In this month’s legal update on privacy and cybersecurity, we focus on some significant developments in legislation and federal actions. Both the Biden administration and the National Institute of Standards and Technology (NIST) have proposed changes to various aspects of cybersecurity that could have far-reaching consequences for law firms and corporations. Meanwhile, the states of…
As generative artificial intelligence technologies continue to develop, they carry with them legal implications that are only now starting to unfold through litigation in the United States. These new cases present the unprecedented questions raised by this constantly evolving technology. These questions include issues related to privacy, consumer safety, and intellectual property protection. A handful…
In an era marked by increased regulatory dynamics, successfully creating and managing a data-driven Compliance Program is no easy task. Firms, both large and small, must thread the needle of increasingly stringent regulations in a rapidly internationalizing global marketplace. Where it was once enough to simply keep abreast of one’s local regulatory environments, today, businesses…
The California Privacy Protection Agency (CPPA) has taken a dynamic step forward in the realm of data protection, releasing two new sets of draft regulations. These drafts, namely the Draft Cybersecurity Audit Regulations and the Draft Risk Assessment Regulations, address various cutting-edge issues related to data protection, which are gaining increasing resonance in today’s digital…
At a time when generative artificial intelligence (AI) lawsuits are becoming more common, legal technology providers and in-house legal teams are starting to take notice. As these lawsuits continue, various industry insights are arising that could prove useful for these firms and departments. One of these insights is the crucial understanding that legal technology and…
In the evolving landscape of data protection legislation, the rise in Data Subject Access Requests (DSARs) brings with it complexities and burdens that can present significant challenges to organizations. Generally, DSARs are legal requests made by individuals—referred to as “data subjects”—to obtain personal data an organization holds about them. This practice, codified in UK data…
In an open letter addressed to UK Finance, the United Kingdom’s Information Commissioner’s Office (ICO) has expressed concerns about the potential risks of fraud, money laundering, and problem gambling that have arisen alongside the rapid growth of the online betting and gaming industry. The ICO is urging UK Finance, the industry body for banking and…
In the contemporary landscape of proliferating data privacy legislation within the U.S., fostering proper data processing agreements (DPAs) with vendors has evolved into a vital facet of vendor management. It can also be one of the most intricate and labor-intensive aspects of ensuring data privacy compliance. This article delves into crucial aspects surrounding the organization…
Artificial Intelligence (AI) has undeniably transformed diverse industries, yet this progress necessitates significant responsibility. In particular, regulators across the European Union (EU) are venturing into proactive strategies to address compliance and data protection concerns around AI and generative AI. Of note, recent cases are demonstrating the critical need for regulation in this continually evolving sector….
As the modern world increasingly adopts Artificial Intelligence (AI) tools in various businesses, an important issue comes under the spotlight: data privacy. Privacy protection has become a crucial concern in the realm of AI. To create AI tools that uphold the sanctity of users’ privacy is indeed a significant challenge. However, it also offers a…
Where was all the buzz around Threads, the new social media application from Meta, when it first launched? The Meta platform, once known as Facebook, proudly announced that more than 30 million users had signed up within 24 hours of the app’s public launch. The application, which is currently closely associated with and requires an…
In recent years, the use of artificial intelligence (AI) has evolved significantly, seeping into various segments of the legal profession. One area which is profoundly impacted is eDiscovery and Information Governance. In particular, the advent and progression of AI’s predecessors, such as data analytics and predictive coding, have set the stage for these domains’ evolution….
The United States Department of Health and Human Services, Office for Civil Rights (OCR), has announced a settlement agreement. This agreement, which was publicized on June 15, 2023, involves Yakima Valley Memorial Hospital (Yakima), a not-for-profit community hospital. This settlement comes as a consequence of a breach of protected health information (PHI) at Yakima, which…
In the rapidly expanding digital landscape, the management and protection of Personally Identifiable Information (PII) during the eDiscovery process has become a crucial concern. With legislation worldwide such as the GDPR and the CCPA placing increased importance on data privacy, companies and law firms are under significant pressures to handle PII appropriately, or face heavy…
In a recent trend among law firms across the globe, there is a growing shift towards implementing in-office tracking. The phenomenon appears to be steadily gaining traction as the legal profession attempts to adapt to the changing expectations of work and the influence of technology. Details from a recent article published on Law.com, indicate that…
On August 28, 2023, the California Privacy Protection Agency (CPPA) unveiled discussion drafts detailing imminent regulations touching on cybersecurity audits and privacy risk assessments. The proposed rules were released ahead of the CPPA’s scheduled meeting on September 8, 2023. The drafts articulate extensive, laborious demands projected to exceed other existing state privacy laws and provisions….
Privacy policies have increasingly become an essential component of any business, especially for those dealing with large amounts of employee data. Many firms, from startups to multinational companies, rely on these policies to safeguard their employee’s data. However, a question remains: Are privacy policies sufficient to secure employee privacy? In a recent article penned by…
One of the most important areas of legal development, touching on both privacy and technology, is the rapidly changing landscape of biometric information legislation. The crux of this evolving area can be observed in Illinois, where recent partial dismissal of a critical Biometric Information Privacy Act (“BIPA”) class action lawsuit might lend support to legal…
UnitedHealthcare, in early September 2023, issued notification to various individuals across the nation about a recent data breach. An unauthorized party reportedly gained access to a UnitedHealthcare broker portal, creating a disturbing breach of privacy for consumers. The incident was first reported by Console and Associates, P.C. In their statement, UnitedHealthcare elaborated that the incident…
In a recent ruling, the Hong Kong Court of Final Appeal announced that the Hong Kong government has a duty to provide an “alternative legal framework for recognition of same-sex relationships”. The Court determined that the government’s long-term failure to deliver on this duty constituted an infringement of the constitutional right to privacy. However, it…
Medicaid recipients in Indiana were recently hit by an unforeseen setback, as the Indiana Family and Social Services Administration (“FSSA”) announced a significant data breach involving third-party software, MOVEit. This unfortunate event, released in an official notice by FSSA on September 1, 2023, reveals that the privacy of numerous CareSource enrollees was compromised. For those…
On August 29, 2023, the California Privacy Protection Agency (“CPPA”) unveiled a series of preliminary regulations on cybersecurity audits and risk assessments. This initiative may seem familiar to those who remember the CPPA’s repeated iterations of draft CCPA regulations. The CPPA liberally tagged this draft with numerous conditions, implying that we may revisit this discussion…
In Canada, across various jurisdictions, numerous unique implementations of data privacy legislature have emerged, each with its unique perspective and effects. An important example of such is Quebec’s Law 25. As JDSupra reports, this law is important not just for its regional impacts but also for its uniqueness in the broader context of global data…
On November 30, 2022, OpenAI launched a sophisticated new artificial intelligence chatbot, ChatGPT, that quickly captured the attention of the corporate world. Within a short span, it managed to attract over 100 million users making it one of the fastest growing applications ever released. While the adoption rate has been impressive, it is the potential…
President Joe Biden has chosen former partner of Sidley Austin, Christopher Fonzone, to head the Office of Legal Counsel (OLC) within the U.S. Department of Justice. This announcement was made on Tuesday, indicating a replacement for Christopher Schroeder who left his position earlier in the summer. The OLC plays a key role within federal governance,…