In this episode of Legal Food Talk, host Justin Prochnow welcomes colleague Tyler Thompson from GT’s Data Privacy and Cybersecurity team to discuss the responsibilities of companies to protect data. Tyler breaks down the overall regulation of data collection and the web of different state laws and regulations, making it more difficult for companies to

On Oct. 18, 2023, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued two resources for health care providers and patients regarding the potential risks of using telehealth services. Although HIPAA does not require regulated entities to educate patients about these risks, OCR published these guidance documents to assist

Brad M. Rostolsky and Catherine E. Galea, members of Greenberg Traurig’s Data Privacy & Cybersecurity and Health Care & FDA Practices, co-authored a Philadelphia Business Journal “Thought Leadership Forum” article titled “Cybersecurity/AI Forum: Greenberg Traurig.”

Click here to read the full article, published by the Philadelphia Business Journal Oct. 27, 2023. Reprinted with permission.

On Oct. 19, 2023, the CFPB released a proposed rule that, if finalized in its present form, would require covered financial institutions to provide consumers and authorized third parties with access and portability options for their financial data. The CFPB’s proposed rule, called the “Personal Financial Data Rights” rule, would implement Section 1033 of Title

On Aug. 9, 2023, a tutoring company agreed to pay $365,000 to settle an artificial intelligence (AI) lawsuit with the Equal Employment Opportunity Commission (EEOC). The settlement comes on the heels of multiple EEOC warnings to employers about potential discrimination associated with the use of AI for hiring and workplace decisions.

Continue reading the full

In July 2023 the Biden administration announced the National Cybersecurity Strategy Implementation Plan, detailing how the government will advance the cyber strategy. The plan describes 65 initiatives to achieve the objectives laid out in the strategy, and several of them will impact federal contractors.

Click here to continue reading the full GT Alert.

On July 26, 2023, the Securities and Exchange Commission (SEC) adopted the long-awaited final rule requiring that public companies disclose information about cybersecurity incidents within four business days of determining the incident is material. GT wrote about the proposed rule shortly after it was released in March 2022. For context, Commissioner Caroline Crenshaw noted, in

Personal information in the franchise relationship is an asset now more than ever. Whether the personal information is customer data, employee data, device data, loyalty, and rewards data, or otherwise, and regardless of the method of collecting the data, managing such personal information once collected is a crucial part of the franchise relationship.

Click here

On May 10, 2023, the National Institutes of Standards and Technology (NIST) released Revision 3 to its foundational publication, 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. The publication provides guidelines for protecting sensitive unclassified information in contractor systems, and these guidelines establish the baseline cybersecurity requirements for federal defense contractors. 

On May 18, 2023, the Federal Trade Commission (FTC) issued a proposed rule that would expand the existing Health Breach Notification Rule (HBNR) to cover health applications (apps) and other similar technologies. Given the rapid evolution of the health technology industry since the HBNR was issued in 2009, the FTC has expressed concern that the