Data privacy, cybersecurity, AI governance, eDiscovery, and information governance analysis from the attorneys at Fey LLC.https://feyllc.com/en-ushttps://feyllc.com/blog/uk-us-data-bridge/https://feyllc.com/blog/uk-us-data-bridge/The U.K. and U.S. moved forward with the U.K.-U.S. Data Bridge, taking effect October 12, 2023 as an extension of the EU-U.S. DPF.Thu, 05 Oct 2023 00:00:00 GMTUK-US Data BridgeEU-US Data Privacy Frameworkcross-border transfersdata privacyMaddie Level, Associate Attorneyhttps://feyllc.com/blog/delaware-makes-a-dozen/https://feyllc.com/blog/delaware-makes-a-dozen/Governor John Carney signed the Delaware Personal Data Privacy Act (DPDPA) on September 11, 2023, the twelfth state comprehensive privacy law.Wed, 13 Sep 2023 00:00:00 GMTDelawareDPDPAstate privacy lawdata privacyconsumer rightsMaddie Level, Associate Attorneyhttps://feyllc.com/blog/scce-podcast/https://feyllc.com/blog/scce-podcast/Laura Clark Fey joined the SCCE Compliance Perspectives podcast on the compliance team's role in disaster preparedness, response, and recovery.Wed, 06 Sep 2023 00:00:00 GMTSCCEpodcastcompliancedisaster preparednessLaura Clark FeyFey LLChttps://feyllc.com/blog/sec-cybersecurity-disclosure/https://feyllc.com/blog/sec-cybersecurity-disclosure/The SEC's rules require public companies to disclose material cyber incidents within 4 business days, plus annual risk management disclosures.Thu, 24 Aug 2023 00:00:00 GMTSECcybersecuritydisclosureForm 8-Kpublic companiescomplianceLaura Fey and Blake Lines, Associate Attorneyhttps://feyllc.com/blog/eu-us-adequacy-decision/https://feyllc.com/blog/eu-us-adequacy-decision/The European Commission adopted an adequacy decision for the EU-U.S. Data Privacy Framework on July 10, 2023, enabling transatlantic data transfers.Thu, 10 Aug 2023 00:00:00 GMTEU-US Data Privacy Frameworkadequacy decisionGDPRdata transfersPrivacy ShieldEUtransatlanticLaura Fey, Will Davis, and Randy Willnauerhttps://feyllc.com/blog/ca-privacy-regulators-appeal/https://feyllc.com/blog/ca-privacy-regulators-appeal/The CPPA and AG Rob Bonta appealed a court ruling that would delay CCPA/CPRA regulation enforcement by 12 months.Mon, 07 Aug 2023 00:00:00 GMTCCPACPRACPPACaliforniaenforcementappealMaddie Level and Will Davishttps://feyllc.com/blog/from-sea-to-shining-sea/https://feyllc.com/blog/from-sea-to-shining-sea/Oregon, Texas, and Delaware passed comprehensive data privacy laws in 2023, bringing the total to twelve U.S. states with broad protections.Tue, 01 Aug 2023 00:00:00 GMTOregonTexasDelawarestate privacy lawTDPSAOCPADPDPAdata privacyMaddie Level, Associate Attorneyhttps://feyllc.com/blog/ocr-ftc-health-tracking/https://feyllc.com/blog/ocr-ftc-health-tracking/OCR and the FTC warned about 130 hospitals and telehealth providers about sharing consumer health data via online tracking technologies.Thu, 27 Jul 2023 00:00:00 GMTOCRFTCHIPAAtracking technologieshealth datatelehealthcookiespixelsLaura Fey and Maddie Level, Associate Attorneyhttps://feyllc.com/blog/cppa-complaint-form/https://feyllc.com/blog/cppa-complaint-form/The CPPA launched an online complaint form on July 14, 2023, making it easier for consumers to report CCPA/CPRA violations to regulators.Fri, 21 Jul 2023 00:00:00 GMTCPPACCPACPRACaliforniaenforcementconsumer complaintscomplianceMaddie Level, Associate Attorneyhttps://feyllc.com/blog/colorado-privacy-act-enforcement/https://feyllc.com/blog/colorado-privacy-act-enforcement/Colorado AG Phil Weiser began enforcing the Colorado Privacy Act within two weeks of its July 1, 2023 effective date, sending letters to businesses.Wed, 19 Jul 2023 00:00:00 GMTColoradoColorado Privacy ActCPAenforcementstate privacydata privacyWill Davis, Associate Attorneyhttps://feyllc.com/blog/california-ag-enforcement-sweep/https://feyllc.com/blog/california-ag-enforcement-sweep/California AG Rob Bonta launched a CCPA enforcement sweep on employer handling of employee and job applicant data privacy rights in July 2023.Tue, 18 Jul 2023 00:00:00 GMTCaliforniaCCPAemploymentHRenforcementjob applicantsemployee dataFey LLChttps://feyllc.com/blog/hot-privacy-summer/https://feyllc.com/blog/hot-privacy-summer/A summary of U.S. state comprehensive privacy law enforcement dates as of July 2023, including California's CPRA enforcement timeline.Wed, 12 Jul 2023 00:00:00 GMTCCPACPRAColoradoVirginiaConnecticutUtahenforcementstate privacycomplianceWill Davis, Associate Attorney and Blake Lines, Associate Attorneyhttps://feyllc.com/blog/washington-my-health-my-data/https://feyllc.com/blog/washington-my-health-my-data/Washington Governor Jay Inslee signed the My Health My Data Act on April 27, 2023, with broad health data protections and a private right of action.Thu, 27 Apr 2023 00:00:00 GMTWashingtonMy Health My Data Actconsumer health dataWashington StateMHMDhealth privacyLaura Fey, Principalhttps://feyllc.com/blog/why-be-afraid-of-privacy/https://feyllc.com/blog/why-be-afraid-of-privacy/Indiana, Montana, and Tennessee passed comprehensive data privacy laws in April 2023, joining the growing list of states with broad protections.Wed, 26 Apr 2023 00:00:00 GMTIndianaMontanaTennesseestate privacy lawcomprehensive privacycomplianceFey LLChttps://feyllc.com/blog/cookies-hipaa-health/https://feyllc.com/blog/cookies-hipaa-health/OCR's December 2022 bulletin warns HIPAA-covered entities that website tracking tech may cause impermissible disclosures of protected health info.Tue, 18 Apr 2023 00:00:00 GMTHIPAAOCRtracking technologiescookiespixelsPHIhealthcarehealth privacyLaura Fey, Principal (with contribution from Eleazar Rundus)https://feyllc.com/blog/iowa-sixth-state/https://feyllc.com/blog/iowa-sixth-state/Iowa Governor Kim Reynolds signed SF 262 on March 28, 2023, the sixth state consumer data privacy law, effective January 1, 2025.Thu, 06 Apr 2023 00:00:00 GMTIowaIowa privacy lawICDPAstate privacy lawconsumer rightsdata privacyMaddie Level and Kelley Rowanhttps://feyllc.com/blog/winter-is-coming/https://feyllc.com/blog/winter-is-coming/A 10-step compliance guide for CPRA, CPA, CTDPA, VCDPA, UCPA, and other state privacy laws, covering data mapping, DSRs, and vendor agreements.Tue, 01 Nov 2022 00:00:00 GMTCPRACPACTDPAVCDPAUCPAcomplianceprivacy programdata mappingvendor managementLaura Clark Fey and Maddie Levelhttps://feyllc.com/blog/sephora-ccpa-settlement/https://feyllc.com/blog/sephora-ccpa-settlement/California AG Rob Bonta announced a $1.2M CCPA settlement with Sephora, the first public CCPA enforcement action, over undisclosed data sales.Thu, 22 Sep 2022 00:00:00 GMTCCPASephoraCalifornia AGenforcementGPCGlobal Privacy Controldata salescookiesWill Kenney and Maddie Levelhttps://feyllc.com/blog/new-jersey-fleet-tracking/https://feyllc.com/blog/new-jersey-fleet-tracking/New Jersey P.L. 2021, c. 299 (effective April 18, 2022) requires employers to give written notice before installing vehicle tracking devices.Fri, 15 Apr 2022 00:00:00 GMTNew Jerseyfleet trackingemployee privacyGPS trackingemployer obligationsEleazar Rundus and Will Kinneyhttps://feyllc.com/blog/edpb-international-transfer/https://feyllc.com/blog/edpb-international-transfer/The EDPB's Guidelines 05/2021 set a three-part test for when data processing is an international transfer requiring Chapter V GDPR compliance.Thu, 02 Dec 2021 00:00:00 GMTEDPBGDPRinternational transfersChapter Vstandard contractual clausescross-borderEUFey LLC (with contribution from Eleazar Rundus)https://feyllc.com/blog/nation-state-hacking/https://feyllc.com/blog/nation-state-hacking/Laura Clark Fey and Sarah D. Wiese's article on the nation-state hacking threat was published in the Kansas Journal of Law & Public Policy.Tue, 19 Oct 2021 00:00:00 GMTcybersecuritynation state hackingSolarWindsCISApublicationKansas Journal of LawLaura Clark Fey & Sarah D. Wiesehttps://feyllc.com/blog/cpra-rulemaking/https://feyllc.com/blog/cpra-rulemaking/The CPPA opened public comment through November 8, 2021 on proposed CPRA rulemaking across eight topics, including automated decision-making.Sat, 09 Oct 2021 00:00:00 GMTCPRACPPACaliforniarulemakingautomated decision-makingconsumer rightspublic commentFey LLC (Will Davis, Eleazar Rundus)https://feyllc.com/blog/eu-standard-contractual-clauses/https://feyllc.com/blog/eu-standard-contractual-clauses/The European Commission published new Standard Contractual Clauses (SCCs) on June 4, 2021, replacing old SCCs and requiring agreement migration.Mon, 27 Sep 2021 00:00:00 GMTEU SCCsStandard Contractual ClausesGDPRinternational transfersSchrems IIdata transfersEUFey LLC (Sarah Wiese, Will Davis)