Perkins on Privacy
Privacy and Security related image, digital thumbprint

Perkins on Privacy

Perkins on Privacy keeps you informed about the latest developments in privacy and data security law. Our insights are provided by Perkins Coie's Privacy & Security practice, recognized by Chambers as a leading firm in the field. 
Computer Lock Security
December 11, 2024 Regulatory Enforcement Federal Trade Commission

FTC Staff Paper Finds that Most Surveyed “Smart” Products Fail to Disclose Duration of Support

 On November 26, 2024, the FTC released a staff paper regarding the disclosure of the duration of the support for the software of connected consumer devices. As the FTC staff explained, if a manufacturer stops providing software updates, products may lose their “smart” functionality, become insecure, or stop working entirely. Against that backdrop, the FTC examined the software support disclosures of manufacturers of 184 connected consumer products. The FTC concluded that just under 89% of the product web pages for the studied devices did not disclose a software support period. View blog post
Security
December 4, 2024 Privacy Compliance New Administration Regulatory Enforcement Federal Trade Commission

How the FTC’s Approach to Privacy, Security, and AI Enforcement May Change

 The new administration is likely to have a significant impact on the Federal Trade Commission’s (FTC’s) approach to privacy, data security, and other technology-related aspects of consumer protection, including artificial intelligence (AI). View blog post
World Cybersecurity
November 26, 2024 CCPA Privacy Compliance State Privacy Laws Artificial Intelligence Data Security

Fasten Your Seatbelts: CPPA Proposes Rules on Automated Decision-Making and Cybersecurity Audits and Finalizes Data Broker Regulations

After much anticipation, on November 8, the California Privacy Protection Agency (CPPA) Board voted to advance proposed regulations for insurance, cybersecurity audits, risk assessments, and automated decision-making technology (ADMT) to formal rulemaking. 

 View blog post
bell on front desk at hotel
November 7, 2024 Regulatory Enforcement Data Security Data Breach and Incident Response Federal Trade Commission

FTC and State Coalition Settle Data Breach Cases with Marriott

 In 2018, Marriott announced a data breach affecting its Starwood reservation system, thought at the time to have affected up to 500 million people worldwide. These settlements arise from that incident, as well as two smaller incidents that also affected Starwood and Marriott. The FTC alleges these incidents exposed payment card information, unencrypted passport numbers, and loyalty account information, along with other information like names, dates of birth, and contact information. View blog post
AI finger touch screen
September 30, 2024 Data Breach and Incident Response Data Security

2024 Breach Notification Law Update: Unique New State Obligations and Widespread New Federal Obligations

 Amid intense focus on AI and a flurry of consumer privacy law updates, legislative activity has continued to change data breach notification requirements in a variety of ways. Similar to 2023, a handful of changes to generally applicable state breach notification statutes were accompanied by steady sectoral activity at the state level and significant updates at the federal level, including new obligations from both the Federal Trade Commission (FTC) and the U.S. Securities and Exchange Commission (SEC). View blog post
Cellphone Privacy Security
September 25, 2024 Data Security

Cybersecurity for Lawyers: The NIST Cybersecurity Framework as a Tool and Reference

 In this post in our series on basic cybersecurity concepts for lawyers, we delve into the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0. View blog post
Computer server room
August 30, 2024 Data Security

Cybersecurity for Lawyers: Open-Source Software Supply Chain Attacks

In this post in our series on basic cybersecurity concepts for lawyers, we address open-source software (OSS) supply chain risk. 

 View blog post
Happy family together at home.
August 14, 2024 Data Security Regulatory Enforcement Children’s Privacy Federal Trade Commission

FTC Order Bans Anonymous Messaging App from Serving Minors

 The Federal Trade Commission (FTC) and the Los Angeles County District Attorney announced a complaint and proposed stipulated order concerning the “NGL: ask me anything” anonymous messaging app. View blog post
Computer Lock Security
May 22, 2024 Data Security

Clarifying Guidance on Abundance-of-Caution Disclosures under SEC Cybersecurity Rule

 The Director of the U.S. Securities and Exchange Commission (SEC) Division of Corporation Finance issued a statement clarifying public companies' obligations to disclose cybersecurity incidents under Item 1.05 of Form 8-K. View blog post
Financial Services & Investments
March 18, 2024 Regulatory Enforcement Federal Trade Commission

FTC Obtains $16.5M from Avast for Sale of Sensitive Data

The FTC's action against Avast reflects its continued focus on the mass collection and sale of sensitive personal data for advertising purposes.

 View blog post
Computer server room
January 26, 2024 Regulatory Enforcement Federal Trade Commission

The FTC Continues its Focus on Location and Sensitive Data

 The Federal Trade Commission (FTC) followed its recent spate of enforcement in the location and sensitive data space with the announcement of another enforcement action and proposed settlement with InMarket Media, Inc. (InMarket). View blog post
Woman on a laptop
September 19, 2023 Data Security Data Breach and Incident Response

Updating Corporate and Cybersecurity Practices To Satisfy the SEC’s Final Cybersecurity Disclosure Rules: Assessing Materiality of Cybersecurity Incidents

 In the wake of the SEC's new rule requiring prompt disclosure of cybersecurity incidents, incident response (IR) teams have asked how they should modify IR plans to promote compliance with the new rule. View blog post
Cellphone Privacy Security
September 11, 2023 Data Security Data Breach and Incident Response

A Deep Dive Into the SEC’s Materiality Trigger for Cybersecurity Incident Disclosures

The U.S. Securities and Exchange Commission (SEC) adopted final rules relating to cybersecurity disclosure on July 26, 2023, which will take effect on December 18, 2023. 

 View blog post
U.S. Capitol at sunset
August 1, 2023 Children’s Privacy Federal Trade Commission Regulatory Enforcement

COPPA: Public Comment Period Open for Proposed Verifiable Parental Consent Method

For the first time since 2015, the Federal Trade Commission (FTC) has been asked to approve a new "verifiable parental consent" (VPC) method under the Children's Online Privacy Protection (COPPA) Rule. 

 View blog post
© 2025 Perkins Coie LLP