President Biden recently released an Executive Order “addressing the extraordinary and unusual national security threat posed by the continued effort of certain countries of concern to access Americans’ bulk sensitive personal data and certain U.S. Government-related data.”
Continue Reading DOJ Regulations and White House Executive Order Will Target Protections for Americans’ Sensitive Personal Data Against Foreign Threat Actors

On February 21, 2024, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement and corrective action plan with Green Ridge Behavioral Health LLC. This marks the second such settlement with a HIPAA-regulated entity for violations that were discovered following a ransomware attack, according to HHS.
Continue Reading HHS Targets Small Behavioral Health Clinic for HIPAA Violations Following Ransomware Investigation

On February 16, 2024, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) and the National Institute of Standards and Technology (“NIST”) published a final version of Special Publication 800-66 Revision 2, “Implementing the Health Insurance Portability and Accountability Act (“HIPAA”) Security Rule: A Cybersecurity Resource Guide.” The publication features guidance

On February 15, 2024, Senators Edward J. Markey (D-Mass.) and Bill Cassidy (R-La.) announced the addition of co-sponsors Senators Ted Cruz (R-Texas) , and Maria Cantwell (D-Wash.) to an updated version of the proposed Children and Teens’ Online Privacy Protection Act bill.
Continue Reading Senators Markey and Cassidy Announce Additional “COPPA 2.0” Sponsors and Update Bill Text

On February 8, 2024, the Federal Communications Commission declared that calls using AI-generated, cloned voices fall under the category of “artificial or prerecorded voice” within the Telephone Consumer Protection Act and therefore are generally prohibited without prior express consent, effective immediately.
Continue Reading FCC Issues Declaratory Ruling that TCPA Applies to AI-Generated Voice Calls

On February 1, 2024, the Federal Trade Commission announced a proposed settlement with Blackbaud Inc. in connection with alleged security failures that resulted in a breach of the company’s network and access to the personal data of millions of consumers.
Continue Reading FTC Proposes Settlement with Blackbaud in Connection with Alleged Security Failures

On January 18, 2024, the Federal Trade Commission announced a proposed order against geolocation data broker InMarket Media, barring the company from selling or licensing precise location data. According to the FTC’s charges, InMarket failed to obtain informed consent from users of applications developed by the company and its third-party partners.
Continue Reading FTC Bans Data Broker from Selling Precise Consumer Location Data

On January 9, 2024, in its first settlement with a data broker concerning the collection and sale of sensitive location information, the Federal Trade Commission announced a proposed order against data broker X-Mode Social, Inc., and its successor Outlogic, LLC for unfair and deceptive acts or practices in violation of Section 5 of the FTC Act.
Continue Reading FTC Issues Proposed Order Against Data Broker X-Mode for Processing of Sensitive Location Information