In December 2024, New York Governor Kathy Hochul signed into law two bills (A8872A and S2376B; collectively, the “Bills”) that amend New York’s Data Breach Notification Law.1 The Bills introduce a maximum thirty-day timeframe for notifying affected New York residents of a reportable “breach of the security of the system”2 under

In December 2024, the Assistant Secretary for Technology Policy/Office of the National Coordinator for Health Information Technology (“ASTP/ONC”) within the U.S. Department of Health and Human Services (“HHS”) published two final rules that establish health data interoperability and information blocking regulations (the “New HTI Final Rules”).

The New HTI Final Rules will affect Trusted Exchange

On January 8, 2025, the Department of Justice (“DOJ”) published its Final Rule to implement President Biden’s Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” (the “Final Rule”). This follows the DOJ’s publication of its Notice of Proposed Rulemaking (“NPRM”) in October 2024

After its election to power in July 2024, the newly formed Labour government wasted little time in announcing its legislative priorities for the coming year. Unsurprisingly, these priorities included several proposed Bills relating to data protection, cybersecurity and digital regulation. At the time of writing, only one of these Bills—the Data (Use and Access) Bill (“DUAB”)—has been introduced to Parliament, with the others expected to follow in early 2025.Continue Reading Meet the In-Laws: the UK’s Digital Legislative Agenda for 2025

Data breaches made headlines throughout 2024, affecting governments, health care groups, and telecoms. Follow-on litigation has kept pace. Nearly 4,000 class actions involving data privacy issues are estimated to be filed in federal courts by the end of this year.

Growth in litigation meant that 2024 saw legal developments in several areas including standing to sue and web video suits. Increased attention on cybersecurity and privacy incidents unsurprisingly corresponded with active SEC enforcement and derivative suits related to inadequate data security.Continue Reading Unwrapping 2024’s Key Trends in Data Privacy Litigation