Technology

The US Department of Health and Human Services recently updated its guide to help the private and public healthcare sectors develop cybersecurity protocols that address NIST’s Framework for Improving Critical Infrastructure Cybersecurity. The guide is a toolkit, with information and resources intended to help companies implement cybersecurity programs in the health care space. While the aim of this guidance is to help companies implement NIST’s protocols for protecting US critical infrastructure, the recommendations contained in the guide mirror other agencies’ security recommendations (for example those we have written about from the Department of Labor and the FDA).
Continue Reading HHS Releases Cybersecurity Guide

Colorado’s Privacy Act regulations have now been finalized, in advance of the law’s July 1 effective date. As we have written previously, the Colorado privacy law applies to companies that conduct business in the state and either (1) control or process personal data of 100,000 Colorado consumers during a calendar year, or (2) derive revenue or receive a discount on the price of goods or services from the sale of personal data and processes or controls the personal data of at least 25,000 Colorado consumers. The law mirrors in many ways the comprehensive privacy laws of other states.
Continue Reading Colorado Privacy Law Regulations Finalized: Time to Review Information Practices

On March 16, 2023, the U. S. Copyright Office (USCO) launched a new AI Initiative to examine the copyright law and policy issues raised by artificial intelligence (AI), including the scope of copyright in works generated using AI tools and using copyrighted materials in AI training. According to the USCO: “This initiative is in direct response to the recent striking advances in generative AI technologies and their rapidly growing use by individuals and businesses.” It is also a response to requests from Congress and the public.
Continue Reading Copyright Office Artificial Intelligence Initiative and Resource Guide

Companies are continuing to find it hard to navigate the legal landscape of website accessibility. Plaintiff’s lawyers argue that “inaccessible” websites or mobile apps fail to comply with the Americans With Disabilities Act or similar state laws. This despite the absence of standards for website accessibility in these laws. Similarly, while the Department of Justice does not have a regulation setting out detailed website accessibility standards, the Department’s position has been that the Americans with Disabilities Act’s general nondiscrimination and effective communication provisions apply to web accessibility. 
Continue Reading The Rough Waters of Website Accessibility

February 2023 was a momentous month for Illinois’ Biometric Information Privacy Act (BIPA). Just two weeks after imposing a 5-year time limit for all BIPA claims, the Illinois Supreme Court resolved another pressing issue. In Cothron v. White Castle System, Inc., the Illinois Supreme Court considered whether a BIPA claim accrues every time a company scans or transmits a person’s biometric identifier (e.g., fingerprint) without consent. In a closely divided 4-3 ruling, the Court answered “yes.”
Continue Reading Illinois High Court Rules “Per-Scan” Damages Can Be Awarded Under BIPA

Roblox recently announced that it is working on generative artificial intelligence (AI) tools that will help developers who build experiences on Roblox, to more easily create games and assets. The first two test tools create generative AI content from a text prompt and enable generative AI to complete computer code. This is just the tip of the iceberg on how generative AI will be used in games and a variety of other creative industries. Music, film, art, comic books, and literary works are some other uses. AI tools are powerful and their use will no doubt be far reaching. In
Continue Reading How Generative AI Generates Legal Issues in the Games Industry

The rapid rise of AI used with advertising, marketing and other consumer facing applications has caused the FTC to continue to take notice and issues guidance. For example, the FTC is concerned about false or unsubstantiated claims about an AI product’s efficacy. It has issued AI-related guidance in the past. The following is some recent FTC guidance to consider when referencing AI in your advertising. This guidance is not necessarily new, but the fact that it is being reiterated should be a signal that the FTC continues to focus on this area and that actions may be forthcoming. In fact,
Continue Reading You Don’t Need a Machine to Predict What the FTC Might Do About Unsupported AI Claims

The California Privacy Protection Agency (CPPA) Board recently met and unanimously voted to finalize the proposed final CPRA regulations. This approved version was first released in January and updated those released in November 2022. Along with the proposed final CPRA regulations, the CPPA published a draft final statement of reasons and appendices containing responses to the comments received during the public comment periods.
Continue Reading CPRA Update: Moving Toward Finalization

The California AG announced an investigative sweep of mobile apps, as we reported in our sister blog. The investigative focus is on companies in the retail, travel and food service industries who may not be complying with the California Consumer Privacy Act (CCPA). As we have written previously, the California law requires entities to provide individuals with a myriad of rights, including as it relates to “sale” of personal information.
Continue Reading Mobile Apps Beware!: California AG’s Current Privacy Sweep

A plaintiff has her fingerprints forever. But she doesn’t have forever to file a lawsuit for improper retention, deletion, collection, or use of her fingerprints. For years, Illinois courts have been perplexed on what statute of limitations applies to different claims under the Illinois Biometric Information Privacy Act (“BIPA”). That left an unanswered question: how long does a plaintiff have to file a BIPA claim before losing it? The Illinois Supreme Court weighed in last week, siding with the plaintiffs’ bar. In Tims v. Black Horse Carriers, Inc., that Court held that plaintiffs have five years to file any
Continue Reading Illinois High Court Allows Biometric Privacy Claims to Go Back Five Years

The UK’s new Code of Practice for App Store Operators and App Developers provides companies with privacy-related resources. It also highlights ICO privacy expectations. Participating in the code is done by voluntarily complying with it (it is not mandatory). The UK Department for Digital, Culture, Media, and Sport, though, is not only working with leading companies to participate in the code, but also is looking at whether current laws should be expanded and/or if code participation should become mandatory. 
Continue Reading UK App Code Provides Privacy and Security Compliance Direction