In addition to comprehensive data privacy laws in California, Colorado, Virginia, Utah and Connecticut, and more under consideration in states such as Texas, state legislatures in Iowa and Indiana have passed two new data privacy laws. Iowa’s governor has signed its law; while today, Indiana’s governor is expected to sign its law. More detail
As state legislatures around the country continue to introduce comprehensive consumer privacy bills, those states who have already enacted them continue to flesh out proposed regulations and other guidance, in some cases even after the effective dates of those laws. .
California. The new CPRA amendments (including expiration of the CCPA employee and B2B
As the FTC signals an intention of cracking down on children’s privacy, and as several comprehensive consumer privacy laws take effect in 2023 (with more on the way in legislatures across the country), some states have chosen to tackle children’s privacy more specifically at the state level. So far, only California’s has been enacted
On December 8, 2022, the Division of Corporation Finance within the Securities and Exchange Commission (“SEC”) published guidance on disclosure obligations related to recent disruptions in the crypto asset market. The Sample Letter to Companies Regarding Recent Developments in Crypto Asset Markets aims to improve compliance with disclosure obligations under SEC regulations.
Federal law requires
On October 7, 2022, President Biden signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities. The order aims to address concerns expressed by the Court of Justice of the European Union (CJEU) in the Schrems II case, in which it ruled the E.U.-U.S. Privacy Shield inadequate as a cross-border transfer mechanism.
Yesterday, on August 24, 2022, California Attorney General Rob Bonta (“AG”) announced a settlement with Sephora, Inc., resolving allegations that the company violated the California Consumer Privacy Act (“CCPA”). The order includes permanent injunctive relief as well as a $1.2 million fine. This action stems from a June 2021 enforcement sweep by the attorney general
On May 19, 2022, the Federal Trade Commission voted 5-0 to adopt a policy statement regarding increased scrutiny of the Children’s Online Privacy Protection Act (COPPA) violations involving education technology companies. The statement reaffirmed COPPA provisions around limiting educational technology’s collection, use, retention and security requirements for children’s data. The FTC stated:
“When Congress enacted
In November 2021, non‑state issued digital assets reached a combined market capitalization of $3 trillion, up from approximately $14 billion in early November 2016. Several global monetary authorities are exploring, and in some cases introducing, central bank digital currencies (CBDCs). On March 9, 2022, President Biden issued an executive order to mandate multiple reports and
On December 20, 2021, The National Institute of Standards and Technology (NIST) released its draft interagency report 8403 on “Blockchain for Access Control Systems”. As the report’s abstract states:
“Protecting system resources against unauthorized access is the primary objective of an access control system. As information systems rapidly evolve, the need for advanced access control
On November 18, 2021, the Federal Reserve, Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) approved a new final rule regarding reporting of cyber incidents for U.S. banks and service providers.
Under the new rule, a banking organization must notify its primary federal regulator of “any significant computer
