Blogs

Privacy and Security related image, digital thumbprint

Perkins on Privacy

Perkins on Privacy keeps you informed about the latest developments in privacy and data security law. Our insights are provided by Perkins Coie's Privacy & Security practice, recognized by Chambers as a leading firm in the field.

Subscribe

Computer Lock Security

December 11, 2024

FTC Staff Paper Finds that Most Surveyed “Smart” Products Fail to Disclose Duration of Support

On November 26, 2024, the FTC released a staff paper regarding the disclosure of the duration of the support for the software of connected consumer devices. As the FTC staff explained, if a manufacturer stops providing software updates, products may lose their “smart” functionality, become insecure, or stop working entirely. Against that backdrop, the FTC examined the software support disclosures of manufacturers of 184 connected consumer products. The FTC concluded that just under 89% of the product web pages for the studied devices did not disclose a software support period.

privacy related image

December 4, 2024 New Administration Privacy Compliance

How the FTC’s Approach to Privacy, Security, and AI Enforcement May Change Under Trump 2.0

The election of Donald Trump is likely to have a significant impact on the Federal Trade Commission’s (FTC’s) approach to privacy, data security, and other technology-related aspects of consumer protection, including artificial intelligence (AI).

Data

December 3, 2024

CISA Security Requirements for Restricted Data Transactions Under New DOJ Rule

CISA has proposed security requirements for certain categories of restricted data transfers. Any U.S. business that transfers its data outside the United States or gives businesses or people outside the United States access to its data should review and work with security and legal professionals to ensure compliance.

Cellphone Privacy Security

December 3, 2024

DOJ’s Notice of Proposed Rulemaking on Sensitive Personal Data and Government-Related Data

DOJ has revised its proposed rules governing transfers of U.S.

Supreme Court

December 2, 2024 State Privacy Laws Privacy Compliance Privacy Litigation

Massachusetts Supreme Court Decision Raises Bar for Website “Wiretap” Suits

In recent months, a wave of lawsuits has swept across the nation, targeting websites for allegedly violating state wiretapping laws through their use of tracking software.

World Cybersecurity

November 26, 2024 CCPA Privacy Compliance State Privacy Laws

Fasten Your Seatbelts: CPPA Proposes Rules on Automated Decision-Making and Cybersecurity Audits and Finalizes Data Broker Regulations

After much anticipation, on November 8, the California Privacy Protection Agency (CPPA) Board voted to advance proposed regulations for insurance, cybersecurity audits, risk assessments, and automated decision-making technology (ADMT) to formal rulemaking.

bell on front desk at hotel

November 7, 2024

FTC and State Coalition Settle Data Breach Cases with Marriott

In 2018, Marriott announced a data breach affecting its Starwood reservation system, thought at the time to have affected up to 500 million people worldwide. These settlements arise from that incident, as well as two smaller incidents that also affected Starwood and Marriott. The FTC alleges these incidents exposed payment card information, unencrypted passport numbers, and loyalty account information, along with other information like names, dates of birth, and contact information.

Artificial Intelligence Robotics Wave

November 6, 2024

California Governor Signs a Raft of AI and Privacy Bills

California’s legislative session came to a close with the adoption of a torrent of bills concerning artificial intelligence (AI) as well as updates to the state’s broad consumer privacy law, the California Consumer Privacy Act (CCPA). Conversely, other AI and privacy legislation did not make it out of the legislature or was vetoed. In all, Governor Newsom signed over a dozen AI and privacy bills, while vetoing a handful. Below we summarize some of the most notable AI and privacy bills enacted and vetoed.

Pillars of a courthouse

November 1, 2024

Supreme Court To Review FCC Authority Over Junk Faxes

In what is shaping up to be an increasingly active term for judicial scrutiny of agency deference, the U.S. Supreme Court granted certiorari in McLaughlin Chiropractic Assoc. v. McKesson Corp., No. 23-1226 (U.S. Oct. 4, 2024)—a case which appears primed to address how much deference federal courts must give to agency interpretations of the law.

Computer Lock Security

October 28, 2024

UK Online Safety Act: A Look Ahead

Ofcom, the U.K. Online Safety Act (the Act) regulator, released an updated roadmap on the timing of obligations for covered services on October 17, 2024.

Artificial Intelligence Brain Compute

October 7, 2024

AB 2013: New California AI Law Mandates Disclosure of GenAI Training Data

In the last 30 days, California Governor Gavin Newsom signed 17 artificial intelligence (AI) bills and vetoed AI safety bill SB 1047. One of the AI-related bills signed into law, AB 2013 “Generative Artificial Intelligence: Training Data Transparency,” imposes new disclosure requirements on the developers of generative artificial intelligence (GenAI) systems and services that are made available to Californians.

Columns

October 7, 2024

Implications of California Governor Newsom’s Veto of AI Safety Bill SB 1047

Governor Gavin Newsom has vetoed SB 1047, the Safe and Secure Innovation for Frontier Artificial Intelligence Models Act, marking a significant development in California’s approach to AI regulation. Both the tech industry and policymakers had closely watched the bill due to its potential impact on the development and deployment of frontier AI models.

AI finger touch screen

September 30, 2024

2024 Breach Notification Law Update: Unique New State Obligations and Widespread New Federal Obligations

Amid intense focus on AI and a flurry of consumer privacy law updates, legislative activity has continued to change data breach notification requirements in a variety of ways. Similar to 2023, a handful of changes to generally applicable state breach notification statutes were accompanied by steady sectoral activity at the state level and significant updates at the federal level, including new obligations from both the Federal Trade Commission (FTC) and the U.S. Securities and Exchange Commission (SEC).

Cellphone Privacy Security

September 25, 2024

Cybersecurity for Lawyers: The NIST Cybersecurity Framework as a Tool and Reference

In this post in our series on basic cybersecurity concepts for lawyers, we delve into the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0.

Computer server room

August 30, 2024

Cybersecurity for Lawyers: Open-Source Software Supply Chain Attacks

In this post in our series on basic cybersecurity concepts for lawyers, we address open-source software (OSS) supply chain risk.