The Consumer Financial Protection Bureau (the “CFPB”) recently announced that it will hold its first Tech Sprint to reduce regulatory burden and improve consumer understanding of financial services.  The CFPB describes its Tech Sprints as a model that:…

The Substance Abuse and Mental Health Services Administration (“SAMHSA”) recently modified 42 CFR Part 2 regulations which sets forth federal confidentiality rules governing substance use disorder information.  While these changes bring Part 2 closer in alignment to HIPAA, the additional modifications that the CARES Act requires (which will require aligning Part 2’s consent requirements more closely to HIPAA) are not addressed.  See our discussion by Elliot Golding and Kristin Bryan on the Triage Health law…

Following a winding path in the California Legislature, AB-1281 passed the CA Senate on Friday, August 28th, and the Assembly on Sunday, August 30th, and will now go to Governor Newsom for his signature. Governor Newson is not expected to veto the bill. AB-1281 amends the California Consumer Privacy Act (CCPA), extending the business-to-business and personnel/applicant carve-outs through January 1, 2022.…

In the midst of revising the Japan Civil Code and the foreign attorney laws, Japan has recently passed amendments to its data privacy law, the Act on the Protection of Personal Information (“APPI”).  Some of these changes put Japan’s law closer in line with the EU’s General Data Protection Regulation “GDPR” as to which both have recognized the adequacy of each other’s data privacy regimes.  As a result, transfers of personal information from Japan to…

The California Attorney General (“AG”) announced on Friday, August 14th, that the Office of Administrative Law (“OAL”) approved the final California Consumer Privacy Act (“CCPA”) regulations. The AG submitted the regulations to OAL for approval on June 1, 2020.  The final version includes several substantive changes where the AG “withdrew” provisions along with procedural and grammatical changes.  Although the AG did not explain the reasons for withdrawing several provisions in the Addendum to Final Statement …

The U.S National Institute of Standards and Technology (“NIST”) recently published its “Zero Trust Architecture,” which outlines a road map for cybersecurity measures across an organization.  NIST explained that the security concept was created with the purpose of “mov[ing] defenses from static, network-based perimeters to focus on users, assets, and resources.”  “Zero trust” is a term for a security model based on the principle that there is no implicit trust granted to assets or user…

What even might actually manage to have more geeks than Comic-Con? PrivacyCon! Ok, probably not, but on July 21, 2020 the FTC hosted their fifth annual PrivacyCon event, and for the first time it was entirely online. This event is designed to provide researched information on various important privacy topics. The FTC curates the event content based on submitted materials and moderates each session. This year’s topics were (1) health apps, (2) artificial intelligence, (3)…