personal information

Regulatory authorities globally are prioritizing data deletion rights, including legislation like California’s Delete Act and enforcement actions in Europe and Oregon. Businesses should consider enhancing their mechanisms for handling deletion requests to ensure compliance and build consumer trust.
Continue Reading Enforcement Update: Regulatory Attention Focused on Deletion Requests

On May 16, 2024, the U.S. Securities and Exchange Commission finalized amendments to Regulation S-P (the Amendments) that largely adopt the proposed amendments the SEC issued in 2023. As discussed in further detail below, the Amendments will require broker-dealers, investment companies, SEC-registered investment advisers, funding portals, and transfer agents registered with the SEC or other

On Oct. 19, 2023, the CFPB released a proposed rule that, if finalized in its present form, would require covered financial institutions to provide consumers and authorized third parties with access and portability options for their financial data. The CFPB’s proposed rule, called the “Personal Financial Data Rights” rule, would implement Section 1033 of Title

Not necessarily. 

Under the GDPR, controllers are required to provide information relating to what personal data they process, and how that processing takes place. 

If the personal data the organization includes in AI prompts has been collected directly from individuals, those individuals should be provided with a copy of the organization’s privacy notice “at the

Under the GDPR, controllers are required to provide individuals with information relating to what personal data is processed, and how that processing takes place. Some supervisory authorities have specifically taken the position that organizations which use personal data to train an artificial intelligence (AI) must draft and publish a privacy notice that provides “data subjects

Most modern U.S. state data privacy laws exempt from their definition of personal information “publicly available information.” What constitutes publicly available information differs between state privacy laws and may not correlate to the lay definition understood by many businesses and individuals. For example, while some businesses may consider information that is available on the internet

Probably not.

Under the European GDPR, if the personal information that an organization is going to use as part of training an AI has been collected directly from individuals, then those individuals should be provided with a copy of the organization’s privacy notice “at the time when personal data are obtained.”[1] If the personal

On Aug. 30, 2023, GT Data Privacy & Cybersecurity Practice Shareholders David Zetoony, Lily McNulty, and Tyler Thompson will present the session “Artificial Intelligence in the Workplace and HR and Data Protection: Safeguarding Company, Customer, and Employee Information” at the Arizona Society for HR Management (AZSHRM) 2023 Annual State Conference. The conference