Publications
-
04.19.2024The American Privacy Rights Act: Could This Be the One?UpdatesSen. Maria Cantwell (D-WA) and Rep. Cathy McMorris Rodgers (R-WA) released a discussion draft of the American Privacy Rights Act on April 7, 2024. This announcement of a bipartisan, bicameral proposal for a federal comprehensive consumer privacy law was a significant—and unexpected—development in longstanding efforts to adopt federal privacy legislation.
-
11.13.2023The New Health Privacy Landscape—Out of the Frying Pan and Into the FireUpdatesJust a few years ago, the legal landscape governing health-related personal information was relatively simple: Protected Health Information was regulated under HIPAA. Today, by contrast, the privacy of health-related personal information is under close scrutiny by the FTC, the U.S. Department of Health and Human Services’ Office for Civil Rights and state regulators.
-
08.01.2023Cybersecurity Implementation Plan Offers a Roadmap for Cyber PrioritiesUpdates
The Biden Administration recently released the implementation plan for the National Cybersecurity Strategy. The Plan includes initiatives for new cybersecurity regulations, new and expanded liability regimes, broad public and private engagement, and new procurement obligations and funding opportunities. Companies should pay close attention to opportunities to help shape new regulatory and liability schemes and should also anticipate greater scrutiny of cybersecurity issues that affect customers and supply chains.
-
07.12.2023Enforcement of CPRA Regulations Delayed but Don’t Abandon PrivacyUpdatesThe day before the California Privacy Rights Act became enforceable on July 1, we learned that enforcement of the first set of implementing regulations finalized by the California Privacy Protection Agency under the CPRA is delayed until March 29, 2024. Prior to the June 30 ruling by a California Superior Court judge, the Regulations were set to become immediately effective on the CPRA’s July 1 effective date.
-
04.25.2023Ten Takeaways From the 2023 IAPP Global Privacy SummitBlogsInternational, federal, and state privacy regulators highlighted their ambitious agendas at the 2023 IAPP Global Privacy Summit in Washington, D.C.
-
03.28.2023Be Kind, Don’t Rewind: The VPPA’s Reemergence in Privacy Class-Action LitigationUpdatesThis Update discusses a spate of recent class action lawsuits asserting claims under the Video Protection Privacy Act.
-
03.23.2023Sector-Based Cybersecurity Requirements for Critical Infrastructure, From Our Water Systems to the SkiesUpdatesCritical infrastructure companies should expect substantial new federal cybersecurity requirements based on the National Cybersecurity Strategy that President Biden announced on March 2, 2023. After the Administration announced the Strategy, the EPA released a memorandum addressing cybersecurity in public water systems and TSA released an aviation cybersecurity amendment.
-
03.07.2023FERC Establishes New Monitoring Requirements for Bulk Electric SystemsUpdatesThe Federal Energy Regulatory Commission has published a final rule calling for the North American Electric Reliability Corporation to develop standards for internal network cybersecurity monitoring that will be required for all high-impact bulk electric systems and medium-impact bulk electric systems with external roundtable activity and conduct a study of the security of other bulk electric systems.
-
02.07.2023Almost There and Starting Again: CPPA Votes To Finalize Regulations and Launches Round TwoBlogsThe Board of the California Privacy Protection Agency (CPPA) approved a rulemaking package covering Sections 7000–7304 of their draft regulations on February 3, 2023.
Presentations
-
12.13.2023