On January 16, 2024, New Jersey (NJ) Governor Phil Murphy signed into law S332/A1971, making New Jersey the latest state with a comprehensive state privacy law. (This follows similar comprehensive state privacy laws in CA, CO, CT, DE, IN, IA, MT, OR, TN, TX, UT, and VA). The law becomes effective one year after its
Data Privacy & Security Observer
Blog Authors
Latest from Data Privacy & Security Observer
Joint Cybersecurity Advisory (“CSA”) Issued Regarding IRGC-Affiliated Cyber Threats to Multiple Sectors, including U.S. Water and Wastewater Systems Facilities
On December 1, 2023, the Federal Bureau of Investigation (“FBI”), Cybersecurity and Infrastructure Security Agency (“CISA”), National Security Agency (“NSA”), Environmental Protection Agency (“EPA”), and the Israel National Cyber Directorate (“INCD”)—hereafter referred to as “the authoring agencies”— issued a joint Cybersecurity Advisory (“CSA”) to highlight continued malicious cyber activity against operational technology devices by Iranian…
Colorado Attorney General Submits Universal Opt-Out Mechanism Shortlist for Public Comment
Under the Colorado Privacy Act (“CPA”), consumers have express rights to opt out of the sale of personal data as well as the processing of personal data for targeted advertising. Effective July 1, 2024, organizations covered under the CPA must allow consumers to opt out using a universal opt out mechanism (“UOOM”).
Under the…
OMB Memorandum on AI Executive Order Released for Public Comment
On November 1, 2023, after the Biden administration’s October 30, 2023 release of its landmark executive order on artificial intelligence (“AI”), the Office of Management and Budget (“OMB”) released a draft proposed memorandum on implementing the executive order. The draft memo directs heads of executive departments and agencies to advance AI governance and innovation while…
California Privacy Protection Agency (CPPA) Releases Draft Rules Regarding Automated Decisionmaking Technology under CCPA
Today, the California Privacy Protection Agency (“CPPA”) released draft rules pursuant to the California Consumer Privacy Act (“CCPA”) governing consumer access and opt out rights with respect to Automated Decisionmaking Technology (“ADMT”). This is an early example of the development of regulations around artificial intelligence (“AI”) in the United States. (NOTE: The draft regulations note…
AI Conversation and Activity Hit a Feverish Pitch – A November Recap
November has been a busy month in artificial intelligence on the international, federal, and state levels. The last several weeks have seen what is probably an unprecedented amount of activity regarding artificial Intelligence (“AI”), the most dramatic of which involved the stepping down of Open AI’s CEO Sam Altman last Friday after a clash with…
Eight Categories Summarizing the Directives of Biden’s Executive Order on Artificial Intelligence
Biden Issues Broad Executive Order on Artificial Intelligence…
The State Law Privacy “Patchwork” Continues with Oregon and Delaware; Federal Legislation on Children’s Online Privacy Advances
Two more states have enacted consumer privacy protection laws, with Oregon and Delaware joining the existing fray of state comprehensive consumer privacy laws in California, Colorado, Virginia, Utah, Connecticut, Iowa, Indiana, Montana, Tennessee, Florida, and Texas. For a useful chart detailing the applicability, effective dates, and exemptions of all of the state laws enacted thus…
SEC Final Rule Adopts Increased Requirements around Cybersecurity Disclosures
On July 26, 2023, the Securities and Exchange Commission (“SEC”) adopted amendments augmenting and standardizing required disclosures for public companies related to cybersecurity. The rules apply to all registrants, and includes comparable requirements of foreign private issuers. The rules reflect several changes to elements described in the 2022 proposed rule and in previous guidance.…
California Privacy Regulator to Review Privacy of Connected Vehicles under CCPA
On July 31, 2023, the California Privacy Protection Agency (“CPPA”) – the state privacy regulatory agency charged with regulating and enforcing the California Consumer Privacy Act (as amended by the California Privacy Rights Act) (“CCPA”) — announced that it will be reviewing the data privacy practices of connected vehicle (CV) manufacturers and related CV technologies.…