On April 26, 2024, the Federal Trade Commission (FTC) announced that it had finalized changes to the Health Breach Notification Rule (HBNR). These changes, which go into effect on June 25, 2024, are intended to modernize aspects of the HBNR
In a welcome change for defendants, a recent amendment to the Biometric Information Privacy Act (“BIPA”) is expected to significantly curtail potential damages under the statute. SB 2979, which passed the General Assembly on May 16, 2024, clarifies that damages
Last week, the U.S. Securities and Exchange Commission (“SEC”) became the latest federal regulator to implement a data breach notification law. The commissioners unanimously voted to approve amendments to Regulation S-P (the “Final Rule”)—the regulation governing the use of consumers’
For years, we were able to tell most clients experiencing a potential data security incident that they likely had at least 30 days to notify any third parties about the incident – if they concluded it was a breach. There
Back in July, we shared some good news out of California when a state court judge ruled that the newest regulations under the California Consumer Privacy Act (“CCPA”) could not be enforced until March 2024. But last week, the agency
On November 30, 2023, the Illinois Supreme Court issued a much-anticipated decision in Mosby v. The Ingalls Memorial Hospital, answering a certified question about whether biometric information collected from health care workers is protected by the Illinois Biometric Information Privacy
President Biden issued an Executive Order on October 30, 2023 designed to place the United States at the forefront of law and regulation of Artificial Intelligence (AI). The Executive Order on the “Safe, Secure, and Trustworthy Development and Use of
In one of the first lawsuits to allege that generative AI companies violate the U.S. Copyright Act by using copyrighted works to train machine learning models, Judge Stephanos Bibas of the Delaware Circuit Court recently denied the majority of issues
Under UK data protection legislation, individuals, also called “data subjects”, have the right to make a data subject access request (DSAR) to organisations that “process” their personal data. Similar rights are required by both the EU’s General Data Protection Regulation
In a ruling that maintains the status quo created by the Illinois Supreme Court’s holding in Cothron v. White Castle System, Inc., 2023 IL 128004, the Seventh Circuit recently affirmed the trial court’s ruling that certain of the defendant’s