By Sam Castic
The California Privacy Protection Agency (CPPA) has adopted final regulations on privacy risk assessments, cybersecurity audits, and automated decisionmaking technology (ADMT), as well as amendments to existing CCPA regulations. Final publication of the regulations is pending review by the Office of Administrative Law, and depending on when that occurs, the regulations will likely take effect 10/1/2025 or 1/1/2026. Some key concepts from these regulations, and actions to consider, are below.
Read More
By Sam Castic
On Friday April 11, 2025, the DOJ released a Compliance Guide and more than 100 FAQs on the Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons Rule (the “DOJ Rule”). It also released an Implementation and Enforcement Policy, which indicates it will not prioritize enforcement against companies making good faith efforts to comply until July 8, 2025.
Read More
By Emily Litka
In September 2024, California Governor Gavin Newsome signed a number of new generative AI (“genAI”) bills into law. These laws address risks associated with deepfakes, training dataset transparency, use of genAI in healthcare settings, privacy, and AI literacy in schools. California is the first US state to enact such sweeping genAI regulations.
Read More
By Sam Castic
The Hintze Cybersecurity + Breach Response Group has published a new guide to U.S. state and territory data breach notification laws – the Hintze Data Breach Notice Guide accessible here. We include in our guide an overview section with a high-level summary of the common provisions that U.S. breach notice laws contain. We also provide a set of detailed charts covering each of the 54 states and jurisdictions. We gathered our collective decades of experience working with breaches to organize these charts in a way we think is more usable in the midst of a breach crisis.
Read More
If you are a startup or just a privacy or security officer with a lean budget, please check out our list of publicly available privacy and security resources. We update this from time to time for presentations we give to companies just starting to build their privacy and security programs and always welcome input on any "free" resources you find helpful.
Read More