On February 16, 2023, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP held a virtual roundtable to discuss the role of age assurance and age verification tools as part of its Children’s Data Privacy Project. Representatives from CIPL member companies, data protection authorities, civil society and experts exchanged views on the effectiveness of different methodologies and emerging best practices to shield minors from harmful or inappropriate content.
Continue Reading CIPL Publishes Key Takeaways from Age Assurance and Age Verification Tools RoundtableFTC Announces Orders to Address Deceptive Advertising on Social Media and Video Streaming Platforms
Posted on
Posted in Enforcement, Information Security
On March 16, 2023, the Federal Trade Commission announced it issued orders to eight social media and video streaming platforms seeking Special Reports on how the platforms review and monitor commercial advertising to detect, prevent and reduce deceptive advertisements, including those related to fraudulent healthcare products, financial scams and the sale of fake goods. The FTC sent the orders pursuant to its resolution directing the FTC to use all available compulsory process to inquire into this topic, and using the FTC’s Section 6(b) authority, which authorizes the FTC to conduct studies that do not have a specific law enforcement purpose.
Continue Reading FTC Announces Orders to Address Deceptive Advertising on Social Media and Video Streaming PlatformsDOJ Publishes New Corporate Compliance Guidance Related to Communications Platforms and Messaging Applications
Posted on
On March 3, 2023, the U.S. Department of Justice (“DOJ”) released an update to its Evaluation of Corporate Compliance Programs guidance (“ECCP Guidance”). The ECCP Guidance serves as a guidance document for prosecutors when evaluating a corporate compliance program. Among other updates, the ECCP Guidance now includes new guidance for assessing how companies govern employees’ use of personal devices, communication platforms and messaging applications.
Continue Reading DOJ Publishes New Corporate Compliance Guidance Related to Communications Platforms and Messaging ApplicationsColorado Finalizes Rules Implementing the Colorado Privacy Act
Posted on
Posted in U.S. State Law
On March 15, 2023, the Colorado Attorney General’s Office finalized rules implementing the Colorado Privacy Act (“CPA”). The finalized rules were released with an official redline that reflects prior revisions of the rules dated December 21, 2022, January 27, 2023, and February 23, 2023. The rules will be published in the Colorado Register later this month and will go into effect on July 1, 2023, when the CPA takes effect.
Continue Reading Colorado Finalizes Rules Implementing the Colorado Privacy ActIowa House and Senate Unanimously Vote to Approve Comprehensive Privacy Legislation
Posted on
On March 6 and 15, 2023, both chambers of the Iowa Legislature unanimously voted to approve Senate File 262, which could make Iowa the sixth U.S. state to enact comprehensive privacy legislation. The bill is most similar to Utah’s comprehensive privacy law.
Continue Reading Iowa House and Senate Unanimously Vote to Approve Comprehensive Privacy LegislationUK ICO Issues Updated Guidance on AI and Data Protection
Posted on
Posted in Information Security, International
On March 15, 2023, the UK Information Commissioner’s Office (“ICO”) published an updated version of its guidance on AI and data protection (the “updated guidance”), following requests from UK industry to clarify requirements for fairness in AI.
Continue Reading UK ICO Issues Updated Guidance on AI and Data ProtectionInternational Data Transfers: Time to Rethink Binding Corporate Rules
Posted on
This is an excerpt from Centre for Information Policy Leadership (“CIPL”) President Bojana Bellamy’s recently published piece in the IAPP “Privacy Perspectives” blog, and are the views of the author.
Continue Reading International Data Transfers: Time to Rethink Binding Corporate RulesSEC Brings Cyber Disclosure Enforcement Action
Posted on
On March 9, 2023, the U.S. Securities and Exchange Commission (SEC) announced settled administrative charges against Blackbaud Inc. The case stems from disclosures Blackbaud made to investors regarding a 2020 ransomware attack that targeted donor data management software the company provides to non-profit organizations.
Continue Reading SEC Brings Cyber Disclosure Enforcement ActionUtah Legislature Passes Bills Restricting Social Media Accounts for Minors
Posted on
Posted in Enforcement, U.S. State Law
On March 1-3, 2023, the Utah legislature passed a series of bills, SB 152 and HB 311, regarding social media usage for minors. For social media companies with more than five million users worldwide, SB 152 would require parental permission for social media accounts for users under age 18, while HB 311 would hold social media companies liable for harm minors experience on the platforms. Both bills have been sent to the governor’s desk for signature.
Continue Reading Utah Legislature Passes Bills Restricting Social Media Accounts for MinorsTSA Announces New Cybersecurity Requirements for Airport and Aircraft Operators
Posted on
Posted in Cybersecurity, Information Security
On March 7, 2023, the Transportation Security Administration (“TSA”) announced the issuance on an emergency basis of a cybersecurity amendment to the security programs of certain TSA-regulated airport and aircraft operators, as part of the U.S. Department of Homeland Security’s initiatives to improve the cybersecurity of U.S. critical infrastructure.
Continue Reading TSA Announces New Cybersecurity Requirements for Airport and Aircraft Operators