Insights

Professional
Practice
Industry
Region
Trending Topics
Location
Type

Sort by:

Client Alerts 13 results

Client Alert | 7 min read | 03.20.25

What Companies Need To Know From the California Privacy Protection Agency’s First CCPA Enforcement Action

On March 12, the California Consumer Privacy Protection Agency (“Agency”) announced it had entered into a settlement (“Settlement”) with American Honda Motor Company (“Honda”) to resolve the Agency’s claims that Honda violated the California Consumer Privacy Act (“CCPA”). The total fine to be paid by Honda is $632,500. The investigation came out of the Agency’s Enforcement Division’s focused review of privacy practices of connected vehicles and related technologies announced in July 2023. That review highlighted vehicles with embedded features such as location sharing, smartphone integration, and cameras, and we expect more automotive related Agency settlements to be issued in the near future.
...

Client Alert | 2 min read | 07.21.23

Biden Admin Eyes IoT Cyber Practices

On June 18, 2023, the Biden-Harris administration announced the launch of a new “U.S. Cyber Trust Mark” program (hereinafter the “Program”). First proposed by Federal Communication Commission (“FCC”) Chairwoman Jessica Rosenworcel, the Program aims to increase transparency and competition across the smart devices sector and to assist consumers in making informed decisions about the security of the devices they purchase.
...

Client Alert | 2 min read | 06.07.23

MOVEit Vulnerability: What to Know and What to Do

A new Cybersecurity & Infrastructure Security Agency (CISA) alert advises that, starting in late May, a well-known ransomware group called Clop compromised a widely used managed file transfer (MFT) platform called MOVEit Transfer, reportedly impacting hundreds of companies globally. 
...

Client Alert | 9 min read | 04.26.23

OCR Proposes HIPAA Amendments to Strengthen Reproductive Health Care Privacy

On April 17, 2023, the Department of Health and Human Services’ Office for Civil Rights (“OCR”) published a Notice of Proposed Rulemaking (“NPRM”) entitled HIPAA Privacy Rule To Support Reproductive Health Care Privacy. The NPRM, which OCR released in response to the Supreme Court’s 2022 decision in Dobbs v. Jackson Women’s Health Organization (“Dobbs”), aims to amend regulations implementing the Health Insurance Portability and Accountability Act (collectively, “HIPAA”) to mitigate concerns about reproductive health care privacy that have arisen as a consequence of the Dobbs ruling.  
...

Client Alert | 2 min read | 03.24.23

Iowa to Introduce the Sixth Comprehensive State Privacy Law in United States

On March 15, the Iowa House passed Senate File 262 (SF 262), a comprehensive state privacy law bill. If enacted, SF 262 would be the sixth state level privacy legislation, following California, Virginia, Colorado, Utah, and Connecticut, and it would go into effect on January 1, 2025.
...

Client Alert | 6 min read | 03.13.23

Everyone’s Talking AI, Including the FTC: Key Takeaways from the FTC’s 2023 AI Guidance

On February 27, 2023, the Federal Trade Commission (“FTC”) Division of Advertising Practices updated their business guidance on the usage of Artificial Intelligence (“AI”) for 2023. In their post titled “Keep your AI claim in check”, the FTC guides marketers on how best to legally and efficiently utilize AI in advertising and avoid AI washing. Building upon the FTC’s previous AI guidance of 2020 and 2021, this year’s iteration emphasizes that false or unsubstantiated claims about a product’s efficacy—including those that involve promises about the ability of AI—runs afoul of the FTC Act. Specifically, the FTC reminds marketers of the following questions that they should consider with the increasing use of AI in products:

Client Alert | 2 min read | 03.07.23

Key Takeaways from the Cookie Banner Taskforce Report

In the past few years, privacy activists, consumers and national and European data protection authorities have become increasingly aware of the impact of cookies and other tracking technologies. As a result, most administrators of websites and mobile apps know that they have to provide users with a clear and prominent cookie banner. They also know that they should explain what cookies are being used and obtain the user’s consent before storing any non-essential cookies on their device. 

Client Alert | 16 min read | 03.06.23

Biden Administration Releases Comprehensive National Cybersecurity Strategy

On March 2, 2023, the Biden Administration released the 35-page National Cybersecurity Strategy (the “Strategy”) with a goal “to secure the full benefits of a safe and secure digital ecosystem for all Americans.”
...

Client Alert | 7 min read | 09.13.22

$1.2 Million CCPA Settlement with Sephora Focuses on Sale of Personal Information and Global Privacy Controls

On August 24, 2022, the California Attorney General’s Office announced a settlement with Sephora, Inc. (Sephora), a French multinational personal care and beauty products retailer. The settlement resolved Sephora’s alleged violations of the California Consumer Privacy Act (CCPA) for allegedly failing to: disclose to consumers that the company was selling their personal information, process user requests to opt out of sale via user-enabled global privacy controls, and cure these violations within the 30-day period currently allowed by the CCPA.
...

Client Alert | 5 min read | 08.19.22

FTC Publishes an Advance Notice of Proposed Rulemaking Regarding Commercial Surveillance and Data Security

On August 11, 2022, the Federal Trade Commission (“FTC”, the “Commission”) published an Advance Notice of Proposed Rulemaking (“ANPR”, the “Notice”) intended to address what the FTC refers to as “commercial surveillance and lax data security practices,” involving companies’ collection, use and monetization of consumer data in ways that harm consumers and impact competition.  This ANPR marks the beginning of a long process that may or may not result in a final rule. This process begins with a sixty-day period after the ANPR’s publication in the Federal Register during which the Commission will accept public comment. Specifically, the FTC solicits public comment regarding:
...

Client Alert | 11 min read | 03.24.22

President Biden Signs Bill Expanding Cybersecurity Reporting Obligations

President Biden signed the Consolidated Appropriations Act, 2022 into law on March 15, 2022. Section Y of the new omnibus appropriations bill is titled The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“the Act”). Importantly, the Act significantly expands federal cybersecurity incident and ransom demand reporting requirements for critical infrastructure entities. In light of these new requirements, critical infrastructure entities who suspect that they may be subject to the Act should begin investigating how the Act will impact their business and consider establishing protocols which may be necessary to ensure compliance.
...

Client Alert | 6 min read | 03.01.22

Additional States Plan for the Implementation of Data Privacy Laws

Earlier this month, Crowell & Moring issued an alert regarding the robust enforcement of the California Consumer Privacy Act (“CCPA”) since its 2020 effective date. Other states and state consortiums, such as the Attorney General Alliance, continue to focus on the perceived need for consumer data privacy, which maintains bipartisan appeal. Currently, Colorado is preparing for the July 1st, 2023 effective date for the Colorado Privacy Act (“CPA”), various other states are working toward passing consumer data privacy legislation, and some states are attempting to pass measures of protection against “big data” that are different from California, Virginia or Colorado’s data privacy acts.
...

Client Alert | 2 min read | 10.25.21

Us Deputy Attorney General Requests Assistance From Companies in the Fight Against Cybercrime

This week, US Deputy Attorney General Lisa O. Monaco called upon private industry to assist law enforcement in fighting cybercrime. During her opening remarks at the Criminal Division of the Department of Justice’s (“DOJ”) cybersecurity roundtable, Monaco stressed that the United States is at an “inflection point” in the types of cyber threats it faces, namely that bad actors were historically nation-states but are expanding to include more private actors and criminal enterprises.
...