The cannabis space is young in Virginia, but valuable lessons from the past could provide an edge to those paying close attention.
Game On: Navigating the Legal Landscape of Sports Wagering
In the latest episode of Regulatory Oversight, Gene Fishel and Mike Lafleur welcome Pat Moore and Jared Rinehimer from the Massachusetts Attorney General’s (AG) Office to discuss online sports wagering. They cover the recently enacted Massachusetts Sports Wagering Act, the associated role of the Massachusetts Gaming Commission, related rules addressing advertising and data privacy, and the overall concerns of the AG’s office.
EPA Withdraws Cybersecurity Rule for Public Water Systems
The U.S. Environmental Protection Agency (EPA) has formally withdrawn cybersecurity rules it promulgated in March requiring that states report cybersecurity threats to their public water systems (PWS). The reversal comes in the wake of lawsuits filed in the Eighth Circuit in July by Missouri, Arkansas, and Iowa (the states), along with intervenors American Water Works Association and National Rural Water Association (the water associations). As a result of the withdrawal, the states and water associations filed to dismiss their suits.
Your Organization Has Suffered a Data Incident: Now Here Are the Regulators It Will Likely Encounter
This article was originally published on October 16, 2023 in Reuters and Westlaw Today. It is republished here with permission.
Government regulators are seemingly as numerous as the stars nowadays, especially in the universe of data incidents. When organizations experience a data incident, they will need to quickly assess what happened, why it happened, and who (e.g., clients, consumers, vendors, employees) was affected. They will also need to chart a course by which they resolve the incident while limiting their legal exposure.
Riding the Wave of Right to Repair: California Joins the Movement
As predicted in our previous articles, the “right to repair” movement continues to garner support as more state governments consider legislating in this area. We previously reported that in 2021, 27 states had pending legislation addressing “right to repair” laws (discussed in our previous article here). Already this year, 33 states have considered some form of “right to repair” legislation.[1] The latest of these legislative efforts comes out of California, where on September 13, the Senate unanimously passed SB-244, the Right to Repair Act.[2] Once Governor Newsom signs the bill into law, California will join Colorado, New York, and Minnesota as the fourth state to enact the “right to repair” legislation.[3] We expect more states to follow.
Data Protection: One of These Incidents Is Not Like the Other
This article was originally published on August 24, 2023 in Reuters and is republished here with permission.
In the burgeoning realm of data incidents, it is a truism that such incidents are not created equal. Indeed, a data incident is not necessarily a data breach.
An incident is any “occurrence that actually or potentially jeopardizes the confidentiality, integrity or availability of an information system,” or an event that constitutes a violation of an organization’s computer security or acceptable use policies. National Institute of Standards and Technology, Minimum Security Requirements for Federal Information and Information Systems, FIPS 200, at 7 (Mar. 9, 2006) (nist.gov). A breach is an incident that imposes statutory and regulatory obligations on an affected organization when it holds or controls certain consumer information.
A Conversation With Judge Lawrence VanDyke of the US Court of Appeals for the Ninth Circuit
In this episode of the Regulatory Oversight Podcast, Judge VanDyke joins Troutman Pepper RISE attorneys Ketan Bhirud, Mike Yaghi, and Stephen Piepgrass for an informative discussion on his background and path to becoming a judge, including his time working in several state attorneys general offices.
FTC Comment Request Signals Joint Enforcement With State AGs Will Continue Increasing
On June 7, the Federal Trade Commission (FTC) announced a request for information (RFI) to gain additional insight into how it can optimize joint enforcement with state attorneys general (state AGs) to protect consumers from fraud. The announcement signals a growing trend of cooperation between the FTC and state AGs, which we have also seen between the Consumer Financial Protection Bureau (CFPB) and the state regulators.
AI: Impact and Use in Background Screening (Part Five)
Many companies use machine learning algorithms and artificial intelligence (AI) to assist with employment decisions and tenant screening. In our final episode, Stephen Piepgrass and colleagues Ron Raether and Dave Gettings examine the use and impact of AI in background screening, including the potential risks companies may face with increased reliance on AI.
AGs Require Company With Ovulation Tracking App to Protect User Data
On May 17, District of Colombia Attorney General Brian Schwalb announced the settlement of an investigation into Easy Healthcare Corporation, requiring the company to change its privacy practices involving the ovulation tracking app “Premom” to protect the sensitive reproductive data of consumers. Easy Health agreed to several remedial measures intended to prevent the disclosure of sensitive information to third parties and to pay a $100,000 penalty to the states involved with the investigation.