As of January 17, 2025, financial entities and their critical information and communication technology (ICT) service providers need to comply with the new cybersecurity requirements in the Digital Operational Resilience Act (DORA). DORA introduces significant operational and ICT security requirements for a wide range of financial market participants, including banks, insurers, trading platforms, as well as for their ICT service providers.Continue Reading New EU Cyber Resilience Requirements for Financial Sector Enter into Force

Overview

The U.S. Department of Health and Human Services Office for Civil Rights (HHS-OCR) has announced proposed modifications to the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (the Proposed Rule). The Proposed Rule was published in the Federal Register for comment on January 6, 2025. It aims to strengthen the security and privacy of electronic protected health information (ePHI) in response to the evolving threat landscape and emerging technological challenges. If finalized as proposed, the Proposed Rule will have significant implications for healthcare organizations, their business associates, and other entities subject to HIPAA compliance requirements (the “regulated entities”). This alert represents the first in a multipart series outlining the most pertinent of the proposed rules and the potential implications for regulated entities.Continue Reading HHS-OCR Announces Proposed Modifications to the HIPAA Security Rule

On January 8, 2025, the second highest court of the European Union (EU), the General Court of the Court of Justice of the EU (the Court), ordered (in Bindl v European Commission, Case T-354/22) the European Commission (EC) to pay EUR 400 in damages to an individual for transferring their personal data to the U.S. without having implemented a data transfer mechanism under EU law.Continue Reading EU Court Awards Damages for Breach of EU Data Transfer Rules

Legislators and regulators across the European Union (EU) and the United Kingdom (UK) are intensifying efforts to enhance the protection of minors online, responding to growing concerns about children’s safety in the digital space. Recent regulations (including the EU Digital Services Act) and guidance impose increasingly strict obligations for providers to restrict access to harmful content for children.Continue Reading Increased Focus on the Protection of Minors and Age Verification in the EU and the UK

With Inauguration Day just around the corner, we are likely to see a host of new legislative and enforcement initiatives at the federal level. The Federal Trade Commission (FTC) will shift certain priorities under incoming Chairman Andrew Ferguson’s direction. And at the state level, legislatures and state attorneys general (state AGs) will continue to be active, enacting and enforcing a slate of new laws. As we ring in the new year, companies should be mindful of the new laws, regulations, and enforcement priorities that will likely impact them. Below are the top 10 U.S. privacy, cybersecurity, and consumer protection developments to watch out for in 2025:Continue Reading New Year, New Developments: 2025 U.S. Privacy, Cybersecurity, and Consumer Protection Predictions

On December 18, 2024, the European Data Protection Board (EDPB) published its much-anticipated Opinion on the processing of personal data in the context of AI models in light of the EU General Data Protection Regulation (GDPR).Continue Reading EU Privacy Regulators Confirm That Legitimate Interest Is a Valid Legal Basis for AI Model Training and Deployment

On December 10, 2024, President-elect Trump named FTC Commissioner Andrew Ferguson as next Chairman of the Federal Trade Commission (FTC), replacing Chair Lina Khan on January 20, 2025. As a Senate-approved sitting Commissioner, he will not need Senate approval to assume the role of Chairman. President-elect Trump also named Mark Meador as a Commissioner to fill the slot currently occupied by Chair Khan. Meador is a former staff member for Senator Mike Lee (R-UT). He has experience serving at the FTC, having spent five years at the beginning of his career working on antitrust cases at the agency.Continue Reading Shaping Consumer Protection: What to Expect from Incoming Chairman Ferguson’s FTC