On Aug. 2, 2024, Illinois Gov. J.B. Pritzker signed SB 2979 into law, amending BIPA in two ways: significantly limiting potential damages and updating the Act’s definition of “written release” to include an “electronic signature.”

Continue reading the full GT Alert.

On May 16, 2024, the U.S. Securities and Exchange Commission finalized amendments to Regulation S-P (the Amendments) that largely adopt the proposed amendments the SEC issued in 2023. As discussed in further detail below, the Amendments will require broker-dealers, investment companies, SEC-registered investment advisers, funding portals, and transfer agents registered with the SEC or other

On Aug. 9, 2023, a tutoring company agreed to pay $365,000 to settle an artificial intelligence (AI) lawsuit with the Equal Employment Opportunity Commission (EEOC). The settlement comes on the heels of multiple EEOC warnings to employers about potential discrimination associated with the use of AI for hiring and workplace decisions.

Continue reading the full

On May 18, 2023, the Federal Trade Commission (FTC) issued a proposed rule that would expand the existing Health Breach Notification Rule (HBNR) to cover health applications (apps) and other similar technologies. Given the rapid evolution of the health technology industry since the HBNR was issued in 2009, the FTC has expressed concern that the

Three months prior to the enforcement date of the California Consumer Privacy Act (CCPA), as amended, the California Office of Administrative Law approved the updated CCPA Regulations (final rulemaking documents will be posted here after processing). These updates take into account the CCPA’s expanded scope following its amendment by the California Privacy Rights

After an extended sunset period, time to replace the “old” SCCs runs out on Dec. 27, 2022. After that date, the old SCCs will no longer legalize data transfers to countries outside the European Economic Area (EEA). To avoid compliance risks associated with illegal transfers of personal data, any old SCCs should be updated to

On Aug. 11, 2022, the U.S. Consumer Financial Protection Bureau issued guidance indicating that financial institutions and service providers that fail to adopt sufficient data security measures to protect consumer financial data may violate the Consumer Financial Protection Act provision prohibiting unfair acts and practices.

Click here to continue reading the full GT Alert.

On Aug. 8, 2022, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) imposed economic sanctions on Tornado Cash, a popular cryptocurrency mixing service that allows customers to obscure the original source of virtual currency transactions by “mixing” multiple transactions and then redistributing them. While mixing may have legitimate benefits in some transactions,

On July 8, 2022, the California Privacy Protection Agency (CPPA) issued proposed amendments to the California Consumer Privacy Act (CCPA) regulations to harmonize them with the California Privacy Rights Act of 2020 (CPRA), which will go into effect on Jan. 1, 2023. Individuals or companies have until Aug. 23, 2022, at 5 p.m. to submit

On May 19, 2022, the Department of Justice announced it would not charge good-faith hackers who expose weaknesses in computer systems with violating the Computer Fraud and Abuse Act (CFAA or Act), 18 U.S.C. § 1030. Congress enacted the CFAA in 1986 to promote computer privacy and cybersecurity and amended the Act several times, most