January 2025

This Client Alert is a monthly update on privacy and cybersecurity developments as posted on our Privacy & Information Security Law Blog. If you would like to receive email alerts when new posts are published, please visit our blog and enter your email address in the subscribe field.

Recent posts on the Privacy & Information Security Law blog include:

• Italian Garante Investigates DeepSeek’s Data Practices
• New York Data Breach Notification Law Updated
• The Impact of AI Executive Order’s Revocation Remains Uncertain, but New Trump EO Points to Path Forward
• New York State Legislature Passes Comprehensive Health Privacy Law
• UK ICO Publishes its 2025 Strategy for Online Tracking
• FTC Issues Proposed Order Against GoDaddy and Provides Guidance on Security Practices
• UK Government Publishes Consultation on Proposals to Reduce the Threat of Ransomware Attacks
• CNIL Publishes 2025-2028 Strategic Plan
• EU Council Adopts European Health Data Space Regulation
• CFPB Seeks Public Comment on Digital Payment Privacy and Consumer Protections
• President Biden Issues Last-Minute Cybersecurity Executive Order
• China Issues Draft Certification Mechanism for Cross-border Transfers of Personal Information
• Texas AG Sues Allstate for Violations of Texas Privacy law in First Enforcement Action Under a State Comprehensive Data Privacy Law
• California AG Issues Legal Advisories on the Application of California Law to the Use of AI
• CJEU Rules on Excessive Requests
• NOYB Files Complaints For Unlawful Data Transfers to China
• Breaking News: U.S. Supreme Court Upholds TikTok Ban Law
• DORA Becomes Applicable in the EU
• Biden White House Announces New “Cyber Trust Mark”
• FTC Finalizes Long-Awaited Updates to Children’s Privacy Rule
• CISA Publishes Security Requirements Pursuant to EO 14117 for DOJ Rulemaking on Restricted Data Transactions
• CJEW Orders the European Commission to Pay Damages for Data Transfer to the U.S.
• HHS OCR Settlements: Last Week in Review
• NYDFS Urges Companies to Exercise Caution Due to Threats Posed by Remote Workers with Ties to North Korea
• OR AG Issues Guidance Regarding OR State Laws and AI
• New Jersey Division of Consumer Affairs Publishes Privacy Law FAQs
• DOJ Finalizes Rule Implementing EO 14117, Establishing New National Security Cross-Border Data Regulatory Regime
• FDA Issues Draft Guidance on Managing Cybersecurity Risks Affecting AI-Enabled Devices
• Connecticut Data Privacy Act New Opt-out Rights