-
Sep 20, 2023 | 
jdsupra.com | Briana Falcon |Jeffrey Johnston |Warner Scott
On September 12, 2023, Delaware governor John Carney signed the Delaware Personal Data Privacy Act (the “DPDPA” or the “Act”) into law. The DPDPA protects the privacy rights of consumers in Delaware and regulates the collection, use, and disclosure of personal data by businesses that conduct business in or target Delaware.
-
Sep 19, 2023 | 
lexology.com | Jeffrey Johnston |Briana Falcon |Warner Scott
On September 12, 2023, Delaware governor John Carney signed the Delaware Personal Data Privacy Act (the “DPDPA” or the “Act”) into law. The DPDPA protects the privacy rights of consumers in Delaware and regulates the collection, use, and disclosure of personal data by businesses that conduct business in or target Delaware.
-
Sep 6, 2023 | 
lexology.com | Michael Kurzer |Rajesh Patel |Jeffrey Johnston |Parker Hancock |Briana Falcon |Warner Scott
In advance of its September 8, 2023 board meeting, the California Privacy Protection Agency (“CPPA”), the state’s privacy regulatory body, has unveiled draft regulations that could significantly impact cybersecurity protocols, artificial intelligence (“AI”), and automated decision-making practices. Though these draft regulations are still under discussion and haven’t been officially implemented, it’s crucial for businesses to understand what the CPPA is considering.
-
Aug 2, 2023 | 
lexology.com | Jeffrey Johnston |Briana Falcon |Warner Scott
The Department of Homeland Security’s Transportation Security Administration (“TSA”) has issued an amended directive on pipeline security, SD-Pipeline-2021-02D (the “Directive”). The Directive is based on and supersedes the previous directive, SD-Pipeline-2021-02C, and is the latest in a series of TSA directives issued in the wake of the Colonial Pipeline ransomware attack.
-
Jul 26, 2023 | 
lexology.com | Sarah Morgan |Robert L. Kimball |Michael Kurzer |Jeffrey Johnston |Katherine Frank |Rajesh Patel | +3 more
On July 25, 2023, the Securities and Exchange Commission (“SEC”) voted to approve final rules governing cybersecurity disclosures of public companies (“Final Rules”).
-
Jul 13, 2023 | 
lexology.com | Michael Kurzer |Jeffrey Johnston |Briana Falcon |Warner Scott
On July 10, 2023, the European Commission (the “Commission”) adopted an adequacy decision for the EU-U.S. Data Privacy Framework (the “Framework”). The Framework provides companies that opt in with a legitimate means of transferring data subject to the European Union’s (“EU”) General Data Protection Regulation from the European Economic Area (“EEA”) to the United States.
-
Jun 8, 2023 | 
lexology.com | Jeffrey Johnston |Michael Kurzer |Briana Falcon |Warner Scott
The European Union’s (“EU”) Data Protection Commission (the “Commission”) recently fined Meta Ireland $1.3 billion (or €1.2 billion) for improper data transfers from the European Economic Area (“EEA”) to the United States in violation of the EU’s General Data Protection Regulation (“GDPR”). The decision applies to personal data like names, email and IP addresses, messages, viewing history, geolocation data and data used for targeted online ads.
-
Apr 4, 2023 | 
jdsupra.com | Michael Kurzer |Parker Hancock |Warner Scott
April 4, 2023 Michael Kurzer, Parker Hancock, Warner Scott Vinson & Elkins LLP + Follow x Following x Following - Unfollow Contact To embed, copy and paste the code into your website or blog: [co-author: Lindsay Moore] On March 29, 2023, California’s Office of Administrative Law (OAL) approved the California Privacy Protection Agency (CPPA) Board’s initial package of regulations under the California Privacy Rights Act (CPRA). The final CPRA regulations (“CPRA Regulations”) cover a wide array...
-
Mar 13, 2023 | 
lexology.com | Jeffrey Johnston |Parker Hancock |Briana Falcon |Warner Scott |Chelsea Teague
After a rash of significant cybersecurity breaches and ransomware attacks affecting a wide set of industries, ranging from pipelines to technology companies,1 the Biden administration released its much-anticipated National Cybersecurity Strategy on March 2, 2023. The plan builds upon the Biden administration’s previous efforts to protect the country’s cyberspace from malicious actors and hints at new cybersecurity regulations for critical infrastructure.
-
Mar 6, 2023 | 
jdsupra.com | Briana Falcon |Warner Scott |Jeffrey Johnston
The Supreme Court of Illinois recently held that use of a fingerprint system by White Castle, Inc. (“White Castle”) to authenticate employees, without the consent of the employees, entailed multiple violations of the Illinois Biometric Information Privacy Act (the “BIPA”), not a single violation.1 As a result, White Castle faces substantial liability if a class is certified and the plaintiffs’ claims are upheld.
