On March 11, 2026, independent reports confirmed that one of the largest medical device companies in the United States was the target of a significant cyberattack attributed to Iran-linked threat actors. Although the...more
3/16/2026
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Export Controls ,
Healthcare ,
Incident Response Plans ,
Life Sciences ,
Medical Devices ,
PHI ,
Popular ,
Ransomware
The traditional separation between privacy and security is dissolving as technology and regulations force roles and responsibilities to converge. CISOs and CPOs increasingly face overlapping decisions — and overlapping...more
Today I left the house again. I thought my life would be simple, maybe settle into a spreadsheet and hang out for a while. Instead, I’m a frequent flyer in every modern organization. I have more passport stamps than a travel...more
On the Rise: Cyberattacks through the supply chain have increased by over 400% in recent years. Leaders need to take action.
Enhance Third-Party Cybersecurity: Regularly audit suppliers’ cybersecurity practices and limit...more
11/6/2025
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Security ,
Incident Response Plans ,
Popular ,
Ransomware ,
Risk Management ,
Software ,
Supply Chain ,
Third-Party Service Provider
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
6/10/2025
/ Compliance ,
Corporate Counsel ,
Data Breach ,
Data Privacy ,
Disclosure Requirements ,
Personal Information ,
Personally Identifiable Information ,
Privacy Laws ,
Regulatory Requirements ,
Reporting Requirements ,
State Privacy Laws
In today’s data-driven sports industry, teams, leagues and sponsors increasingly rely on biometric and performance data to enhance player performance, prevent injuries and optimize contract negotiations. Such data collection...more
On January 16, 2025, President Joe Biden issued the “Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity,” a comprehensive directive designed to address the growing complexity and...more
1/27/2025
/ Artificial Intelligence ,
Compliance ,
Critical Infrastructure Sectors ,
Cyber Threats ,
Cybersecurity ,
Data Security ,
Encryption ,
Executive Orders ,
Federal Contractors ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Infrastructure ,
Manufacturers ,
Multi-Factor Authentication ,
Ransomware ,
Sanctions
On January 16, 2025, President Joe Biden signed the “Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity.” This directive seeks to tackle the increasingly complex and evolving cybersecurity...more
1/23/2025
/ Artificial Intelligence ,
Biden Administration ,
Cyber Crimes ,
Cybersecurity ,
Data Security ,
Executive Orders ,
Infrastructure ,
Innovation ,
National Security ,
Regulatory Agenda ,
Risk Management ,
Trump Administration
On January 20, 2025, President Donald Trump signed an executive order rescinding the 2023 directive issued by former President Joe Biden on artificial intelligence (AI). Biden’s order outlined extensive measures aimed at...more
1/22/2025
/ Artificial Intelligence ,
Compliance ,
Corporate Governance ,
Data Privacy ,
Data Protection ,
Ethics ,
Executive Orders ,
Policies and Procedures ,
Regulatory Agenda ,
Regulatory Reform ,
Risk Management ,
Technology
Fiduciaries should be aware of recent developments involving AI, including emerging and recent state law changes, increased state and federal government interest in regulating AI, and the role of AI in ERISA litigation. While...more
1/16/2025
/ Anti-Discrimination Policies ,
Artificial Intelligence ,
Compliance ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Employee Benefits ,
Employee Retirement Income Security Act (ERISA) ,
Employee Training ,
Equal Employment Opportunity Commission (EEOC) ,
Fiduciary Duty ,
Health and Welfare Plans ,
Healthcare ,
OCR ,
Regulatory Requirements ,
Risk Management
This is the second article in our two-part series on Cybersecurity in the Age of Industry 4.0, focusing on the legal implications and potential liabilities manufacturers face from cyberattacks, as well as practical...more
9/20/2024
/ California Privacy Rights Act (CPRA) ,
Class Action ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Duty of Care ,
Employee Training ,
General Data Protection Regulation (GDPR) ,
Incident Response Plans ,
Intellectual Property Protection ,
Manufacturers ,
Noncompliance ,
Theft ,
Trade Secrets
As the manufacturing sector continues to embrace the hyper-connected era of Smart Manufacturing, known as Industry 4.0, more and more organizations are integrating advanced automation, artificial intelligence (AI), the...more
9/13/2024
/ Artificial Intelligence ,
Automation Systems ,
Corrective Actions ,
Cyber Attacks ,
Cybersecurity ,
Energy Sector ,
Intellectual Property Protection ,
Internet of Things ,
Machine Learning ,
Malware ,
Manufacturers ,
Ransomware ,
Reputational Injury ,
Risk Management ,
Sensitive Personal Information ,
Social Engineering ,
Supply Chain
The recent massive data breach at National Public Data (NPD), a background check company, has potentially compromised the personal information of millions, if not billions, of individuals, including their Social Security...more
8/26/2024
/ Credit Reports ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Security ,
Federal Trade Commission (FTC) ,
Fraud ,
Hackers ,
Identity Theft ,
IRS ,
Popular ,
Risk Assessment ,
Risk Management
Insights for this month’s article are provided by ARDA members Gregory Szewczyk, partner at Ballard Spahr Practice Leader of the firm’s Privacy and Data Security Group, and Aaron Tantleff, partner in Foley & Lardner’s...more
7/24/2024
/ Artificial Intelligence ,
Blockchain ,
California Privacy Rights Act (CPRA) ,
CDPA ,
Compliance ,
COPPA ,
Damages ,
Data Privacy ,
Data Security ,
Documentation ,
Employee Training ,
Environmental Social & Governance (ESG) ,
FTC Act ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Machine Learning ,
Policies and Procedures ,
Popular ,
Private Right of Action ,
State Privacy Laws
On February 9, a California appellate court issued a decisive ruling in favor of the California Privacy Protection Agency (the Agency), allowing the state to immediately begin enforcement of its new regulations, effectively...more
2/16/2024
/ Appellate Courts ,
Artificial Intelligence ,
Audits ,
California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Compliance ,
Cybersecurity ,
Enforcement ,
New Regulations ,
Opt-Outs ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements
In the hyper-connected era of smart manufacturing, accelerated by “Industry 4.0,” the manufacturing sector is undergoing a digital revolution. By leveraging technologies such as advanced automation, artificial intelligence,...more
9/25/2023
/ Artificial Intelligence ,
Automation Systems ,
Blockchain ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Insurance ,
Cyber Threats ,
Cybersecurity ,
DFARS ,
Employee Training ,
Energy Sector ,
FERC ,
General Data Protection Regulation (GDPR) ,
Healthcare ,
Internet of Things ,
Malware ,
Manufacturers ,
National Security ,
Pharmaceutical Industry ,
Popular ,
Social Engineering ,
State Sponsors of Cyberattacks ,
Supply Chain ,
Technology ,
Telecommunications ,
Transportation Industry ,
Vulnerability Assessments
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
On July 26, 2023, the U.S. Securities Exchange Commission (“SEC”) adopted final rules regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies. The final rules require...more
8/4/2023
/ Annual Reports ,
Customer Proprietary Network Information (CPNI) ,
Cybersecurity ,
Disclosure Requirements ,
FBI ,
Foreign Private Issuers ,
Form 8-K ,
Incident Response Plans ,
New Rules ,
Regulation S-K ,
Regulation S-X ,
Risk Management ,
Secret Service ,
Securities and Exchange Commission (SEC)
Agility and resiliency remain essential attributes for manufacturers in 2023. Manufacturers are no longer focused on figuring out when things will return to “normal.”
Instead, they are applying lessons learned from the...more
7/11/2023
/ Artificial Intelligence ,
Best Practices ,
Clawbacks ,
Compensation ,
Compliance ,
Customs and Border Protection ,
Cyber Threats ,
Cybersecurity ,
Enforcement ,
Environmental Protection Agency (EPA) ,
Final Rules ,
Intellectual Property Protection ,
Machine Learning ,
Manufacturers ,
Securities and Exchange Commission (SEC) ,
Supply Chain
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
In just the last two weeks, the Illinois Supreme Court dealt two significant blows would be defendants (i.e., employers and consumer-facing companies) under Illinois’ exacting Biometric Information Protection Act (BIPA). The...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
The California Privacy Protection Agency (CPPA) quietly issued the first draft of the California Consumer Privacy Act (CPRA) regulations and an Initial Statement of Reasons by attaching them to the June 8 board meeting...more
On March 9, 2022, the U.S. Securities Exchange Commission (the Commission) announced proposed amendments to its rules regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies...more
3/18/2022
/ Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Disclosure Requirements ,
Foreign Private Issuers ,
Investors ,
Popular ,
Proposed Amendments ,
Risk Assessment ,
Risk Factors ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Third-Party Service Provider