Legislative and regulatory activity continues apace, with four states making changes to their data privacy and cybersecurity legislation in the past month alone. West Virginia and Mississippi enacted new legislation while Virginia and Utah amended their existing data breach notification laws. Virginia On March 18, 2019, Virginia amended its data breach notification statute. (VA HB […]
Privacy
Privacy for All and Employees Excluded: Amendments to the CCPA That Have Traction
When first introduced on February 22, 2019, AB 1760 aimed to merely fix a few typographical errors in the California Consumer Privacy Act of 2018 (the “CCPA”). However, when AB 1760 was first amended on April 4, 2019, the bill turned into a wholesale replacement of the CCPA with the “Privacy For All Act of […]
The Coming Regulation of Artificial Intelligence? EU Publishes AI Guidelines
The European Commission High-Level Expert Group on Artificial Intelligence released on April 8, 2019 the final version of its Ethics Guidelines for Trustworthy AI (the “Guidelines”). This is the first significant guidance issued in Europe regarding Artificial Intelligence and follows an extensive public comment process. While the Guidelines are not binding law, the creation of the […]
CCPA Carve-Out for Online Advertising? Proposed Amendment Exempts Certain Advertising Data from Do-Not-Sell Restrictions
California passed the California Consumer Privacy Act (CCPA) in September 2018, and the CCPA enters into force on January 1, 2020. One of the CCPA’s core elements is a right for consumers to know when a company is selling their data, and to opt-out of data sales at any time. This was the primary focus […]
FTC Announces New Cybersecurity Requirements, Privacy Rule Update
In March, the Federal Trade Commission announced proposed updates to two key privacy and security regulations, the Safeguards Rule and Privacy Rule. Both rules implement regulations under the federal Gramm Leach Bliley Act, and the FTC seeks comments for both. The FTC’s proposed update to the Safeguards Rule would impose a number of information security […]