Board Governance & Cyber Risk Management

More Guidance from HHS on Online Tracking Technologies but Questions Remain

March 20, 2024 By Daniel Felz and David Keating

Health and Human Services (“HHS”) released updated guidance yesterday on the use of online tracking technologies (like cookies, pixels, software development kits (SDKs), etc.) by HIPAA Covered Entities (the “Updated Guidance”). The Updated Guidance amends and supersedes HHS’s original guidance on the use of digital tracking technologies published on December 1, 2022 (the “Prior Guidance”). […]

State AGs and Other Stakeholders Weigh In On Proposed COPPA Rule Update

March 14, 2024 By Karen Sanzaro and Hyun Jai Oh

The Federal Trade Commission (FTC) received over 270 comments to its notice of proposed rulemaking (NPRM) for the amendments to the Children’s Online Privacy Protection Rule (COPPA Rule) during the public comment period that ended on March 11, 2024. The NPRM reflects the FTC’s continued effort to modernize the COPPA Rule, which implements the Children’s […]

White House Executive Order to Regulate Transactions Involving Sensitive Personal Data of Americans

February 28, 2024 By Daniel Felz, David Keating, Jason Waite and John Lesko

Today, the White House announced that President Biden will sign an executive order designed to protect sensitive data of U.S. persons from exploitation by identified countries of concern. This executive order is expected to be published later today, and to direct the Department of Justice (DOJ) to issue regulations designed to address transactions that involve […]

FBI and CISA Warn of Chinese Cyberattacks on U.S. Critical Infrastructure

February 21, 2024 By Seol Namgoong, Kim Peretti and Lance Taubin

Recently, there has been a surge in alerts and warnings concerning cyberattacks by People’s Republic of China (PRC) state-sponsored threat actors on U.S. critical infrastructure. On February 7, 2024, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA), along with the National Security Agency and their counterparts in Australia, Canada, […]

California Court of Appeals Paves the Way for Enforcement of California Privacy Rights Act Regulations

February 13, 2024 By Dorian Simmons

On February 9, 2024, the California state court of appeals mandated a trial court to vacate its order and judgment prohibiting the California Privacy Protection Agency (the “Agency”) from enforcing the California Privacy Rights Act regulations (the “CPRA Regulations”) until March 29, 2024. The Agency will be able to enforce the CPRA Regulations upon the […]