On Aug. 2, 2024, Illinois Gov. J.B. Pritzker signed SB 2979 into law, amending BIPA in two ways: significantly limiting potential damages and updating the Act’s definition of “written release” to include an “electronic signature.”
GT Alert
SEC Adopts Cybersecurity Amendments to Regulation S-P
On May 16, 2024, the U.S. Securities and Exchange Commission finalized amendments to Regulation S-P (the Amendments) that largely adopt the proposed amendments the SEC issued in 2023. As discussed in further detail below, the Amendments will require broker-dealers, investment companies, SEC-registered investment advisers, funding portals, and transfer agents registered with the SEC or other…
EEOC Secures First Workplace Artificial Intelligence Settlement
On Aug. 9, 2023, a tutoring company agreed to pay $365,000 to settle an artificial intelligence (AI) lawsuit with the Equal Employment Opportunity Commission (EEOC). The settlement comes on the heels of multiple EEOC warnings to employers about potential discrimination associated with the use of AI for hiring and workplace decisions.
FTC Proposes Changes to Health Breach Notification Rule
On May 18, 2023, the Federal Trade Commission (FTC) issued a proposed rule that would expand the existing Health Breach Notification Rule (HBNR) to cover health applications (apps) and other similar technologies. Given the rapid evolution of the health technology industry since the HBNR was issued in 2009, the FTC has expressed concern that the…
Updated CCPA Regulations Approved
Three months prior to the enforcement date of the California Consumer Privacy Act (CCPA), as amended, the California Office of Administrative Law approved the updated CCPA Regulations (final rulemaking documents will be posted here after processing). These updates take into account the CCPA’s expanded scope following its amendment by the California Privacy Rights…
Deadline: ‘Old’ Standard Contractual Clauses (SCCs) Expire Dec. 27, 2022
After an extended sunset period, time to replace the “old” SCCs runs out on Dec. 27, 2022. After that date, the old SCCs will no longer legalize data transfers to countries outside the European Economic Area (EEA). To avoid compliance risks associated with illegal transfers of personal data, any old SCCs should be updated to…
CFPB Warns Insufficient Data Security Measures May Violate Consumer Financial Protection Act
On Aug. 11, 2022, the U.S. Consumer Financial Protection Bureau issued guidance indicating that financial institutions and service providers that fail to adopt sufficient data security measures to protect consumer financial data may violate the Consumer Financial Protection Act provision prohibiting unfair acts and practices.
OFAC Sanctions Cryptocurrency Mixing Service for Allegedly Facilitating Money Laundering
On Aug. 8, 2022, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) imposed economic sanctions on Tornado Cash, a popular cryptocurrency mixing service that allows customers to obscure the original source of virtual currency transactions by “mixing” multiple transactions and then redistributing them. While mixing may have legitimate benefits in some transactions,…
Businesses Beware: Proposed Amendments to the CCPA Regulations Will Increase Cost of Doing Business in California
On July 8, 2022, the California Privacy Protection Agency (CPPA) issued proposed amendments to the California Consumer Privacy Act (CCPA) regulations to harmonize them with the California Privacy Rights Act of 2020 (CPRA), which will go into effect on Jan. 1, 2023. Individuals or companies have until Aug. 23, 2022, at 5 p.m. to submit…
DOJ Limits Application of Computer Fraud and Abuse Act, Providing Clarity for Ethical Hackers and Employees Paying Bills at Work Alike
On May 19, 2022, the Department of Justice announced it would not charge good-faith hackers who expose weaknesses in computer systems with violating the Computer Fraud and Abuse Act (CFAA or Act), 18 U.S.C. § 1030. Congress enacted the CFAA in 1986 to promote computer privacy and cybersecurity and amended the Act several times, most…