Last week, I had the privilege to attend one of the Midwest’s largest artificial intelligence conferences dedicated to AI developers, users, and enthusiasts: Cincy AI Week. During the three-day event, which brought together over 950 local professionals, I spoke on a panel entitled “Managing Risk in the Age of AI and Automation.” Here are six
Privacy & Data Security Insight
Updates and analysis from Taft Privacy and Data Security attorneys
Blog Authors
Latest from Privacy & Data Security Insight
One Month to Go: What You Need to Know about the U.S. Department of Justice’s Data Security Program
Last year, we wrote about updates from the Department of Justice (DOJ) and the DOJ’s proposed enforcement efforts and regulations implementing Executive Order 14117 “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Data by Countries of Concern” (Rule).
A year later, the DOJ has finalized the Rule and developed guidance on what…
Children’s Online Privacy Protection Act Amendments Effective June 23, 2025
As we reported early last year, the Federal Trade Commission (FTC) issued a notice of proposed rulemaking to the Children’s Online Privacy Protection Act rule (COPPA). On April 22, 2025, over a year after the notice of proposed rulemaking was issued, the FTC has finalized its amendments to the COPPA rule and are set…
North Dakota Governor Signs Cybersecurity Governance Law for Financial Institutions
On April 11, 2025, North Dakota Governor Kelly Armstrong signed HB 1127 (the Act) into law.
The Act, which takes effect on August 1, 2025, establishes new data security requirements for certain financial institutions and nonbanking financial service providers. In addition, the Act amends multiple sections related to financial institution licensing and oversight.…
Click, Click Hooray: What Businesses Need to Know about Autorenewal Laws and Subscription Cancellation Requirements
Several states and the Federal Trade Commission (FTC) have implemented autorenewal laws aimed at (i) better protecting consumers and providing transparency in automatic renewals (e.g., subscriptions) and (ii) mandating easy cancellation processes to terminate such products.
Although state laws vary, the amended California Automatic Renewal Law (CARL) and the FTC’s Click-to-Cancel Rule (FTC Rule) provide…
California Privacy Enforcement Update: Verifying Consumer Requests and Banners Must Be Symmetrical
The California Privacy Protection Agency (“CPPA”) recently issued a decision requiring American Honda Motor Co. to pay a $632,500 fine and change certain business practices related to alleged violations under the California Consumer Privacy Act (“CCPA”). While not specifically related to connected vehicles, this decision comes after the CPPA’s announcement in 2023 that it would be…
Taft Takeaways: Class Action Insights and Updates
Biometrics continue to be a hot issue and one primed for litigation and related liabilities. We in the Privacy and Data Security Practice are happy to share this upcoming Taft webinar, which will include a discussion on BIPA class action risks. Join our colleagues from Taft’s Litigation Practice on April 15th.
Time: 12 p.m. –…
UPDATE: FCC’s One-to-One Consent Rule Delayed, Then Overturned
As we previously discussed here, the Federal Communications Commission’s (FCC) new One-to-One Consent Rule, which amends the Telephone Consumer Protection Act (TCPA), was set to go into effect on January 27, 2025.
While the identified goal of the FCC was to close the “lead generator loophole,” this new rule, among other requirements, would require…
Taft Wins First Data Breach Class Action to Reach Illinois Supreme Court: Key Takeaways
What does it take for a data breach plaintiff to have standing to sue in Illinois? More than a mere increased risk of harm, said the Illinois Supreme Court in a case where Taft represented the defendant, a large multi-specialty group medical practice.
This post highlights the importance of a thorough post-data breach investigation.…
HIPAA Security Rule to Experience Major Updates in 2025
This month, the Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking in the Federal Register, which is intended to strengthen cybersecurity requirements for HIPAA-covered entities and business associates (the Proposed Rule). The comment period will close on March 7, 2025, with enactment of the proposed rule expected to take place…