Time 3 Minute Read

On November 7, 2024, the Commission Implementing Regulation 2024/2690 laying down rules for the application of the NIS2 Directive as regards technical and methodological requirements of cybersecurity risk-management measures and further specification of the cases in which an incident is considered to be significant with regard to certain digital service providers entered into force.

Time 2 Minute Read

The Supreme Judicial Court of Massachusetts, the state’s highest appellate court, recently held that website operators’ use of third-party tracking software, including Meta Pixel and Google Analytics, is not prohibited under the state’s Wiretap Act.

Time 1 Minute Read

Last month, the UK government resurrected previous attempts to reform UK data protection law and introduced the draft Data (Use and Access) Bill into the House of Lords. This blog entry provides a link to read more about the Bill.

Time 1 Minute Read

On November 20, 2024, Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements was published in the Official Journal of the EU.

Time 5 Minute Read

On October 31, 2024, the U.S. Department of Health and Human Services’ Office for Civil Rights announced two settlements over medical providers’ failures to comply with the HIPAA Security Rule, one with Plastic Surgery Associates of South Dakota and one with Bryan County Ambulance Authority.  The settlements mark the sixth and seventh OCR enforcement actions related to ransomware attacks with the latter being the first enforcement action in OCR’s Risk Analysis Initiative.

Time 3 Minute Read

As reported on the Hunton Employment & Labor Perspectives blog, on October 24, 2024, the Consumer Financial Protection Bureau (“CFPB”) issued a policy statement (known as a Circular) to explain the link between the Fair Credit Reporting Act (“FCRA”) and employers’ growing use of artificial intelligence (“AI”) to evaluate, rank and score applicants and employees. Employers should take note that the FCRA does not only apply to criminal history or credit reports. As the use of advanced data analysis and AI rise, employers should ensure that they are not running afoul of the FCRA’s requirements.

Time 2 Minute Read

The California Privacy Protection Agency recently announced that it is conducting an investigative sweep focused on enforcing requirements for data brokers to register with the CPPA by January 31, 2024, under California’s Delete Act.

Time 12 Minute Read

On November 8, 2024, the California Privacy Protection Agency Board hosted its public bimonthly meeting, during which it adopted new regulations applicable to data brokers and initiated the formal rulemaking process for proposed regulations for risk assessments, cybersecurity audits, automated decisionmaking technologies and AI, and insurance.

Time 2 Minute Read

On November 7, 2024, the UK Information Commissioner’s Office released a report exploring data privacy concerns in genomic technology.

Time 2 Minute Read

On November 1, 2024, the U.S. Department of Health and Human Services’ Office for Civil Rights and the Assistant Secretary for Technology Policy announced the release of a new version of the Security Risk Assessment Tool.

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page