ARTICLES
September 5, 2024
Recent surveys indicate the widespread use of generative AI (artificial intelligence) and other artificial intelligence tools by employees in the workplace. This is hardly surprising, given the astonishing level of efficiencies that AI tools offer for content generation, predictions, recommendations, and a seemingly endless number of other outcomes.
June 12, 2024
The Federal Trade Commission (FTC) issued a final rule to amend its Health Breach Notification Rule (HBN Rule). The HBN Rule requires certain entities that handle unsecured personally identifiable health data to notify individuals, the FTC, and sometimes, the media of a breach of security.
May 29, 2024
On May 9, 2024, Governor Wes Moore signed into law the Maryland Online Data Privacy Act of 2024 (“MODPA”). MODPA will take effect on October 1, 2025, but will not apply to personal data processing activities occurring before April 1, 2026. MODPA is the latest in a series of state data privacy laws that impose comprehensive obligations on businesses that collect, process, or sell personal data of consumers and otherwise meet certain jurisdictional thresholds.
May 2, 2024
In addition to its well-publicized move to prohibit more than 150 million Americans from posting embarrassing dance videos of themselves on
TikTok (at least while it is Chinese-owned), the U.S. federal government recently adopted two significant federal data transfer prohibitions: (1) the Protecting Americans’ Data from Foreign Adversaries Act of 2024 (“PADFA”); and (2) an Executive Order entitled “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern.” Any organization that currently shares, or is considering sharing, sensitive personally identifiable information with anyone in China, Russia, Iran or any other “foreign adversaries” of the United States should determine whether these new prohibitions require them to change their data transfer activities.
February 26, 2024
On January 16, 2024, New Jersey became the fourteenth state to enact comprehensive privacy legislation after the passage of the New Jersey Data Privacy Act (“NJDPA”), adding to the growing national focus on consumer personal data protections, albeit at the state level.
September 20, 2023
On September 11, 2023, Delaware became the latest state to enact comprehensive privacy legislation, following the recent enactments of data privacy laws in Iowa, Indiana, Florida, Montana, Tennessee, Texas, and Oregon.
August 23, 2023
Under final regulations updated on March 1, 2023 and effective as of September 1, 2023, the National Credit Union Administration (“NCUA”) imposed stringent new cyber incident reporting requirements on federally chartered corporate credit unions and federally insured, state-chartered corporate credit unions (“FICUs”). FICUs that experience a cyber incident that rises to the level of a “reportable cyber incident” must now notify the NCUA (a) as soon as possible; and (b) no later than 72 hours after the FICU reasonably believes that it has experienced a reportable cyber incident or received a notification from a third party regarding a reportable cyber incident.
August 21, 2023
The U.S. data privacy regulatory framework is complex and is becoming more so with each passing day. On July 18, 2023, Oregon became the eleventh state to enact comprehensive privacy legislation, joining five other states (Iowa, Indiana, Montana, Tennessee, and Texas) that have passed “comprehensive” privacy legislation this year.
July 14, 2023
The Federal Trade Commission (“FTC”) is poised to issue updated Guides Concerning the Use of Endorsements and Testimonials in Advertising (the “Guides”) following a comment period on the proposed changes. This alert provides an overview of the proposed updates, which will impact all businesses that engage in any form of advertising and especially those advertising through social media and other online advertising channels.
June 27, 2023
On June 18, 2023, Texas became the eleventh state to enact comprehensive privacy legislation after the recent passage of the Texas Data Privacy and Security Act (“TDPSA”). Texas now joins Tennessee as the latest entry into an increasingly complex web of state privacy laws. On May 11, Gov. Bill Lee signed into law the Tennessee Information Protection Act (“TIPA”), which itself follows recent enactments of data privacy laws in Iowa, Indiana, Florida, and Montana.
June 6, 2023
The Federal Trade Commission (“FTC”) recently brought its first enforcement action under the Health Breach Notification Rule (“HBNR”). The associated record contains important lessons for app developers, privacy professionals, and other organizations in the health technology industry.
February 2, 2023
Parties to a bargain typically make representations and warranties (“RWs”) to one another. RWs expressly record the parties’ understanding as to the conditions and facts under which they enter into a deal. In an asset purchase or an M&A deal, they form a material part of the transaction and account for a significant portion of the negotiations.
July 25, 2022
With the passage of the Virginia Consumer Data Protection Act (Va. Code Ann. §§ 59.1-575 to 59.1-585) (“VCDPA”) on March 2, 2021, Virginia residents now have certain rights regarding their personal information, while business entities conducting business in Virginia may have new and additional data collection and protection obligations, if they meet certain jurisdictional thresholds.
VCDPA will become effective on January 1, 2023. As a result, organizations conducting business in Virginia may need to review their data collection and processing obligations for applicability of the VCDPA, and in preparation for the VCDPA taking effect.
This brief article is intended to highlight certain key requirements of the VCDPA.
July 11, 2022
If you operate a mobile app or any other online platform that features consumer reviews, there are important rules you need to know when it comes to procuring, organizing, or editing consumer reviews of your products or services.
The risks are real. Any actions you take that have the effect of distorting or misrepresenting consumer reviews may give rise to allegations of potentially deceptive conduct and enforcement actions by the Federal Trade Commission (“FTC”) under Section 5 of the FTC Act.
As a matter of general guidelines, a few key principles emerge from Section 5 of the FTC Act. Namely, companies (1) should be transparent about their review-related practices and (2) should treat consumer reviews in a way that truly reflects the feedback received from legitimate customers, presenting a true and holistic picture of the consumers’ experiences and interactions with the companies’ goods or services.
While these guiding principles may seem straightforward enough, many companies have engaged in practices that are, in fact, illegal. It’s important to know that, if adopted, these practices can give rise to significant liabilities. This brief article is intended to highlight, and help you avoid, some common pitfalls.
February 17, 2022
In celebration of International Mother Language Day, attorneys and staff from across the firm share their greetings in Cape Verdean Creole, Chinese (Mandarin & Cantonese), Dutch, Farsi, French, German, Korean, Mongolian, Russian, Serbo Croatian, Tagalog, Urdu and Romanian.
