The California Privacy Protection Agency (CPPA) published California Privacy Rights Act (CPRA) proposed regulations (Regulations) on May 27, 2022. The Regulations provide helpful insight into the CPPA’s vision for the CPRA and help to better prepare businesses.
The Federal Trade Commission (FTC) and Department of Justice (DOJ) recently ordered Twitter to pay $150 million for violating a 2011 FTC order that prohibited the company from misrepresenting its privacy and data security practices.
As technology becomes increasingly a part of student learning, education technology (ed tech) companies, parents, and educators should stay abreast of children’s privacy rights under the Children’s Online Privacy Protection Act (COPPA).
During the past six months since Welcome to the Party, Quebec! Comparing Bill 64 to CCPA& the CCPA Progeny, two more states – Connecticut and Utah – have joined California, Colorado and Virginia in enacting laws similar to the landmark California Consumer Privacy Act (CCPA).
Over half a decade after the industry developed its own standards in light of a lack of meaningful guidance from regulators, the Department of Justice recently issued a guidance document on compliance with the Americans with Disabilities Act (ADA) for website accessibility.
The European Union (EU) and the United States (US) government have now reached an agreement in principle for a “Privacy Shield 2.0” to replace the original Privacy Shield Framework that was invalidated under the Schrems II decision in July 2020.
As more and more companies are developing and/or utilizing artificial intelligence (AI), it is important to consider risk management and best practices to address issues like bias in AI. The National Institute of Standards and Technology recently released a draft of its AI Risk Management Framework.
The California Attorney General sent a sweep of notices to businesses with loyalty programs alleging noncompliance with the California Consumer Privacy Act.
Effective January 1, 2022, California Senate Bill 41, the Genetic Information Privacy Act (GIPA), imposes requirements on the collection, use, and disclosure of genetic data collected or derived from direct-to-consumer genetic testing products and services.
The EDPB releases guidelines to clarify a simple but surprisingly confusing question, “What is a data transfer under the GDPR?” In light of the new guidelines, businesses should review potential transfer activities and ensure that the proper transfer mechanisms are in place.
On November 17, 2021, the Department of Defense (DoD) published an advanced notice of proposed rulemaking in connection with announced changes to the Cybersecurity Maturity Model Certification (CMMC) for the defense industrial base, styled “CMMC 2.0.”
In a Notice of Inquiry, the FCC is requesting public comment in a proceeding that will help determine the scope and nature of regulation of the “Internet of Things” for the next several decades.
Personal information is one of the most valuable assets held by any organization. When dealing with employee benefits, the type of personal information managed is quite sensitive and, therefore, requires a heightened level of care and an increased value.
In Blackbaud Inc. Customer Data Security Breach Litigation, No. 3:20-mn-02972 (D.S.C. Aug. 12, 2021), a federal judge found that defendant, Blackbaud Inc. was subject to the CCPA despite its motion to dismiss asserting that it did not qualify as a “business” under the Act.