On February 10, 2023, the California Privacy Protection Agency issued an Invitation for Preliminary Comments on Proposed Rulemaking on cybersecurity audits, risk assessments and automated decisionmaking.
Continue Reading CPPA Invites Preliminary Comments on Proposed CPRA Rulemaking on Cybersecurity Audits, Risk Assessments and Automated Decisionmaking

On February 3, 2023, the California Privacy Protection Agency Board unanimously approved for submission to California’s Office of Administrative Law proposed final California Privacy Rights Act regulations released on January 31, 2023 which update the draft CPRA regulations released on November 3, 2022.
Continue Reading CPPA Approves Proposed Final CPRA Regulations for Submission to OAL

On January 26, 2023, the National Institute of Standards and Technology released the Artificial Intelligence Risk Management Framework, which provides a set of guidelines for organizations that design, develop, deploy or use AI to manage its many risks and promote trustworthy and responsible use and development of AI systems.
Continue Reading NIST Releases New Framework for Managing AI and Promoting Trustworthy and Responsible Use and Development

On January 27, 2023, California Attorney General Rob Bonta announced a new enforcement sweep aimed at businesses with mobile apps and other businesses that fail to comply with the California Consumer Privacy Act.
Continue Reading California AG Announces CCPA Enforcement Sweep Aimed at Mobile Apps and Authorized Agent Requests

On December 1, 2022, the Office for Civil Rights at the U.S. Department of Health and Human Services released a Bulletin on the obligations of HIPAA covered entities and business associates under the HIPAA Privacy, Security, and Breach Notification Rules when using online tracking technologies.
Continue Reading HHS Releases Bulletin on Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates

On November 25, 2022, Ireland’s Data Protection Commission released a decision fining Meta Platforms, Inc. €265 million for a 2019 data leak involving the personal information of approximately 533 million Facebook users worldwide.
Continue Reading Irish Data Protection Commission Fines Meta €265 Million for Privacy Violations

On November 21, 2022, Meta Platforms, Inc. announced updated practices designed to protect the privacy of young people on Facebook and Instagram, including default privacy settings for new accounts, measures to limit unwanted interactions with adult users, and a tool to limit the spread of teens’ intimate images online.
Continue Reading Meta Announces New Privacy Measures to Protect Teen Users’ Privacy