United States

Subscribe to United States via RSS

The Biden administration recently issued Executive Order 14117 (the “Order”) on “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern.”  Building upon earlier Executive Orders[1], the Order was motivated by growing fears that “countries of concern” may use artificial intelligence and other advanced technologies to analyze and manipulate bulk sensitive personal data for nefarious purposes.  In particular, the Order notes that unfettered access to American’s bulk sensitive personal data and United States governmental data by countries of concern, whether via data brokers, third-party vendor agreements or otherwise, may pose heightened national security risks. To address these possibilities, the Order directs the Attorney General to issue regulations prohibiting or restricting U.S. persons from entering into certain transactions that pose an unacceptable risk to the national security of the United States.  Last week, the Department of Justice (“DOJ”) issued an Advance Notice of Proposed Rulemaking, outlining its preliminary approach to the rulemaking and seeking comments on dozens of issues ranging from the definition of bulk U.S. sensitive personal data to mitigation of compliance costs. Continue Reading Biden Administration Executive Order Targets Bulk Data Transactions

On January 16, 2024, New Jersey officially became one of a growing number states with comprehensive privacy laws, as Governor Phil Murphy signed Senate Bill 332 (the “New Jersey Privacy Act”) into law.[1]  New Hampshire followed closely behind, with its own comprehensive privacy law, Senate Bill 255 (the “New Hampshire Privacy Act” and, together with the New Jersey Privacy Act, the “Acts”), signed into law by Governor Chris Sununu on March 6, 2024.[2] Continue Reading New Privacy Laws Enacted in New Jersey and New Hampshire

The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2024”.

Continuing global trends to protect consumer privacy and rein in the exploitation of personal data by organizations, 2023 saw an explosion of comprehensive privacy laws, amendments to existing laws and a proliferation of targeted regulations around the world. Continue Reading Privacy and Data Protection Compliance Will Become More Fragmented in 2024

Quantum technology is seen as having the potential to revolutionize many aspects of technology, the economy and society, including the financial sector. At the same time, this technology represents a significant threat to cybersecurity, especially due to its potential to render most current encryption schemes obsolete.Continue Reading Quantum Computing and the Financial Sector: World Economic Forum Lays Out Roadmap Towards Quantum Security

Nearly five years after a landmark Supreme Court ruling, which reiterated that information privacy is a fundamental right enshrined in the Constitution, India finally enacted its Digital Personal Data Protection Act, 2023 (the “DPDPA” or “Act”), on August 11, 2023.Continue Reading Comparing Global Privacy Regimes Under GDPR, DPDPA and US Data Protection Laws

On November 1, the New York Department of Financial Services (“DFS” or the “Agency”) announced finalized amendments to its Cybersecurity Regulation applicable to DFS-regulated entities.[1]  The finalized amendments to the Cybersecurity Regulation (the “Amendments”) contain significant revisions designed to mandate preventative measures to address common attack vectors and enhance cybersecurity governance, bringing more formality and uniformity to the assessment and mitigation of a covered entity’s specific cybersecurity risks.[2]  The Amendments may also portend future changes to cybersecurity regulations outside of DFS, as the original DFS Cybersecurity Regulation influenced many existing cybersecurity requirements in other areas of the law.  Continue Reading New York Department of Financial Services Finalizes Amendments to Cybersecurity Regulation

Continuing to pave the way for enhanced privacy rights for California consumers, on October 10, California Governor Gavin Newsom signed into law S.B. 262, colloquially known as the California Delete Act (the “Delete Act” or the “Act”)). [1]  The Delete Act is the first of its kind in the United States, providing California-based consumers with a more streamlined, user-friendly way to request deletion of their personal information from data brokers. Continue Reading California Passes Delete Act Creating More Accountability for Data Brokers

On September 11, Delaware’s governor signed into law the Delaware Personal Data Privacy Act (the “DPDPA” or “Act”),[1] establishing Delaware as the 12th state in the U.S. to enact its own comprehensive data protection law and contributing to the patchwork of U.S. data protection regimes that continue to proliferate in the absence of federal regulation. Continue Reading Broad Definition of Sensitive Data and Concern for Children’s and Teenagers’ Data in Delaware Privacy Law Reflect Recent Trends in Evolving Data Protection Landscape

On July 26, 2023, the U.S. Securities and Exchange Commission (the “SEC” or “Commission”) adopted rules to enhance and standardize disclosure requirements related to cybersecurity incident reporting and cybersecurity risk management, strategy, and governance.Continue Reading New SEC Disclosure Rules for Cybersecurity Incidents and Governance and Key Takeaways

On July 10, 2023, the European Commission officially adopted its adequacy decision for the new EU-U.S. Data Privacy Framework (“DPF”), concluding that the U.S. ensures an adequate level of protection for personal data transferred from the EU to U.S. organisations participating in the EU-U.S. Data Privacy Framework.[1] This allows EU organizations to freely transfer personal data that is subject to the GDPR to participating organizations in the U.S.Continue Reading EU-U.S. Data Privacy Framework