After an extensive comment period, the SEC announced on July 26 that it was formally adopting new rules for public companies governing cybersecurity disclosures. The rules had generated significant backlash from public companies, who criticized the new reporting deadlines for data security incidents as well as the mandatory cyber-risk disclosures the Rules mandate.

Adoption of…

Llama? Vicuña? Alpaca? You might be asking yourself, “what do these camelids have to do with licensing LLM artificial intelligence?” The answer is, “a lot.”

LLaMa, Vicuña, and Alpaca are the names of three recently developed large language models (LLMs). LLMs are a type of artificial intelligence (AI) that uses deep learning techniques and large…

On July 10, 2023, the European Commission adopted its adequacy decision for the EU-US Data Privacy Framework (Framework).  The adequacy decision concludes the long process to open up new means by which companies transfer personal data from the European Economic Area (EEA) to the United States. 

The Framework will be administered by the US Department…

Shortly before the July Fourth holiday, the California Superior Court issued an important, but subtly complex ruling that pushes back the date when the California Privacy Protection Agency (CPPA) may begin enforcing the latest round of privacy regulations.  These regulations were finalized in March 2023 and enforce provisions of the California Privacy Rights Act (CPRA),…

One of the most significant trends in privacy law this year has been the surge in online child protection laws in U.S. states.  In a recent article for the Cybersecurity Law Report , Ballard Spahr privacy attorneys Phil Yannella, Greg Szewczyk, Tim Dickens and Emily Klode explore the legal and practical complexities associated with these…

The European Parliament has approved a revised version of the EU Artificial Intelligence Act (AIA), which appears to be on a path to adoption by the EU later this year.  The AIA is the most comprehensive legislation in the world to address the risks associated with the use of artificial intelligence.  A final version of…

On May 28, Texas became the sixth state this year to pass a comprehensive data protection law.  Although the Texas Data Privacy and Security Act (“TDPSA”) is largely in line with the Virginia Consumer Data Protection Act and other recently passed state privacy laws, it has a few key distinctions that may cause headaches for…

On April 24, the Governor of Kansas signed into law Kansas Senate Bill 44, which enacts the Financial Institutions Information Security Act (the “Act”). The Act requires credit services organizations, mortgage companies, supervised lenders, money transmitters, trust companies, and technology-enabled fiduciary financial institutions to comply with the requirements of the GLBA’s Safeguards Rule, as…

Following recent Senate testimony in which OpenAI CEO Sam Altman proposed additional Congressional oversight for the development of artificial intelligence (AI), Colorado Senator Michael Bennet has re-introduced the Digital Platform Commission Act, a bill that would enable the creation of a federal agency to oversee the use of AI by digital platforms.  The proposed…

On May 17, 2023, Montana Governor Greg Gianforte signed into law a bill banning the use of the popular app, TikTok, by the general public within the state. Absent court intervention, the ban takes effect on January 1, 2024. While users of the popular app, which is owned by Chinese company ByteDance, can breathe a…

In a ruling published May, 4, the Federal District Court of Idaho granted defendant data broker Kochava’s motion to dismiss a complaint filed by the Federal Trade Commission (“FTC”).  In its complaint, the FTC alleged that Kochava’s sale of precise consumer geolocation data constituted an unfair act or practice in violation of Section 5 of…

United States Capitol Building

As we have previously posted, it has been an active year on the state privacy law front.  Indeed, the number of states with privacy laws is about to nearly double in a matter of months,  with Iowa, Indiana, Montana, and Tennessee have already passed or are about to pass comprehensive…

The State of Washington appears close to enacting a new law that regulates the privacy of consumer health information.   If passed, the new law – the My Health My Data Act (MHMDA) –the new rules generally take effect March 31, 2024 and apply to non-governmental entities that collect, process, share, or sell health information that…