In the wake of a recent court decision stalling the enforcement of regulations for the Consumer Privacy Rights Act (“CPRA”), the California Privacy Protection Agency (CPPA) has expressed its intent to carry on with privacy enforcement measures. These developments come amidst an extension of the enforcement block by a considerable nine months. While this may…
The California Privacy Protection Agency (CPPA or the “Board”) recently convened a discussion on significant ongoing matters. On July 14, the conversation was led by the Board’s New CPRA Rules Subcommittee (“the Subcommittee”). The focal points of this meeting were automated decision-making technology (ADMT), cybersecurity audits, and cybersecurity risk assessments. These aspects do not only…
After seven protracted years of anticipation, the Bermuda Government has declared that the remaining sections of the Personal Information Protection Act 2016 (PIPA) are scheduled to be implemented in their entirety on January 1, 2025. Up to this point, only subset portions of PIPA, primarily those pertaining to the induction of the Office of the…
On August 8, 2023, a third-party data breach was reported by the Missouri Department of Social Services (“DSS”), which impacted the MOVEit server of IBM Consulting – one of its vendors. The incident was found after IBM identified unauthorized access into its system that eventually led to the compromise of consumers’ sensitive information, including protected…
On Tuesday, Norway’s governmental regulatory authority, Datatilsynet, revealed that Meta Platforms is seeking to contest a fine imposed on it due to user privacy rights violation. Datatilsynet subsequently advised against the use of Meta products because of potential security and confidentiality issues. They argue that Facebook, a Meta subsidiary, doesn’t adhere to the parameters defined…
In an unusual occurrence in the corporate world, BNSF Railway, one of the largest freight train network operators in North America, is facing a lawsuit alleging that it hired a private investigator to follow one of its employees. The employee had reportedly taken a leave of absence due to an anxiety attack. Law.com first surfaced…
Consumer data privacy has taken center stage in recent years, particularly fueled by increasing oversight of tech companies and growing public concern. Yet, the landscape of federal policy-making in this area has been relatively sparse. As common ground emerges in the realm of bipartisan policymaking, significant developments are expected at the state level as it…
In recent years, the prevalence of Artificial Intelligence (AI) in Governance, Risk Management, and Compliance (GRC) has seen an exponential rise. This thrust into the future is laden with emerging developments in AI, Machine Learning, Natural Language Processing, Automation, and several other technologically advanced disciplines. The use of AI-driven technology within the realm of GRC…
Amid evolving digital privacy laws worldwide, the California Privacy Protection Agency (CPPA) and California Attorney General Rob Bonta have recently made bold moves on the frontier of data protection legislation. On August 4, 2023, they announced a petition against a decision that hampers the enforcement of the California Privacy Rights Act’s (CPRA) regulations. The petition,…
In an effort to bolster the cybersecurity of K-12 schools, the White House has launched a series of initiatives aimed at addressing the increasing cyber threats facing this critical sector. The details, reported on JD Supra, come on the back of a report that painted a sobering picture of the cybersecurity landscape for schools in…
In an insightful episode of his podcast series, “Clearly Conspicuous”, consumer protection attorney Anthony DiResta delves into the Federal Trade Commission’s (FTC) approach to data privacy and how it aligns with President Biden’s agenda. Access the full episode here. DiResta points out that although data privacy remains a key area of interest in the President’s…
Freedom Debt Relief, LLC (FDR) recently came under the spotlight as it announced a data breach that put confidential consumer information at risk. Filed with the Attorney General of Montana on August 3, 2023, the notice alerts to an instance of unauthorized access to certain critical documents holding sensitive data of consumers. Having occurred at…
In October 2022, the U.S. Securities and Exchange Commission (SEC) adopted Rule 10D-1, a measure that compelled national securities exchanges to establish listing standards. According to this rule, the listing of certain company security classes could be prohibited if the company did not adopt effective policies for the recovery of erroneously paid incentive-based executive compensation,…
When undertaking due diligence of an Food and Drug Administration (FDA)-regulated company, several pertinent questions must be asked. These inquiries ideally encompass key regulatory, compliance, and privacy-related aspects. As these sectors are critical in determining the suitability and viability of a potential acquisition or partnership, professionals operating both in law firms and large corporations should…
As part of a series of legal updates on the Washington My Health My Data Act (“WMHMDA”), writers at Quarles & Brady are exploring various factors and intricacies of the act that are influencing the privacy sector – and not just for the health and life sciences industry. This is the focus of the tenth…
The enduring rise of arbitration as a chosen route for dispute resolution has led to a surging requirement for arbitral awards to be acknowledged and executed in offshore jurisdictions. This developing trend is an observation underlined by some of the world’s strongest offshore jurisdictions— Bermuda, the British Virgin Islands, the Cayman Islands, Guernsey, Ireland, and…
The landscape of data privacy regulation at the state level has undergone swift transformations throughout 2022, a trend expected to continue into 2023. In the wake of the ever-changing digital environment, heightened concerns about privacy, and an increasing demand for transparency, companies across the United States have been required to adapt to new comprehensive privacy…
In a world where artificial intelligence (AI) is progressing at an astounding pace, the arrival of ChatGPT in November 2022 has notably aroused interest and popularity within this dynamic sector. According to an analysis by Bricker Graydon LLP, ChatGPT, a natural language processing AI chatbot, is a product of OpenAI — a group known for…
In 1963, the Pennsylvania Supreme Court issued a ruling suggesting that an individual does not have an expectation of privacy when a private investigator follows and photographs them on the street once they have claimed personal injuries sustained in a car accident. The argument was that the claimant “must expect reasonable inquiry and investigation to…
Legal professionals and corporate officers are being called to pay close attention as state regulators intensify enforcement of new privacy laws, a trend demonstrated by recent events in California and Colorado. The state regulators in these locations recently announced enforcement sweeps under privacy legislations that are either new or have been recently amended. State privacy…
In a significant development, Dentons, one of the world’s largest law firms, has terminated its combination with Dacheng Law Offices in China. The unprecedented move comes amidst an increasingly strict regulatory environment in China that includes novel mandates and requirements for data privacy, cybersecurity, governance, and capital control. According to reports, shifts in policy have…
A new report from McKinsey & Company reveals that many businesses have embraced the use of AI tools with minimal anticipation of potential risks these advanced technologies might present. This revelation suggests a significant lack in strategic measures to mitigate potential legal and ethical challenges that might arise from the application of AI tools in…
Professional and corporate law circles are abound with discussions on the recent alterations made by the Securities and Exchange Commission (SEC) to how public companies disclose their management and handling of cybersecurity risks and incidents. These rules, which heavily emphasize the need for transparency and responsibility, reference the standards set in the Securities Exchange Act…
In response to increasing concerns about the potential for unwanted collection and sharing of location data, Massachusetts lawmakers are looking to implement unique legislation in the form of the Massachusetts Location Shield Act. If materialized, this legislation would prohibit the sale of cellular location data across the state. Proposed in both the House of Representatives…
In a rapidly evolving legal landscape, the potential conflict between privacy laws and trade secret laws is becoming increasingly apparent. As we navigate what some have dubbed the ‘fourth industrial revolution’, facilitated by growing connectivity, prolific data generation, and the rise of analytics and artificial intelligence, this conflict will only become more pronounced. Privacy and…