December 2024

This Client Alert is a monthly update on privacy and cybersecurity developments as posted on our Privacy & Information Security Law Blog. If you would like to receive email alerts when new posts are published, please visit our blog and enter your email address in the subscribe field.

Recent posts on the Privacy & Information Security Law blog include:

• HHS Announces Notice of Proposed Rulemaking to Update the HIPAA Security Rule
• EDPB Publishes Opinion on Processing of Personal Data in the Context of AI Models
• FTC Provides Recommendations on Preventing and Mitigating Cyber Risks in Developing AI and Other Products
• State Comprehensive Data Privacy Laws Go into Effect in January 2025
• Texas Attorney General Launches Investigation into 15 Tech Companies
• CNIL Issues Notices Regarding Non-Compliant Cookie Banners
• Irish Regulator Fines Meta 251 Million Euros Following Investigation into Data Breach
• Colorado Issues Proposed Draft Amendments to CPA Rules Addressing Biometric Data, Minors’ Online Privacy, and Opinion Letters and Interpretive Guidance
• CIPL Publishes Discussion Paper on Applying Data Protection Principles to Generative AI
• HHS Imposes Penalty Against Children’s Hospital for Violations of HIPAA Privacy Rule and Security Rule
• GoodRx Agrees to Pay $25 Million Settlement for Privacy Violations
• D.C. Circuit Upholds Protecting Americans’ Data from Foreign Adversary Controlled Applications Act as TikTok Ban Dispute Edges Closer to Supreme Court
• FTC Issues Proposed Consent Order Against IntelliVision for False or Misleading Claims about Its AI Facial Recognition Technology
• Agencies Focus on National Security and AI Directives Pursuant to Executive Orders
• EDPB Publishes Guidelines on Data Requests from Third Country Authorities
• Australian Privacy Law Amendments and Social Media Age Restrictions Enacted
• FTC Says Smart Products Fail to Disclose Information on Duration of Software Support
• An Update on SEC Cybersecurity Reporting
• TSA Announces Proposed Pipeline, Railroad, Bus Cybersecurity Rules
• CIPL Responds to DOJ NPRM on Bulk Transfers of Americans’ Sensitive Personal Data
• NY AG and NYDFS Announce $11.3 Million Data Breach Settlement with GEICO and Travelers
• Recent Texas Case Highlights Increasing Relevance of Privacy and Security Laws to E-Discovery Process