Last year, we wrote about updates from the Department of Justice (DOJ) and the DOJ’s proposed enforcement efforts and regulations implementing Executive Order 14117 “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Data by Countries of Concern”
Taft Privacy & Data Security Insights
Updates and analysis from Taft Privacy and Data Security attorneys
Blog Authors
Latest from Taft Privacy & Data Security Insights
Children’s Online Privacy Protection Act Amendments Effective June 23, 2025
As we reported early last year, the Federal Trade Commission (FTC) issued a notice of proposed rulemaking to the Children’s Online Privacy Protection Act rule (COPPA). On April 22, 2025, over a year after the notice of proposed rulemaking…
North Dakota Governor Signs Cybersecurity Governance Law for Financial Institutions
By Zachary Heck
On April 11, 2025, North Dakota Governor Kelly Armstrong signed HB 1127 (the Act) into law.
The Act, which takes effect on August 1, 2025, establishes new data security requirements for certain financial institutions and nonbanking financial service providers. In…
Click, Click Hooray: What Businesses Need to Know about Autorenewal Laws and Subscription Cancellation Requirements
Several states and the Federal Trade Commission (FTC) have implemented autorenewal laws aimed at (i) better protecting consumers and providing transparency in automatic renewals (e.g., subscriptions) and (ii) mandating easy cancellation processes to terminate such products.
Although state laws vary,…
California Privacy Enforcement Update: Verifying Consumer Requests and Banners Must Be Symmetrical
The California Privacy Protection Agency (“CPPA”) recently issued a decision requiring American Honda Motor Co. to pay a $632,500 fine and change certain business practices related to alleged violations under the California Consumer Privacy Act (“CCPA”). While not specifically related to…
Taft Takeaways: Class Action Insights and Updates
By Scot Ganow
Biometrics continue to be a hot issue and one primed for litigation and related liabilities. We in the Privacy and Data Security Practice are happy to share this upcoming Taft webinar, which will include a discussion on BIPA class action…
AI-Powered Fraud: Immediate Action Steps to Protect Companies from Next-Generation Payment Scams
The Google Threat Intelligence Group revealed a chilling reality: nation-states are weaponizing AI tools like Gemini for sophisticated cyberattacks. This new frontier of AI-powered fraud demands immediate attention from business leaders and general counsel, who stand at the confluence of…
UPDATE: FCC’s One-to-One Consent Rule Delayed, Then Overturned
As we previously discussed here, the Federal Communications Commission’s (FCC) new One-to-One Consent Rule, which amends the Telephone Consumer Protection Act (TCPA), was set to go into effect on January 27, 2025.
While the identified goal of the FCC…
Taft Wins First Data Breach Class Action to Reach Illinois Supreme Court: Key Takeaways
By Jaimin Shah
What does it take for a data breach plaintiff to have standing to sue in Illinois? More than a mere increased risk of harm, said the Illinois Supreme Court in a case where Taft represented the defendant, a large multi-specialty…
HIPAA Security Rule to Experience Major Updates in 2025
This month, the Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking in the Federal Register, which is intended to strengthen cybersecurity requirements for HIPAA-covered entities and business associates (the Proposed Rule). The comment period will…