Privacy & Information Security Law Blog

The Centre for Information Policy Leadership at Hunton Andrews Kurth, in partnership with WeProtect Global Alliance, held a series of interactive workshops on digital age assurance as part of its Children’s Privacy Project. They are seeking interested professionals to join their working groups as part of several workshops.

On May 16, 2024, the Illinois House of Representatives passed S.B. 2979, following the bill’s passage in the Illinois Senate in April.   S.B. 2979 would amend the Illinois Biometric Information Privacy Act definitions and limit liability for businesses with multiple duplicative BIPA violations that relate to the same individual.

On June 7, 2024, the New York legislature passed a bill (S.B. S7694A), the Stop Addictive Feeds Exploitation (SAFE) for Kids Act, addressing children’s use of social media platforms. The bill is pending Governor Kathy Hochul’s signature.

On May 1, 2024, Utah’s Artificial Intelligence Policy Act entered into effect.

On May 10, 2024, the Vermont legislature passed HB 121, which was delivered to Governor Phil Scott for signature. HB 121 will enact the Vermont Data Privacy Act, the Vermont Data Broker Security Breach Notice Act and the Vermont Age-Appropriate Design Code.

On May 23, 2024, the European Data Protection Board adopted an Opinion on the use of facial recognition technologies by airport operators and airline companies to streamline the passenger flow at airports.

On May 17, 2024, Colorado became the first U.S. state to enact comprehensive artificial intelligence legislation. This blog entry provides highlights of the key requirements.

On May 21, 2024, staff of the U.S. Securities and Exchange Commission published additional interpretive guidance on reporting material cybersecurity incidents under Form 8-K. This blog entry provides highlights from the guidance.

On May 14, 2024, the UK National Cyber Security Centre (“NCSC”) and three major UK insurance associations (Association of British Insurers (“ABI”), British Insurance Brokers’ Association (“BIBA”) and International Underwriting Association (“IUA”)), published joint guidance on the approach to ransom payments (the “Guidance”). The Guidance was prepared for businesses experiencing a ransomware attack with the aim of reducing the overall impact of the incident on the business. The Guidance is intended, among other things, to reduce the number of ransoms paid by ransomware victims in the UK, and the size of the ransoms paid in cases where the victims do elect to pay. 

On April 17, 2024, Colorado enacted H.B. 1058 which amends the Colorado Privacy Act (“CPA”) and makes Colorado the first state to explicitly extend the protections of a state comprehensive privacy law to neural data.

The Act expands the definition of “sensitive data” in the CPA to include two newly-added defined terms: “biological data” and “neural data”.