Photo of Liisa Thomas

Liisa Thomas, a partner based in the Chicago and London offices, is Leader of the firm's Privacy and Cybersecurity Practice Group.

A California-based lead generation company recently settled with the FTC for $1.5 million over alleged privacy violations. The FTC argued that the company deceptively acquired consumer personal information and improperly
Continue Reading FTC Fines Lead Generation Company $1.5M Citing Misuse of Consumer Financial Data

Just as we thought 2022 was going to be significantly different than 2021, December 2021 and January 2022 events have thrown us for another (pandemic) loop. We anticipate that some of the privacy and cybersecurity developments from 2021 may similarly repeat in 2022. To help prepare for privacy and cybersecurity program plans for the year, we have created a comprehensive resource of all our www.eyeonprivacy.com posts from last year. From artificial intelligence, biometrics, new US privacy laws, ongoing scrutiny of breach and security issues, to concerns over global data flows, 2021 was a busy year. We have also included several articles focused specifically on managing privacy compliance, and include an examination of right-sized privacy programs, regulatory priorities, and managing “unknown” and unpredictable risks.

Continue Reading 2021 Privacy Year In Review

OpenX Technologies recently agreed to pay $2 million to settle FTC allegations that the advertising platform violated the FTC Act and the Children’s Online Privacy Protection Act. OpenX runs a programmatic ad exchange, running a bidding platform that auctions online ad space. The company contracts with publishers who have open ad space as well as ad networks with inventories of ads they are seeking to publish online.

Continue Reading OpenX Ad Exchange Settles With FTC Over Alleged COPPA and Other Violations

The European Commission recently adopted an adequacy decision regarding the Republic of Korea’s data protection laws. As a result of this decision, personal data can freely flow between the EEA and South Korea without the need for additional transfer mechanisms.

Continue Reading European Commission Adopts Korean Adequacy Decision

The California Privacy Protection Agency recently published public comments received in response to its preliminary rulemaking activities for the California Privacy Rights Act (CPRA). The comments were originally solicited in September and due by November 8. The public feedback totals nearly 900 pages. It includes comments from various companies, industry associations, and other interested parties.

Continue Reading California Publishes Initial Public Comments to CPRA

Virginia edges closer to its privacy law January 2023 implementation. A new working group report gives some insight on implementation focus. The working group is tasked with giving advice on implementing the Virginia Consumer Data Protection Act. It held a series of meetings with companies and other stakeholders throughout the year. This current report summarizes “points of emphasis” from those meetings.  Those included that law be interpreted strictly. For example, sunseting companies “right to cure” after two years. Another point raised was whether to let the attorney general seek actual damages based on harm.

Continue Reading Virginia Privacy Law Continues to Progress Towards 2023 Implementation

Federal banking regulators issued a final rule that impacts how banks and other regulated entities report certain data incidents.  Those subject to these new reporting requirements include U.S. banks and bank service providers. The rule is effective April 1, 2022, and covered entities are expected to comply with the final rule by May 1, 2022. The new requirements reflect ongoing concern to identify and stop computer security incidents before they become systemic.
Continue Reading Beginning in May 2022 Banks Will Have 36 Hours to Disclose Certain Types of Cyber Incidents

The Food and Drug Administration recently sought comments on the role of transparency for artificial intelligence and machine learning-enabled medical devices. The FDA invited comments in follow up to a recent workshop on the topic.

Continue Reading FDA Joins Other Regulators in Focus on AI and Machine Learning