On July 26, 2023, the U.S. Securities and Exchange Commission adopted long-anticipated disclosure rules for public companies by a 3-2 party-line vote. The final rules apply both to U.S. domestic public companies, as well as any offshore company that qualifies as a “foreign private issuer” under SEC rules due to a strong nexus to the U.S. capital markets. The new rules are effective as soon as December 18, 2023, and we provide further details in this blog post.
Continue Reading SEC Adopts Final Public Company Cybersecurity Disclosure Rules

On April 6, 2023, the New York City Department of Consumer and Worker Protection announced it adopted final rules to implement NYC’s Local Law 144 regarding automated employment decision tools.
Continue Reading NYC DCWP Adopts Rules to Implement Law Governing Automated Employment Decision Tools and Sets July Enforcement Date

On October 14, 2022, the Federal Trade Commission announced it is extending the deadline by one month to submit comments on its Advanced Notice of Proposed Rulemaking on commercial surveillance and lax data security practices.
Continue Reading FTC Extends Deadline for Comments on Commercial Surveillance and Data Security Advance Notice of Proposed Rulemaking

New York recently became the first state to require attorneys to complete at least one credit of cybersecurity, privacy and data protection training as part of their continuing legal education requirements. The new requirement will take effect July 1, 2023.
Continue Reading New York Becomes First State to Require CLE in Cybersecurity, Privacy and Data Protection

On July 28, 2022, a federal judge approved TikTok’s $92 million class action settlement of various privacy claims made under state and federal law, which will resolve litigation that began in 2019 and involved claims that TikTok violated the Illinois Biometric Information Privacy Act and the federal Video Privacy Protection Act.
Continue Reading Judge Approves $92 Million TikTok Settlement

On June 22, 2022, the FTC submitted an updated abstract to the Office of Information and Regulatory Affairs indicating that it is considering initiating a rulemaking under Section 18 of the FTC Act to curb lax security practices, limit privacy abuses, and ensure that algorithmic decision-making does not result in unlawful discrimination.
Continue Reading FTC Provides Update on Security and Privacy Rulemaking Process

On May 25, 2022, Twitter reached a proposed $150 million settlement with the Department of Justice and the Federal Trade Commission to resolve allegations that the company deceptively used nonpublic user contact information obtained for account security purposes to serve targeted ads to users.
Continue Reading Twitter to Pay $150 Million to Settle Allegations of Data Misuse