• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy, Cyber & Data Strategy Blog

  • Home
  • Services
  • Events
  • Contacts

Regulatory Enforcement

California Court of Appeals Paves the Way for Enforcement of California Privacy Rights Act Regulations

February 13, 2024 By Dorian Simmons

On February 9, 2024, the California state court of appeals mandated a trial court to vacate its order and judgment prohibiting the California Privacy Protection Agency (the “Agency”) from enforcing the California Privacy Rights Act regulations (the “CPRA Regulations”) until March 29, 2024. The Agency will be able to enforce the CPRA Regulations upon the […]

Filed Under: Board Governance & Cyber Risk Management, California Privacy & the CCPA, Privacy & Cyber Regulatory Enforcement, Privacy & Cybersecurity Litigation Tagged With: California Consumer Privacy Act (CCPA), California Privacy Protection Agency (CPPA), California Privacy Rights Act (CPRA), Regulatory Enforcement

Washington AG’s Office Updates FAQs for My Health My Data Act

January 24, 2024 By Dorian Simmons and Hyun Jai Oh

The Office of the Attorney General of Washington (the “AG”) has updated the Frequently Asked Questions (the “FAQs”) for the Washington My Health My Data Act (the “Act” or “Washington Act”) to provide guidance on the AG’s position concerning whether businesses must publish standalone consumer health data privacy policies under the Act. The update, first […]

Filed Under: Adtech & Digital Tracking, HIPAA/Health Information Privacy, Security & Breach Response, Privacy & Cyber Regulatory Enforcement, Uncategorized Tagged With: Data Protection, Health Information Security, Privacy, Regulatory Enforcement, US State Law

Colorado AG Recognizes Global Privacy Control as the First Valid Universal Opt-Out Mechanism

January 4, 2024 By David Keating and Hyun Jai Oh

On December 29, 2023, the Colorado Attorney General (the “AG”) announced that the Global Privacy Control (“GPC”) will become the first universal opt-out mechanism (“UOOM”) the AG considers valid under the Colorado Privacy Act (the “CPA”).  Effective July 1, 2024, controllers subject to the CPA will need to treat Colorado consumers’ privacy preferences submitted through […]

Filed Under: Adtech & Digital Tracking, Board Governance & Cyber Risk Management, Privacy & Cyber Regulatory Enforcement Tagged With: Behavioral Tracking, Data Protection, Privacy, Regulatory Enforcement, Tracking, US State Law

NYDFS Releases Consent Order in First Enforcement Action Brought Under the Cybersecurity Regulations

December 18, 2023 By Lance Taubin, Ashley Miller, Kristen Bartolotta and Privacy, Cyber & Data Strategy Team

After a three-year investigation/enforcement action by the New York Department of Financial Services (“NYDFS”), NYDFS entered into a Consent Order with a large title insurer (the “Company”) for its violation of NYDFS’s Cybersecurity Regulation (23 NYCRR Part 500) (the “Regulation”), specifically, its failure to protect non-public information (“NPI”). NYDFS originally brought the enforcement action in […]

Filed Under: Board Governance & Cyber Risk Management, Crisis & Data Breach Response, Privacy & Cyber Regulatory Enforcement Tagged With: Cybersecurity, Regulatory Enforcement, US State Law

Colorado AG Publishes Shortlist of Universal Opt-Out Mechanisms

November 21, 2023 By Daniel Felz and Hyun Jai Oh

On November 21, 2023, the Colorado Attorney General (the “AG”) published a shortlist of potential universal opt-out mechanisms (“UOOMs”) that the AG is considering recognizing as binding under the Colorado Privacy Act (the “CPA”). Beginning on July 1, 2024, the CPA will require covered controllers to comply with Colorado consumers’ requests to opt out of […]

Filed Under: Adtech & Digital Tracking, Board Governance & Cyber Risk Management, Privacy & Cyber Regulatory Enforcement Tagged With: Behavioral Tracking, Colorado Privacy Act (CPA), Data Protection, Privacy, Regulatory Enforcement, US State Law

  • « Go to Previous Page
  • Page 1
  • Interim pages omitted …
  • Page 4
  • Page 5
  • Page 6
  • Page 7
  • Page 8
  • Interim pages omitted …
  • Page 17
  • Go to Next Page »

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy, Cyber & Data Strategy team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


RANSOMWARE FUSION CENTER
Click here to request access

THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up


Secondary Sidebar

Categories

Recent Posts

  • Connected Vehicles Under the Spotlight: French DPA Issues Landmark Guidance on Vehicle Data Privacy
  • Five Eyes Issues Urgent Call to Action on AI-Driven Cyber Threats
  • DOJ Settles False Claims Act Case with LOGZONE Over Cybersecurity Deficiencies
  • FTC Targets EdTech Data Practices in Final Order Following Major Student Data Breach
  • New Executive Order Promotes AI Innovation While Strengthening Cybersecurity Defenses
Copyright © 2026 · Alston & Bird · All Rights Reserved. Privacy.