Search:

Recent Posts

Popular Topics

Contributors

Archives

Legal developments in data, privacy, cybersecurity, and other emerging technology issues

Data breaches in the healthcare industry are a costly and legally evolving issue. The sophistication of threat actors and their ability to navigate IT systems using constantly changing tactics has made it difficult to predict and, in some cases, respond to a breach. The recent aggressive enforcement by the Federal Trade Commission (the “FTC”) of its Health Breach Notification Rule (the “HBNR”), as well as its proposed changes to the HBNR, have expanded the factors companies must consider when analyzing and responding to potential breaches of health data.

On November 22, 2023, the Federal Communications Commission issued a proposed rule that likely will considerably alter the online lead generation industry, including the use of comparison shopping websites. The proposed rule addresses a number of areas, but, notably, the rule would require texters and callers using certain regulated technologies to obtain prior express written consent from a single seller at a time to comply with the Telephone Consumer Protection Act (“TCPA”). The FCC is expected to pass the rule during its December 13, 2023 meeting. 

Topics: FCC, FTC, Marketing, TCPA

Last week, the FTC amended its Gramm-Leach-Bliley Safeguards Rule, supplementing the additions to the rule that it announced in 2021 and that have been in effect since June 2023. The recent amendment will require nonbank financial institutions to notify the FTC when there is an unauthorized acquisition of unencrypted customer information involving 500 or more consumers. This notification requirement, which is scheduled to go into effect in May 2024, adds to the growing list of notifications that a company must consider after a data incident, including the SEC’s recently enacted rules requiring registrants to disclose material cybersecurity incidents.

Topics: Data Breach, FTC, GLB

On Sept. 5, the U.S. Department of Justice announced its settlement with Verizon Business Network Services LLC, a Verizon Communications Inc. subsidiary, in which Verizon agreed to pay $4.1 million to settle certain False Claims Act allegations related to cybersecurity.

The settlement resolves allegations that Verizon's Managed Trust Internet Protocol Service, or MTIPS, which was designed to provide federal agencies with secure connections to public internet and other networks, did not satisfy certain cybersecurity controls related to contracts with the U.S. General Services Administration from 2017 to 2021.

In April 2023, Kyland Young, a star from the popular reality TV show Big Brother, brought a right of publicity claim against NeoCortext, Inc., the developer of a deepfake software called Reface. See Young v. NeoCortext, Inc., 2:23-cv-02486 (C.D.CA filed Apr. 3, 2023). Young claimed that NeoCortext’s Reface, “which uses an artificial intelligence algorithm to allow users to swap faces with actors, musicians, athletes, celebrities, and/or other well-known individuals in images and videos,” violates California’s right of publicity law. Young’s case, which is still pending in the U.S. District Court for the Central District of California, raises important questions about deepfakes and their intersection with the law as it pertains to famous figures.

Last week, the FTC and HHS’ Office for Civil Rights (OCR) sent a joint letter to approximately 130 hospitals and telehealth providers concerning the privacy and security risks related to the use of online tracking technologies integrated into their websites or mobile apps.  The agencies assert that these tracking technologies – such as the Meta/Facebook pixel and Google Analytics – gather identifiable information about users when they interact with a website or mobile app, often without users’ knowledge and in ways that are hard for users to avoid.

Topics: FTC, HIPAA

According to a study conducted by the Federal Research Division of the Library of Congress as of 2018, counterfeiting was identified as the largest criminal enterprise in the world, with domestic and international sales of counterfeit and pirated goods totaling between an estimated $1.7 trillion and $4.5 trillion a year.

On June 18, 2023, Texas Governor Greg Abbott signed the Texas Data Privacy and Security Act (TDPSA) into law, making Texas the next state to enact a comprehensive state-wide data privacy statute. The TDPSA will take effect on July 1, 2024, and applies to businesses that produce a product or service that is “consumed” by Texas residents, and process or engage in the sale of personal data.

Last updated: November 7, 2023

To assist privacy practitioners keep track of new state laws, below is a chart containing links to the major enacted state privacy laws and their respective regulations.  Bookmark this page, and we will update this chart periodically as new laws are enacted.

Since the arrival of AI programs like OpenAI’s ChatGPT, Google’s Bard, and other similar technologies (“Generative AI”) in late 2022, more programs have been introduced and several existing programs have been upgraded or enhanced, including ChatGPT’s upgrade to ChatGPT-4. Our previous posts have identified the features and functionality of Generative AI programs and outlined the emerging regulatory compliance requirements related to such programs. This post discusses how regulatory agencies worldwide have begun to address these issues.

Jump to Page

By using this site, you agree to our Privacy Policy and our Disclaimer.