President Biden recently released an Executive Order “addressing the extraordinary and unusual national security threat posed by the continued effort of certain countries of concern to access Americans’ bulk sensitive personal data and certain U.S. Government-related data.”
Continue Reading DOJ Regulations and White House Executive Order Will Target Protections for Americans’ Sensitive Personal Data Against Foreign Threat Actors
U.S. Federal Law
HHS Targets Small Behavioral Health Clinic for HIPAA Violations Following Ransomware Investigation
On February 21, 2024, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement and corrective action plan with Green Ridge Behavioral Health LLC. This marks the second such settlement with a HIPAA-regulated entity for violations that were discovered following a ransomware attack, according to HHS. …
Continue Reading HHS Targets Small Behavioral Health Clinic for HIPAA Violations Following Ransomware Investigation
FTC Proposes Measures to Combat AI Impersonation Threats
The Federal Trade Commission recently announced a public comment period for a supplemental Notice of Proposed Rulemaking that would ban the impersonation of individuals through the use of AI technologies.
Continue Reading FTC Proposes Measures to Combat AI Impersonation Threats
An Update on the SEC’s Cybersecurity Reporting Rules
As we pass the two-month anniversary of the effectiveness of the U.S. Securities and Exchange Commission’s Form 8-K cybersecurity reporting rules under new Item 1.05, this blog post provides a high-level summary of the filings made to date. …
Continue Reading An Update on the SEC’s Cybersecurity Reporting Rules
HHS Office for Civil Rights Publishes Cybersecurity Resource for HIPAA Implementation
On February 16, 2024, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) and the National Institute of Standards and Technology (“NIST”) published a final version of Special Publication 800-66 Revision 2, “Implementing the Health Insurance Portability and Accountability Act (“HIPAA”) Security Rule: A Cybersecurity Resource Guide.” The publication features guidance…
Senators Markey and Cassidy Announce Additional “COPPA 2.0” Sponsors and Update Bill Text
On February 15, 2024, Senators Edward J. Markey (D-Mass.) and Bill Cassidy (R-La.) announced the addition of co-sponsors Senators Ted Cruz (R-Texas) , and Maria Cantwell (D-Wash.) to an updated version of the proposed Children and Teens’ Online Privacy Protection Act bill.
Continue Reading Senators Markey and Cassidy Announce Additional “COPPA 2.0” Sponsors and Update Bill Text
FCC Issues Declaratory Ruling that TCPA Applies to AI-Generated Voice Calls
On February 8, 2024, the Federal Communications Commission declared that calls using AI-generated, cloned voices fall under the category of “artificial or prerecorded voice” within the Telephone Consumer Protection Act and therefore are generally prohibited without prior express consent, effective immediately.
Continue Reading FCC Issues Declaratory Ruling that TCPA Applies to AI-Generated Voice Calls
FTC Proposes Settlement with Blackbaud in Connection with Alleged Security Failures
On February 1, 2024, the Federal Trade Commission announced a proposed settlement with Blackbaud Inc. in connection with alleged security failures that resulted in a breach of the company’s network and access to the personal data of millions of consumers. …
Continue Reading FTC Proposes Settlement with Blackbaud in Connection with Alleged Security Failures
FTC Bans Data Broker from Selling Precise Consumer Location Data
On January 18, 2024, the Federal Trade Commission announced a proposed order against geolocation data broker InMarket Media, barring the company from selling or licensing precise location data. According to the FTC’s charges, InMarket failed to obtain informed consent from users of applications developed by the company and its third-party partners. …
Continue Reading FTC Bans Data Broker from Selling Precise Consumer Location Data
FTC Issues Proposed Order Against Data Broker X-Mode for Processing of Sensitive Location Information
On January 9, 2024, in its first settlement with a data broker concerning the collection and sale of sensitive location information, the Federal Trade Commission announced a proposed order against data broker X-Mode Social, Inc., and its successor Outlogic, LLC for unfair and deceptive acts or practices in violation of Section 5 of the FTC Act.
Continue Reading FTC Issues Proposed Order Against Data Broker X-Mode for Processing of Sensitive Location Information