With the U.S. Department of Justice’s Data Security Program (DSP) now in full effect, companies that handle sensitive personal data, operate across borders, or rely on global vendor ecosystems face an increasingly complex compliance environment. The DSP restricts certain data transactions involving individuals and countries of concern, imposes new
As FTC Chair Andrew Ferguson establishes his enforcement priorities, his positions on data categorization and surveillance pricing reveal a consistent philosophy that balances privacy protection with innovation. This is the third post in our series on what to expect from the FTC under Ferguson as chair.
Our previous posts examined Ferguson’s broad regulatory philosophy of
While Andrew Ferguson advocates for a restrained regulatory approach at the FTC, his statements and voting record reveal clear priority areas where businesses can expect continued vigorous enforcement. Two areas stand out in particular: children’s privacy and location data. This is the second post in our series on what to expect from the FTC under
Since Andrew Ferguson assumed the role of FTC chair in January 2025, following his year-long tenure as a commissioner, businesses have been watching closely for signals of how the agency might redirect its focus on privacy enforcement. Ferguson’s public statements, concurrences, and dissents provide valuable insight into his regulatory philosophy and what companies can expect
The landscape of prior express written consent under the Telephone Consumer Protection Act (TCPA) has undergone a significant shift over the past 13 months. In a December 2023 order, the Federal Communications Commission (FCC) introduced two key consent requirements to alter the TCPA, with these changes set to take effect on January 27, 2025. First
The final text of the amended Negative Option Rule, featuring the new “Click to Cancel” program, goes into effect this week on Wednesday, January 15, 2025, and should become enforceable approximately four months later on Wednesday, May 14, 2025. The FTC believes that this rule will help the FTC get money back
On October 11, 2024, the United States Department of Defense (DOD) published a final rule implementing its Cybersecurity Maturity Model Certification (CMMC) program, which is designed to verify that defense contractors are adequately protecting sensitive information from cybersecurity threats. The CMMC applies to contractors who process, store, or transmit Controlled Unclassified Information (CUI) or Federal
A significant shift in cybersecurity compliance is on the horizon, and businesses need to prepare. Starting in 2024, organizations will face new requirements to report cybersecurity incidents and ransomware payments to the federal government. This change stems from the U.S. Department of Homeland Security’s (DHS) Cybersecurity Infrastructure and Security Agency (CISA) issuing a Notice of
In the middle of the 20th century, there was a massive expansion of the retail credit market. Everything from boats to sewing machines to kitchen appliances were bought and sold through increasingly complex credit arrangements. These credit arrangements would extinguish a consumer’s rights to dispute any terms of the contract once a loan was
On December 13, 2023, the Federal Communications Commission (FCC) ushered in a new era by enacting transformative rules, marked by a 4-1 vote, aimed at addressing what it viewed as the lead generation loophole. The FCC’s Second Report and Order, released on November 22, 2023, was poised to signify a monumental shift in lead generation
Colorado became the third state to enact comprehensive data privacy legislation when Gov. Jared Polis signed the Colorado Privacy Act (CPA) on July 8, 2021. The CPA shares similarities with its stateside predecessors, the California Consumer Privacy Act (CCPA), the California Privacy Rights Enforcement Act (CPRA), and the Virginia Consumer Data Protection Act (VCDPA), as