The Federal Trade Commission (FTC) reiterated its long-held view that hashing or pseudonymizing identifiers does not render data anonymous, in a post to its Technology Blog on July 24, 2024.
In the rather strongly worded post, while acknowledging that hashing and pseudonymizing data has the benefit of obscuring the underlying personal data, the FTC
Continue Reading FTC Reiterates that Hashed and Pseudonymized Data is Still Identifiable DataOn April 4, 2024, Kentucky Governor Andy Beshear signed House Bill 15, an act related to Kentucky consumer data privacy (“KCDPA”). Kentucky now joins the expanding list of states with comprehensive state privacy legislation, with the KCDPA set to take effect January 1, 2026.
Scope
The KCDPA applies to entities conducting business in Kentucky
Continue Reading US: Kentucky Legislature Passes Comprehensive State Privacy LawThe Federal Trade Commission (“FTC”) is taking bold actions to challenge business’s collection and monetization of consumers’ personal data—particularly sensitive personal data. This month, the FTC reached settlements with a data broker, X-Mode Social and its successor Outlogic LLC (“X-Mode”), and an alcohol addiction treatment firm, Monument Inc. (“Monument”), for, among other things, allegedly selling
Continue Reading US: The FTC Cracks Down on Sensitive Personal Information DisclosuresOn March 6, 2024, the New Hampshire Governor signed into law Senate Bill 255 (the “NH Act”), making New Hampshire the 15th state to adopt a comprehensive state privacy law. The NH Act will take effect January 1, 2025. This post explores how the NH Act stacks up against the other comprehensive state privacy
Continue Reading US: New Hampshire Enacts 15th Comprehensive State Privacy LawOn January 16, 2023, the New Jersey Governor signed into law Senate Bill 332 (the “Act”) making New Jersey the 14th state to adopt a comprehensive state privacy law. The Act will take effect on January 15th, 2025, and requires the Division of Consumer Affairs to issue rules and regulations to effectuate
Continue Reading US: New Jersey Enacts Comprehensive State Privacy LawIn 2010, Congress included a provision in the Consumer Financial Protection Act (CFPA) requiring that the Consumer Financial Protection Bureau (CFPB or Bureau) promulgate rules effectuating what is commonly referred to as “Open Banking.” Specifically, the rules would require any entity that engages in offering or providing a consumer financial product or service to make
Continue Reading US: Open Banking Regulation Arrives in the USSweeping Amendments to NYDFS Cybersecurity Regulation
On November 1, 2023, the New York Department of Financial Services (NYDFS) announced extensive amendments to its cybersecurity requirements for financial institutions issued under 23 NYCRR Part 500. The amendments are intended to address the evolution in the cybersecurity landscape since the regulation was first enacted in 2017, including
Continue Reading US: Regulators Enhance Information Security Requirements for Financial Services Companies
