Privacy Compliance

Subscribe to Privacy Compliance

The White House recently issued its most extensive policy directive yet concerning the development and use of artificial intelligence through a 100-plus-page Executive Order titled “Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence” and accompanying “Fact Sheet” summary.

Following in the footsteps of last year’s Blueprint for AI Bill

Under an amendment to the Safeguards Rule under the Gramm-Leach-Bliley Act announced on October 27, 2023, the Federal Trade Commission will require a broad range of nonbank financial institutions to notify the FTC of instances of the unauthorized acquisition of unencrypted, personally identifiable, nonpublic financial information of more than 500 customers.

The new notification obligation

After a flurry of legislative activity across the United States related to kids’ privacy and safety online, in recent weeks, federal courts in Arkansas and California have enjoined two notable state laws. A federal court in Arkansas preliminarily enjoined the Arkansas Social Media Safety Act (AR SMSA) on August 31, the day before the statute was scheduled to take effect for social media platforms in scope. The U.S. District Court for the Western District of Arkansas found that the plaintiff, NetChoice, LLC, is likely to succeed on the merits of its constitutional challenges.

Less than three weeks later, on September 18, the U.S. District Court for the Northern District of California also preliminarily enjoined California’s Age-Appropriate Design Code (CA AADC), holding that NetChoice is likely to succeed in showing that 10 CA AADC requirements violate the First Amendment.Continue Reading Federal Courts Preliminarily Enjoin Arkansas Social Media Safety Act and California Age-Appropriate Design Code

This Update is the third installment of the ongoing series covering Washington state’s new My Health My Data Act. The original impetus for the act was the protection of reproductive rights, and it was signed into law alongside several other pieces of legislation focused on providing abortion and gender-affirming protections. However, because of the broad

As detailed in Part 1 of this ongoing series, Washington Governor Jay Inslee signed the state’s My Health My Data Act into law on April 27, 2023. The act is a first-of-its-kind law that creates new privacy protections relating to the collection, sharing, and selling of “consumer health data.” Most of the provisions of the

On Thursday, May 11, 2023, the Federal Trade Commission hosted a panel to discuss questions relating to the cloud computing industry. As we’ve previously covered, the FTC is currently seeking public comment as part of a Request for Information regarding cloud computing business practices. In part, the goal of the panel was to identify issues the FTC should explore in its RFI.Continue Reading FTC Hosts Panel Regarding Cloud Computing Business Practices

On April 27, 2023, Washington Governor Jay Inslee signed into law House Bill 1155, also known as the My Health, My Data Act. Its stated purpose is to protect “consumer health data” collected by entities not already subject to the federal Health Insurance Portability and Accountability Act, but one less obvious consequence of the Act

International, federal, and state privacy regulators highlighted their ambitious agendas at the 2023 IAPP Global Privacy Summit in Washington, D.C. They, along with speakers from an array of private organizations, underscored the following takeaways that should be top of mind for businesses:Continue Reading Ten Takeaways From the 2023 IAPP Global Privacy Summit

The exemption for employment-related and business-to-business (B2B) data under California’s privacy law expired on January 1, 2023. Without this exemption, information previously allowed to be excluded now falls within the scope of California’s extensive privacy requirements, including notice and transparency, data minimization, and data subject rights requests.

In this blog post, we provide an overview of the now-expired exemptions and offer next steps on the requirements that now pertain to employment and B2B data.Continue Reading With the CPRA Enforcement Deadline On the Horizon, Employment and B2B Data Could Mean Cloudy Skies For Those Unprepared