Data Counsel

Commentary Addressing Risks and Opportunities Through the Lifecycle of Data, Technology, Advertising and Innovation

As we wrote about last week, the Federal Trade Commission (FTC) recently announced that it had entered a proposed settlement with video equipment surveillance company Verkada over the company’s alleged security failures. What’s interesting about the Verkada settlement is that it’s really a data security case with some additional marketing violations thrown in. And

Cybersecurity Maturity Model Certification (CMMC) is coming — and now appears to be coming faster than many defense contractors believed. In the latest signal of CMMC’s forward momentum, the Department of Defense (DoD) issued a proposed rule on August 15, 2024, amending Title 48 CFR (Cybersecurity Requirements Proposed Rule), which defines how CMMC requirements should

Key Takeaways:

  • In March, the Office of Inspector General of the Department of Health and Human Services (OIG) published a report of its audit of Administration for Children and Families (ACF) “data hosted in certain cloud information systems.”
  • The report explains that the audit is part of a series examining “whether HHS and its Operating

To dramatically scale up the Modernizing the Federal Risk and Authorization Management Program (FedRAMP) marketplace, the Office of Management and Budget (OMB) has completely rewritten FedRAMP’s vision, scope and governance structure. OMB rescinded its memorandum from 2011 establishing FedRAMP and replaced it with a new memorandum updating FedRAMP.

As we’ve previously highlighted, FedRAMP recently revealed

We have seen a dizzying amount of Federal Trade Commission (FTC or Agency) enforcement on the privacy front in 2024, with a heavy focus on the collection and sharing of health data, browsing and geolocation data, and children’s data. Today we are going to explore some of the significant FTC privacy developments from the past

In our recent article, we discussed FedRAMP’s Roadmap to the Future, outlining FedRAMP’s ambitious plan to breathe new life into the FedRAMP program by, among other goals, updating the authorization process and automating key deliverables in the FedRAMP program, including the Security Assessment Plan (SAP), Security Assessment Report (SAR), and Plan of Actions and

On June 28, 2024, Pennsylvania Governor Josh Shapiro signed an amendment to Pennsylvania’s Breach of Personal Information Notification Act into law. The amended law, which includes significant changes to the Keystone State’s data breach notification law, goes into effect on September 26, 2024. Below, we discuss the major changes set forth in the amended law.

On June 20, 2024, the Northern District of Texas issued its final order in American Hospital Association, et al. v. Becerra, et al. (AHA), granting the plaintiffs’ (the American Hospital Association, two Texas health systems and the Texas Hospital Association) motion for summary judgment. The thorough (and delightfully irreverent) opinion – which aligned with