Time 5 Minute Read

On May 21, 2024, staff of the U.S. Securities and Exchange Commission published additional interpretive guidance on reporting material cybersecurity incidents under Form 8-K. This blog entry provides highlights from the guidance.

Time 2 Minute Read

On May 14, 2024, the UK National Cyber Security Centre (“NCSC”) and three major UK insurance associations (Association of British Insurers (“ABI”), British Insurance Brokers’ Association (“BIBA”) and International Underwriting Association (“IUA”)), published joint guidance on the approach to ransom payments (the “Guidance”). The Guidance was prepared for businesses experiencing a ransomware attack with the aim of reducing the overall impact of the incident on the business. The Guidance is intended, among other things, to reduce the number of ransoms paid by ransomware victims in the UK, and the size of the ransoms paid in cases where the victims do elect to pay. 

Time 4 Minute Read

On April 17, 2024, Colorado enacted H.B. 1058 which amends the Colorado Privacy Act (“CPA”) and makes Colorado the first state to explicitly extend the protections of a state comprehensive privacy law to neural data.

The Act expands the definition of “sensitive data” in the CPA to include two newly-added defined terms: “biological data” and “neural data”.

Time 2 Minute Read

On May 1, 2024, the UK Information Commissioner’s Office (“ICO”) and the UK regulator for communications and online safety, Ofcom, issued a joint statement regarding their collaboration on the regulation of online services where online safety and data protection intersect. This statement builds on the joint statement published in 2022. The latest statement outlines several areas of collaboration between the ICO and Ofcom.

Time 8 Minute Read

The Maryland legislature recently passed the Maryland Online Data Privacy Act of 2024 (“MODPA”), which was delivered to Governor Wes Moore for signature and, if enacted, will impose robust requirements with respect to data minimization, the protection of sensitive data, and the processing and sale of minors’ data.

Time 2 Minute Read

The Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth recently released a report on Enabling Beneficial and Safe Uses of Biometric Technology Through Risk-Based Regulations (the “Report”).  The Report examines global laws and regulations that target biometric data and encourages adoption of a risk-based approach.  According to the Report, biometric technology applications are growing and can provide societal and economic benefits. However, there are recognized concerns over potential harms for individuals and their rights, and data protection and privacy laws are increasingly targeting the collection and use of biometric data.

Time 11 Minute Read

On April 7, 2024, U.S. Sen. Maria Cantwell (D-WA) and U.S. Rep. Cathy McMorris Rodgers (R-WA) released a discussion draft of the latest federal privacy proposal, known as American Privacy Rights Act (“APRA” or the “Act”). The APRA builds upon the American Data Privacy and Protection Act (“ADPPA”), which was introduced as H.R. 8152 in the 117th Congress and advanced out of the House Energy and Commerce Committee but did not become law. As the latest iteration of a federal privacy proposal, the APRA signals that some members of Congress continue to seek to create a federal standard in the wake of—and in spite of—the ever-growing patchwork of state privacy laws.

Time 1 Minute Read

On April 9, 2024, Representatives Tim Walberg (R-MI) and Kathy Castor (D-FL) introduced the Children and Teens’ Online Privacy Protection Act (“COPPA 2.0.”) The bill serves as a companion to the Senate bill by the same name.

Time 1 Minute Read

The Connecticut Attorney General’s Office (“OAG”) has released a Report on the status of Connecticut’s Data Privacy Act (“CTDPA”), which took effect on July 1, 2023. The Report covers complaints, inquiries, and early enforcement activities under the CTDPA.

Time 4 Minute Read

On March 27, 2024, the Kentucky legislature passed a comprehensive data privacy bill, which was delivered to the Governor for signature.  If H.B. 15 is enacted, Kentucky will join the growing list of states with comprehensive data privacy laws. 


Subscribe Arrow

Recent Posts




Jump to Page