Photo of Fran Faircloth

Over the next few weeks, Ropes & Gray’s data, privacy, and cybersecurity team will bring you unique blogs reviewing key trends and developments in data protection. This year, each daily blog will focus on a specific set of legal developments or a regulated sector. These blogs will track topics covered by 12 of the 30+

On October 29, 2024, the Department of Justice (“DOJ”) published its Notice of Proposed Rulemaking (“NPRM”) to implement President Biden’s Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern.” This follows the DOJ’s publication of its Advance Notice of Proposed Rulemaking earlier this year. 

On October 22, 2024, the Securities and Exchange Commission (“SEC”) filed settled enforcement orders involving four current and former public companies – Unisys Corp., Avaya Holdings Corp., Check Point Software Ltd, and Mimecast Limited. The settlements concern the issuers’ disclosures relating to cybersecurity risks and intrusions following the December 2020 SUNBURST cybersecurity incident, which affected

On June 28, 2024, Pennsylvania enacted amendments to its Breach of Personal Information Notification Act (“BPINA”). These amendments contain a number of significant changes, including clarifying a key definition, adding a new notification obligation to the Attorney General, requiring organizations to provide credit monitoring services, and reducing the threshold to notify consumer reporting agencies. These amendments—which take effect today, September 26, 2024—bring Pennsylvania in line with many other states that have taken steps to strengthen their respective data breach notification laws.Continue Reading Pennsylvania Strengthens Data Breach Notification Law

Ropes & Gray data, privacy & cybersecurity associate Matthew Cin spoke with  Law360, about Illinois’s recent amendments to its Biometric Information Privacy Act (BIPA). Ever since it was enacted in 2008, BIPA, which can restrict companies from collecting and sharing biometric data without data subjects’ consent, has been a source of privacy-related litigation and

Following the trend towards comprehensive state consumer data privacy laws over the past half decade, five more states—New Jersey, New Hampshire, Kentucky, Nebraska, and Maryland—have passed their own such laws since the beginning of this year alone. Joining the ranks of California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia, these five states bring the total number of states with comprehensive state privacy laws to 17 (or 19, if you count more narrowly scoped privacy laws in Florida and Nevada), a near 50% increase in states with comprehensive privacy laws in only five months. New Jersey led the charge at the beginning of 2024, with Governor Phil Murphy signing the New Jersey Privacy Act (NJPA) on January 16. Next followed New Hampshire Governor Chris Sununu’s signature on SB 255 (acronym surely soon to follow). Kentucky (KCDPA) and Nebraska (NDPA) were next, signing laws on April 4 and 17, respectively, and Maryland rounded out this wave of privacy legislation when Governor Wes Moore signed the Maryland Online Data Privacy Act of 2024 (MODPA) into law on May 9.Continue Reading Five State Privacy Laws in Five Months

On this episode of the R&G Tech Studio podcast, managing principal and global head of advanced E-Discovery and A.I. strategy Shannon Capone Kirk sits down with data, privacy & cybersecurity partner Fran Faircloth to discuss how new and ever-evolving technology is impacting her clients, particularly generative AI, and the challenges that arise in litigation and

On March 13, 2024, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced that it had opened an investigation into the monumental cyberattack on Change Healthcare (“Change”), a unit of UnitedHealth Group (“UHG”). The attack is one of the largest assaults against the U.S. health care system, with far-reaching

On April 24, President Biden signed a sweeping foreign aid bill into law, which included a critical provision covering privacy and data transfers known as the Protecting Americans’ Data from Foreign Adversaries Act (“PADFA”). This Act is separate from the TikTok divestment portion of the legislation, which has received far greater attention in the press.