Data security will be an enforcement priority for the FTC in 2023. The FTC, in its December 14, 2022, Commission meeting, highlighted four data security measures that it believes are particularly important for strong cybersecurity.

This Update discusses what these safeguards are and why the FTC believes they are so critical.

Click here to read

Last week, the period for comments closed on the California Privacy Protection Agency’s (CPPA) latest version of the draft implementing regulations for the California Privacy Rights Act (CPRA) amendments to the California Consumer Privacy Act (CCPA) (Revised Regs). The Revised Regs were first released with modifications and an Explanation of Modified Text of Proposed Regulations at the end of October. Shortly thereafter, the CPPA released the current version of the Revised Regs, which, compared to the initial draft regulations (Initial Draft Regs), include many substantive modifications to key compliance areas.

Continue Reading One Step Closer: California Privacy Protection Agency Reviews Comments for CCPA Regulations

California and New York recently passed laws that seek to change how social media platforms and social media networks design and report their content moderation practices. The New York law will require a hateful conduct policy and reporting mechanism starting in December 2022. The California laws will impose content policy and transparency requirements starting in

The Federal Trade Commission filed a lawsuit on August 29, 2022, against data broker Kochava Inc., alleging that the company’s sale of precise geolocation data is an unfair act or practice that violates Section 5 of the FTC Act. The case follows an FTC blog post warning that the agency would be vigilant in protecting

The Better Business Bureau recently announced the launch of the TeenAge Privacy Program, which proposes a self-regulatory framework for companies to use in order to protect teen consumers and guide the responsible collection and management of teen data. The CISR’s new framework helps to address recent attention to the privacy and safety of teens online

Businesses that allow customers to sign up for automatically renewing subscriptions must comply with a patchwork of state and federal regulations that apply to such subscriptions. The Federal Trade Commission recently issued an Enforcement Policy Statement Regarding Negative Option Marketing that addresses recurring subscription programs. Additionally, California, Colorado, Delaware, and Illinois have all either passed

On April 7, ​​Perkins Coie’s CXO Summit gathered more than 50 C-suite and board leaders for an executive leadership virtual forum addressing how technology is shaping healthcare’s future amid the COVID-19 pandemic.

The CXO Summit participants discussed how technology is being used to further combat COVID-19, monitor patient diagnostics, augment clinical workflows, detect fraud and data breaches, and inform effective treatments, among other key tasks and medical interventions.
Continue Reading Perkins Coie Convenes CXO Summit Addressing Future of Healthcare Technology

When creating a privacy program, it is important to look ahead and think strategically about who your audience might be. For businesses that might find themselves under the scrutiny of regulators and judges because of a lawsuit, unwanted publicity, or data breach, it is critical to be able to demonstrate substantial compliance for the program they’ve implemented. This can be accomplished by developing privacy programs that follow guidance promulgated by their audience—regulators and courts. This guidance includes the CNIL’s (the French Data Protection Authority’s) Six Steps for GDPR Compliance, along with Federal Trade Commission orders such as the Vizio 2017 order, which provide a roadmap for a comprehensive privacy program that can be distilled down to six main phases
Continue Reading Six Phases of Compliance for a Comprehensive Privacy Program

After conducting a data inventory (see Part 2 of our CCPA series), a business should assess its risks by benchmarking its policies and practices with applicable privacy laws and regulations. Conducting a gap analysis is a critical tool in identifying compliance gaps and developing a plan to bridge those gaps. See e.g.Stipulated Order for Permanent Injunction and Monetary Judgment, Federal Trade Commission & Others v. Vizio, Inc., No. 2:17-cv-00758 (D.N.J. Feb. 6, 2017), Document 1-3 at 5 (privacy program includes addressing privacy risks related to the development and management of new and existing products and services) and CNIL (the French Data Protection Authority) Guidance on Six Steps for GDPR Compliance (step three to identify actions to comply with current/future obligations and to prioritize such actions based on risks).
Continue Reading CCPA 12-Month Compliance Series Part 3: Conduct a Gap Analysis