When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
Navigating Emerging Privacy Issues in Financial Services — The Consumer Finance Podcast
The Privacy Insider Podcast Episode 4: Don't Be Evil: In the Hot Seat of Data Privacy, Part 1
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Preventative Medicine: Health Care AI Privacy and Cybersecurity — The Good Bot Podcast
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
[Webinar] AI and Data Privacy: Minimizing Risk and Maximizing Opportunity
Work This Way: A Labor & Employment Law Podcast | Episode 14: How Employers Can Navigate Cybersecurity Issues with Brandon Robinson, Maynard Nexsen Attorney
Uncovering Hidden Risks: Ep 13 - Unveil Data Security Paradoxes
As discussed in our previous blog post, the Cybersecurity and Infrastructure Security Agency (CISA) is proposing a significant new rule to bolster the nation’s cyber defenses through mandatory incident reporting. While...more
April 2024 On April 4, 2024, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (“CISA”) published a 447-page Notice of Proposed Rulemaking (“Proposed Rules”) in accordance with the...more
On March 15, 2022, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 was signed into law. Generally, CIRCIA requires “covered entities,” defined as entities in certain critical infrastructure sectors, to...more
On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) within the US Department of Homeland Security released a much-anticipated notice of proposed rulemaking (NPRM) to implement the Cyber Incident...more
On January 18, 2024, the Federal Trade Commission (FTC) discussed its long-anticipated proposed changes for the Children’s Online Privacy Protection Rule (COPPA) in an open meeting. Released in a notice of proposed...more
The Department of Defense published a much-anticipated Proposed Rule at the end of last year for its Cybersecurity Maturity Model Certification program. The proposed rule is our first comprehensive look at the latest...more
The Department of Health and Human Services ("HHS") has released a concept paper outlining its new cybersecurity strategies for the health care sector, identifying cybersecurity priorities, potential future regulations and...more
On December 20, 2023, the Federal Trade Commission (FTC or Commission) issued a Notice of Proposed Rulemaking (Notice) recommending amendments to the Children’s Online Privacy Protection Rule (COPPA Rule or Rule). The FTC...more
When I reflect on the relationship that our firm has with our clients, I’m most proud of the fact that you can always count on us. That often means defending complex litigation, steering you through regulatory threats,...more
The Consumer Finance Protection Bureau (CFPB) on Oct. 19, 2023, proposed a new Personal Financial Data Rights rule (Proposal) through which it seeks to increase competition in the financial sector. The Proposal was developed...more
Welcome to this month's issue of The BR Privacy & Security Download, the digital newsletter of Blank Rome’s Privacy, Security & Data Protection practice....more
In an amendment to the Safeguards Rule of the Gramm-Leach-Bliley Act (GLBA), which was officially announced on October 27, 2023, the Federal Trade Commission (FTC) will mandate that a wide array of nonbank financial...more
The federal banking agencies have jointly issued a final rule that will modify how examiners assess compliance with the Community Reinvestment Act (CRA). Among other changes to the CRA regulations announced on October 24, the...more
On October 19, the Consumer Financial Protection Bureau (the "CFPB") proposed the long-anticipated "Personal Financial Data Rights Rule" (the "Proposed Rule"), which would govern access for consumers and data aggregators to...more
On October 3, 2023, the FAR Council released two long-awaited proposed rules for federal contractor cybersecurity stemming from the Biden Administration’s Cybersecurity Executive Order from May 2021 (Executive Order 14028)....more
With recent events underscoring the Federal Trade Commission’s (FTC) heightened scrutiny of and enforcement efforts against health app companies collecting or using consumer health information, it's imperative for these same...more
Welcome to the third edition of our AI Legal News Summer Roundup! After five class actions were filed between June 28 and July 11 (as reported on in our first edition of this series), on July 21, another class action lawsuit...more
In an effort to formalize its Sept. 15, 2021, Statement of the Commission on Breaches by Health Apps and Other Connected Devices, as previously discussed in a McGuireWoods Oct. 5, 2021, alert, the Federal Trade Commission...more
At an Open Meeting on July 26, 2023, the US Securities and Exchange Commission (SEC) adopted final rules and amendments that impose new cybersecurity-related disclosure requirements for public companies subject to the...more
In yet another indication of the increasing weight being given by government officials to cybersecurity, on July 26, 2023, the Securities and Exchange Commission adopted new rules requiring public companies to disclose...more
The Federal Trade Commission (FTC) recently proposed changes to the Health Breach Notification Rule (Rule), enacted in 2009, to clarify that the Rule applies directly to an estimated 170,000 health and wellness mobile...more
In May, the Federal Trade Commission (“FTC”) proposed changes (the “Proposed Rule”) to the Health Breach Notification Rule (the “Rule”), which, among other items, emphasize that the Rule applies to mobile health applications...more
Regulator proposes requiring content moderation, algorithmic transparency, data protection and security, nondiscrimination, and quality of training data - Regulators around the globe are paying close attention to the...more
On March 15, 2023 the Securities and Exchange Commission (“SEC”) proposed three new sets of rules (the “Proposed Rules”) which, if adopted, would require a variety of companies to beef up their cybersecurity policies and data...more
The Securities and Exchange Commission (SEC or Commission) voted on March 15, 2023, to propose three new sets of rules for data security, cybersecurity, and IT operational resilience. The newly proposed rules would, among...more