growing patchwork of state privacy laws for the Media Law Resource Center (MLRC).  The article was made available at last week’s  Legal Frontiers in Digital Media virtual conference sponsored by the MLRC and will appear in an upcoming edition of “Legal Frontiers in Digital Media,” MLRC Bulletin (June 2021).  A copy of the article is available here:
Continue Reading  Managing Compliance with a Patchwork of State Privacy Laws

Sixth Post in an Extended Series on Legislative Changes to BSA/AML Regulatory Regime

As we have blogged, the Anti-Money Laundering Act of 2020 (“AMLA”) contains major changes to the Bank Secrecy Act (“BSA”), coupled with other changes relating to money laundering, anti-money laundering (“AML”), counter-terrorism financing (“CTF”), and protecting the U.S. financial system against

The latest wrinkle in the ever-changing world of data privacy litigation is the recent surge in state wiretap claims. What began as a trickle over the summer of 2020 has grown into a clear wave as plaintiffs have filed dozens of lawsuits against prominent tech, eCommerce, entertainment, and retail companies under state wiretap laws.  These lawsuits seek statutory damages for the alleged interception of consumers’ electronic communications through the defendant’s use of various website analytic tools.  Insofar as the use of website analytics tools is ubiquitous on the internet, privacy litigators are carefully watching the progress of these state wiretap claims. If successful, state wiretap claims could become the next TCPA, threatening virtually every company with a sizable web presence in the U.S.
Continue Reading  Exploring the Rise in State Wiretap Claims

On September 22nd, the Federal Trade Commission (FTC) hosted an event, “Data To Go: An FTC Workshop on Data Portability,” to examine the potential benefits and challenges to consumers and competition raised by data portability. Data portability means giving consumers the ability to receive a copy of their data for their own use

With the ongoing covid crisis leaving businesses of all sizes concerned about the short and medium term future, the intimidating task of considering a liquidation or restructuring is inevitably starting to become a reality.  Although privacy in the bankruptcy context is nothing new—especially in the context of personally identifiable information (“PII”) held by a company—it