The Oregon Consumer Privacy Act (OCPA) is the 11th comprehensive privacy law passed in the United States that gives individuals – in this case, Oregonians – significant control over their personal information. The OCPA, which goes into effect on July 1, 2024, applies to businesses that provide services and products to Oregonians and either control (i.e., collect) or process personal information from at least 100,000 Oregon consumers, or control or process personal information from 25,000 Oregon consumers where 25% of the business’s gross annual revenue comes from selling personal information.

The Connecticut Supreme Court issued a key ruling on August 8, 2023 regarding the immunity conferred under Executive Order 7V for civil lawsuits against health care professionals and providers.

On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) announced new proposed rules for regulating brokerages and money managers using artificial intelligence (AI) to serve their clients. The SEC’s plan aims to address concerns about potential conflicts of interest that arise when financial services firms use the burgeoning technology. Companies and individuals in the financial industry should take note.

Welcome to the July edition of the CyberCapsule. In this edition, we highlight new ways the Biden administration is attempting to combat cyber incidents and the threat actors' continued evasiveness and pervasiveness. The SEC also made a splash, both with the recent Covington order and with the long-awaited released of its disclosure rules. And, finally, we remind our readers of two newly amended data breach notification statutes.

The Securities and Exchange Commission (“SEC”) recently adopted new Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rules (“Final Amendments”) for publicly traded companies. From a cybersecurity reporting standpoint, these rules require public companies to: (1) report material cybersecurity incidents within four business days of discovery; and (2) annually disclose their cybersecurity risk management, strategy, and governance processes. The rules go into effect 30 days after being released in the Federal Register which typically occurs within 45 days after a rule is finalized.

On July 19, 2023, the United States Department of Commerce’s Bureau of Industry and Society (BIS) released new best practices guidance for exporters dealing with medical-related items destined for Russia, Belarus, or the Occupied/Covered Regions of Ukraine. This guidance follows the May 19 tranche of export control regulations and reinforces the U.S. Government’s approach of facilitating the flows of humanitarian and medical goods while preventing their diversion to military ends. The new guidelines aim to strike that balance by providing businesses with a set of recommendations to follow to streamline and expedite the export process for medical-related items. The BIS has put forth five specific recommendations.

On June 3, 2023, Nevada Governor Joe Lombardo signed into law Assembly Bill (AB) 398, which prohibits insurers from renewing or issuing insurance policies that include provisions that reduces the limit of liability by the costs of defense.

In this third installment of our Colorado Legislation Client Alert Series, we review amendments to Colorado’s Healthy Families and Workplaces Act (HFWA), which expand the permitted uses of paid sick leave to cover bereavement and inclement weather.