Category: Policy & Legislation
SEC Adopts Comprehensive Cybersecurity Disclosure Requirements
On July 26, 2023, the Securities and Exchange Commission (SEC) voted at an open meeting to adopt final rules to mandate standardized cybersecurity disclosures by public companies. The final rules will: The final rules will become effective 30 days after publication in the Federal Register. Companies other than smaller reporting companies […]
White House Releases National Cybersecurity Strategy Implementation Plan
On July 13, 2023, the White House unveiled its National Cybersecurity Strategy Implementation Plan (NCSIP or implementation plan), following the release of the National Cybersecurity Strategy. The implementation plan identifies five pillars that align with the strategy: The administration identified two key motivations for the strategy and implementation plan: The […]
Irish Circuit Court Awards Damages for ‘Non-Material’ Harm Under GDPR
On 11 July 2023, the Circuit Court of Ireland awarded 2,000 euros in compensation to a plaintiff seeking ‘non-material damage’ under Article 82 of the General Data Protection Regulation, in what is believed to be the first case in the European Union to follow the recent Court of Justice of […]
California Attorney General Announces Investigative Sweep Focused on Employment-Related Data
On July 14, 2023, the office of the California attorney general announced an investigative sweep of “large California employers” to request “information on the companies’ compliance with the California Consumer Privacy Act (CCPA) with respect to the personal information of employees and job applicants.” The attorney general has previously conducted […]
Transatlantic Data Economy Simplified: European Commission Adopts Adequacy Decision for EU-US Data Privacy Framework
On 10 July 2023, the European Commission adopted its adequacy decision concluding that the EU-US Data Privacy Framework provides an adequate level of protection for personal data transferred from the European Union (EU) to US companies. Approved by the US following President Joe Biden’s executive order in October 2022, the framework […]
Enforcement of CPRA Regulations Delayed Until 2024
A California court order has delayed enforcement of the implementing regulations for the California Privacy Rights Act of 2020 (CPRA) until March 29, 2024. The California Superior Court of Sacramento County issued the court order on Friday, June 30 — one day before enforcement of the CPRA regulations was originally […]
One Step Closer to a European Law Regulating Artificial Intelligence
On 14 June 2023, the European Parliament adopted its negotiating position on the Artificial Intelligence (AI) Act. The European Parliament’s vote on the AI Act proposal marks a significant milestone toward the regulation of AI within the European Union, as it sets the baseline for inter-institutional negotiations, as further discussed […]
Washington State’s My Health My Data Act FAQ, Part Two – Requirements
In Part Two of our FAQ series on Washington state’s My Health My Data (MHMD) Act, we answer questions related to some of the act’s substantive requirements. As we explained in our previous FAQ, given the MHMD’s breadth – both to which entities and data it applies – regulated entities […]
Digital Health and Connected Device Companies Be on Alert: FTC Continues to Focus on Consumer Health Information in Recent Enforcement Action
In the post-Roe era, the federal government and state governments continue to focus on consumer digital health privacy. On May 17, 2023, the Federal Trade Commission (FTC) announced a settlement with Easy Healthcare Corporation (ECH) related to its Premom Ovulation Tracker mobile application. The settlement is reflected in the terms […]
Washington State’s My Health My Data Act FAQ, Part One – Applicability and Scope
In this multipart FAQ series, we break down Washington state’s My Health My Data (MHMD) Act (the “MHMD Act” or “Act”). The MHMD Act is arguably one of the most stringent privacy laws in the US, and it further complicates the already byzantine US-patchwork approach to privacy. While the MHMD […]