The rapid spread of Artificial Intelligence (AI) systems in recent years has overlapped with the enactment of comprehensive privacy laws by multiple U.S. states. Aside from being generally applicable to AI systems in the same way as they are to…
On June 4, 2021, the European Commission introduced the new set of Standard Contractual Clauses (“SCCs”), a primary mechanism for lawfully transferring personal data from Europe to the United States under the European Union’s General Data Protection Regulation. These new SCCs replace…
Meghan Stoppel, who spent over a decade serving as an Assistant Attorney General, and later a Consumer Protection Chief, to both Democratic and Republican state attorneys generals, talks to Andy Baer, Chair of Cozen O’Connor’s Technology, Privacy and Data Security…
On March 9, 2022, the SEC proposed new rules (“Proposed Rules”) that would expand cybersecurity disclosures applicable to public companies subject to the reporting requirements of the Securities Exchange Act of 1934 (“Exchange Act”). Existing SEC rules do not explicitly require cybersecurity…
On November 18, 2021, the Office of the Comptroller of the Currency (“OCC”), the Board of Governors of the Federal Reserve System (“Board”), and the Federal Deposit Insurance Corporation (“FDIC”) (collectively, the “Agencies”) issued a new rule (the “Rule”) that…
On October 27, 2021, the Federal Trade Commission (“FTC”) announced new updates to the Gramm-Leach-Bliley Act (“GLBA”) by amending the Standards for Safeguarding Customer Information, known as the “Safeguards Rule,” and issuing a final rule (the “Final Rule”). The Safeguards…
While a uniform federal privacy law in the United States continues to be an uncertain prospect overshadowed by other national priorities such as infrastructure and COVID relief, state legislatures have pushed forward with their own privacy regimes, resulting in an…
This is the second installment of our summary of the Virginia Consumer Data Protection Act (“VCDPA”). In our first post, we covered the goals of the law as well as its applicability and thresholds, what qualifies as personal data, the…
On May 12, 2021, President Biden issued Executive Order No. 14028, entitled “Improving the Nation’s Cybersecurity”, setting out new and enhanced cybersecurity standards for federal government agencies and the commercial software products utilized by them. The Biden administration’s order comes…
Virginia recently joined California in enacting a comprehensive data protection law intended to protect the privacy of its residents. The Virginia Consumer Data Protection Act (the “VCDPA”) is scheduled to take effect on January 1, 2023, so impacted businesses have…