California recently updated both its data security and breach notice laws to include genetic data. With the passage of AB 825, the data security law now includes in the definition of “personal information” genetic data. The information needs to
Continue Reading California Broadens Security and Breach Laws, Includes Genetic Data
California’s governor recently signed SB 41 into law. The bill enacts the Genetic Information Privacy Act (GIPA). The governor rejected a similar bill last year over concerns about COVID-19 public health efforts. To address that concern, this bill exempts tests
Continue Reading California Enacts New Privacy Law for Genetic Data
California recently passed AB 694, which makes a few “technical” changes to the California Privacy Rights Act (CPRA). Importantly, this amendment clarifies the timing for the new California Privacy Protection Agency’s (CPPA) rulemaking authority.
Continue Reading California Bill Clarifies Timing for CPRA Rulemaking Authority
Policymakers, regulators, and litigants are starting to bring privacy into antitrust matters. This is a move beyond the traditional focus on price restraints. Privacy are playing both offensive and defensive purposes, as we wrote recently.*
Continue Reading Privacy Playing Increased Role in Antitrust Enforcement
In the wake of increased ransomware attacks over the course of the last several months, the US Department of Treasury’s Office of Foreign Assets Control (OFAC) has updated a guidance it released last year on potential sanction risks if facilitating
Continue Reading Do You Have a Risk-Based Sanctions Compliance Program?: In the Event of a Ransomware Attack, OFAC Wants to Know
New York City recently amended its law governing third party delivery services, with the changes going into effect December 27, 2021. The revised law specifically permits restaurants to ask for customers’ personal information from the delivery service. The delivery service,
Continue Reading Impact of NYC’s New Delivery Service Data Sharing Requirement
California’s new privacy protection agency recently issued an invitation for public comments as part of its preliminary rulemaking activities for the California Privacy Rights Act (CPRA). Introduced and passed by ballot initiative in November 2020, CPRA amends and introduces several
Continue Reading California’s New Privacy Agency Seeks Feedback on CPRA
The European Securities and Markets Authority (ESMA), the EU’s securities markets regulator, recently announced that it fined UnaVista Limited, a UK-based trade repository, €238,500 ($280,000) for eight breaches of the European Market Infrastructure Regulation (EMIR). The EMIR includes rules regulating
Continue Reading European Securities Watchdog Fine Highlights Importance of Data Integrity and Regulatory Access
The FTC recently settled with a surveillance app operator over allegations that the company facilitated the secret harvesting of personal information. According to the FTC, the main users of Support King, LLC’s “SpyFone” app were bad actors who used
Continue Reading FTC Surveillance App Settlement Signals Concern Over Deceptive Tracking
The New York Department of Financial Service recently clarified security incident notification requirements and the use of multi-factor authentication. On its FAQ page, the NYDFS added two new questions and answers for financial services companies subject to 23 NYCRR Part
Continue Reading NYDFS FAQ Provides Clarity on Breach Notification and Security Requirements
