When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Healthcare Document Retention
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
Episode 326 -- Dottie Schindlinger on Diligent's Report on Board Oversight of Cybersecurity Risks and Performance
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Information Security and ISO 27001
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
Data Centers: Demand, Development, and Future Challenges With Ali Greenwood — TAG Infrastructure Talks Podcast
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
On October 30, 2023, President Biden signed a first-of-its-kind executive order entitled, "Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence" ("AI")....more
The People’s Republic of China’s Regulations on the Administration of Deep Synthesis of Internet Information Services (Regulations) entered into force on 10 January 2023, following their adoption by the Cyberspace...more
The Department of Health and Human Services (“HHS”) has issued a formal request for information from the public about how regulated entities are implementing industry recognized security practices. The request for information...more
Covered entities and business associates subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) have the chance to provide input on two amendments to the Health Information Technology for...more
The Federal Government continues ramping up enforcement of data security requirements by deploying significant new enforcement theories and tools in support of cyber and data security controls required by federal law....more
Last month, on Data Privacy Day, Colorado’s Attorney General Philip Weiser released prepared remarks entitled “The Way Forward on Data Privacy and Data Security” that shed some light on his approach to enforcing Colorado’s...more
Data Aggregators Launch Open Finance Data Security Standard - A group of data aggregator fintechs and security and compliance companies recently released a new data security standard for the open finance industry – the...more
It should be assumed that everything connected to the Internet can be hacked and exposed, now more than ever before. It is commonplace and concerning. Internet of Things (IoT) devices are often developed and sold without a...more
There are billions of Internet of Things (IoT) devices out there in the world and this number will only grow. I’ve written before about smart light bulbs and smart security cameras and it’s no secret that I am fascinated by...more
You executives and managers who are in my age group (that is, you didn’t grow up with mobile devices and computers) listen up. According to several studies, you pose a higher security risk to your organization than the...more
Following the UK Government's announcement in January 2020 that it would be moving forwards with regulation on consumer IoT device security, the Government has now published its legislative proposals and is seeking feedback...more
If you are reading this during April 2020, you’re probably reading it from somewhere in your own home — and probably near the friends and loved ones with whom you’re living in close quarters during this time of remote work,...more
The new data security requirements provision of New York’s Stop Hacks and Improve Electronic Data Security (SHIELD) Act went into full force as of March 21, 2020, and all people and businesses, regardless of the state in...more
In the midst of the coronavirus pandemic when more condo and coop board business is being conducted electronically than ever before, the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) will go into effect on...more
The U.S. Food and Drug Administration (FDA) announced a set of cybersecurity vulnerabilities, referred to as “SweynTooth,” that – if exploited – may introduce risks for certain Bluetooth enabled medical devices. ...more
One of the major changes introduced by the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, which was signed into New York law last year, is scheduled to take effect this week. ...more
The decision to appeal a regulatory finding is never taken lightly. By the time a regulator has completed its investigation and notified a company of its intention to fine, the company will have invested significant time and...more
In the fall of last year, we wrote about the passage of the SHIELD Act (the Act) in New York, which expanded aspects of the state’s breach notification requirements (Breach Requirements) and created a statutory obligation to...more
As discussed in an earlier blog post, the New York state Stop Hacks and Improve Electronic Data Security Act (or “SHIELD Act”), was signed into law on July 25, 2019....more
In today’s connected world, businesses face constant pressure to improve their cybersecurity practices and to confirm that they are meeting industry standards. To continue helping businesses achieve those goals, the SEC...more
Time is running out. The effective date of New York’s cybersecurity law mandating that organizations implement an information security program to protect “private information” of New York State residents, including employee...more
UK Government set to move forwards with regulation on consumer IoT device security The UK Government has just announced that it intends to draw up legislation aimed at ensuring that all consumer smart devices sold in the UK...more
New data retention limitations and disposal requirements on some types of businesses in New York will go into effect on March 21, 2020, under the Stop Hacks and Improve Electronic Data Security (SHIELD Act) that was signed...more
From late June 2019 through mid-October 2019, a handful of states amended their data breach notification statutes. Specifically, six states amended their states to (1) require notice to the State Attorney General, (2) broaden...more
Last Thursday, Governor Andrew M. Cuomo signed the Stop Hacks and Improve Electronic Data Security (“SHIELD”) Act, which amends New York’s current data breach notification law and places increased obligations on businesses...more