Fey LLC
Current analysis on data privacy, cybersecurity, AI law, and information governance from the attorneys at Fey LLC.
The U.K. and U.S. moved forward with the U.K.-U.S. Data Bridge, taking effect October 12, 2023 as an extension of the EU-U.S. DPF.
Governor John Carney signed the Delaware Personal Data Privacy Act (DPDPA) on September 11, 2023, the twelfth state comprehensive privacy law.
Laura Clark Fey joined the SCCE Compliance Perspectives podcast on the compliance team's role in disaster preparedness, response, and recovery.
The SEC's rules require public companies to disclose material cyber incidents within 4 business days, plus annual risk management disclosures.
The European Commission adopted an adequacy decision for the EU-U.S. Data Privacy Framework on July 10, 2023, enabling transatlantic data transfers.
The CPPA and AG Rob Bonta appealed a court ruling that would delay CCPA/CPRA regulation enforcement by 12 months.
Oregon, Texas, and Delaware passed comprehensive data privacy laws in 2023, bringing the total to twelve U.S. states with broad protections.
OCR and the FTC warned about 130 hospitals and telehealth providers about sharing consumer health data via online tracking technologies.
The CPPA launched an online complaint form on July 14, 2023, making it easier for consumers to report CCPA/CPRA violations to regulators.
Colorado AG Phil Weiser began enforcing the Colorado Privacy Act within two weeks of its July 1, 2023 effective date, sending letters to businesses.
California AG Rob Bonta launched a CCPA enforcement sweep on employer handling of employee and job applicant data privacy rights in July 2023.
A summary of U.S. state comprehensive privacy law enforcement dates as of July 2023, including California's CPRA enforcement timeline.
Washington Governor Jay Inslee signed the My Health My Data Act on April 27, 2023, with broad health data protections and a private right of action.
Indiana, Montana, and Tennessee passed comprehensive data privacy laws in April 2023, joining the growing list of states with broad protections.
OCR's December 2022 bulletin warns HIPAA-covered entities that website tracking tech may cause impermissible disclosures of protected health info.
Iowa Governor Kim Reynolds signed SF 262 on March 28, 2023, the sixth state consumer data privacy law, effective January 1, 2025.
A 10-step compliance guide for CPRA, CPA, CTDPA, VCDPA, UCPA, and other state privacy laws, covering data mapping, DSRs, and vendor agreements.
California AG Rob Bonta announced a $1.2M CCPA settlement with Sephora, the first public CCPA enforcement action, over undisclosed data sales.
New Jersey P.L. 2021, c. 299 (effective April 18, 2022) requires employers to give written notice before installing vehicle tracking devices.
The EDPB's Guidelines 05/2021 set a three-part test for when data processing is an international transfer requiring Chapter V GDPR compliance.
Laura Clark Fey and Sarah D. Wiese's article on the nation-state hacking threat was published in the Kansas Journal of Law & Public Policy.
The CPPA opened public comment through November 8, 2021 on proposed CPRA rulemaking across eight topics, including automated decision-making.
The European Commission published new Standard Contractual Clauses (SCCs) on June 4, 2021, replacing old SCCs and requiring agreement migration.