Artificial Intelligence (AI) is revolutionizing industries globally, from healthcare to finance, retail, technology, and education, enabling businesses and consumers alike to achieve their tasks more efficiently and...more
The National Institute of Standards and Technology (NIST) published its Artificial Intelligence Risk Management Framework (NIST AI 100-1) in January 2023.
The NIST AI Framework consists of 19 categories and 72...more
The National Institute of Standards and Technology (NIST) published its Artificial Intelligence Risk Management Framework (NIST AI 100-1) in January 2023...more
In December 2023, European Union (EU) lawmakers reached an agreement on the EU AI Act. In our article titled An Introduction to the EU AI Act, we focused on applicability, thresholds, timing, and penalties related to the EU...more
4/19/2024
/ Artificial Intelligence ,
Cybersecurity ,
Data Protection ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Machine Learning ,
Regulatory Oversight ,
Reporting Requirements ,
Risk Management ,
Risk-Based Approaches ,
Technology Sector
On February 23, 2024, the California Privacy Protection Agency (CPPA) released updated draft regulations on the use of AI and ADMT. The key changes include:
New and updated definitions,
Increased scope for activities...more
The National Institute of Standards and Technology (NIST) Artificial Intelligence Risk Management Framework, published in January 2023, was designed to equip organizations with an approach that increases the trustworthiness...more
In May of 2022, Connecticut joined a growing list of U.S. states passing privacy regulations when it signed the Connecticut Data Privacy Act (CTDPA) into law.
The CTDPA officially went into effect in July 2023. On...more
In December 2023, European Union (EU) lawmakers reached an agreement on the EU AI Act. Our article titled “An Introduction to the EU AI Act” focused on applicability, thresholds, timing, and penalties related to the EU AI...more
This article is a continuation of our article series focused on the management of AI regulatory compliance risk. Our first article highlighted privacy topics related to collecting personal information via AI applications,...more
In December 2023, European Union (EU) lawmakers reached an agreement on the EU AI Act. In our prior article titled “An Introduction to the EU AI Act,” we focused on the applicability, timing, and penalties of the EU AI...more
In December, the California Privacy Protection Agency (CPPA) published revised draft regulations on risk assessments required under the California Privacy Rights Act (CPRA).
Under prior draft regulations, the CPPA will...more
On December 8, 2023, European Union (EU) lawmakers reached an agreement on the EU’s AI Act. The EU AI Act has many similar themes to the EU’s General Data Protection Regulation (GDPR) and reflects a big step forward in the...more
1/25/2024
/ Artificial Intelligence ,
Biometric Information ,
Critical Infrastructure Sectors ,
EU ,
Fines ,
General Data Protection Regulation (GDPR) ,
Governance Standards ,
New Legislation ,
Noncompliance ,
Risk Management ,
Threshold Requirements
Startups face unique challenges that can impact their success and sustainability. Obstacles such as financial constraints (inadequate funding or limited cash flow) and resource constraints often result in small teams having...more
10/17/2023
/ Compliance ,
Data Collection ,
Data Privacy ,
Data Protection Impact Assessments (DPIAs) ,
Data Storage ,
Databases ,
Due Diligence ,
General Data Protection Regulation (GDPR) ,
Personal Information ,
Popular ,
Privacy Laws ,
Regulatory Requirements ,
Risk Management ,
Risk Mitigation ,
Software ,
Startups ,
Sustainability
This article is the first in our three-part series focused on data privacy considerations related to the use of Artificial Intelligence (AI) and machine learning. This first article highlights privacy topics related to the...more
The collection of personal data by organizations in the sports industry creates unique data privacy challenges. Generally, a business-to-consumer organization is focused on the personal data of its customers and separately...more
3/15/2023
/ California Privacy Rights Act (CPRA) ,
Collective Bargaining Agreements (CBA) ,
Compliance ,
Data Collection ,
Data Privacy ,
Data Protection Impact Assessments (DPIAs) ,
EU ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Revenue ,
Risk Management ,
Sports
This is the third article in a three-part series whereby Ankura privacy experts analyzed the 40 examples of alleged non-compliance with the California Consumer Privacy Act (CCPA) published by the California Office of Attorney...more
This is the second article in a three-part series where Ankura privacy experts analyzed the 40 examples of non-compliance with the California Consumer Privacy Act (CCPA) published by the California Office of Attorney General...more
12/19/2022
/ California ,
California Consumer Privacy Act (CCPA) ,
Consumer Financial Products ,
Department of Health and Human Services (HHS) ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Medical Devices ,
Noncompliance ,
State Attorneys General ,
Telehealth
The California Office of Attorney General (OAG) is responsible for enforcing the California Consumer Privacy Act (CCPA) and began sending notifications of alleged non-compliance to companies on July 1, 2020. In June 2021,...more
12/15/2022
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Data Privacy ,
Disclosure Requirements ,
Do Not Sell ,
Enforcement Actions ,
Noncompliance ,
Notifications ,
Opt-Outs ,
State Attorneys General
As data privacy regulatory obligations continue to expand, more and more organizations are integrating privacy centers within their public-facing websites. Privacy Centers are portals embedded within the organizations’...more
The latest proposed Federal Privacy Law, titled the American Data Privacy and Protection Act (“ADPPA”), continues to gain momentum and in late July 2022, the House Committee on Energy and Commerce voted to advance the bill to...more
7/28/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Corrective Actions ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Data Privacy ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Notification Requirements ,
Policies and Procedures ,
Privacy Laws ,
Privacy Policy ,
Proposed Legislation
This is the first of a multi-article series focused on privacy impact assessments. This first article provides an overview of privacy impact assessments, the existing and pending privacy laws which require privacy impact...more
In this fourth installment of five articles centered around the core functions within the National Institute of Standards and Technology (NIST) Privacy Framework, we cover the Communicate function and the corresponding...more
10/25/2021
/ Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
NIST ,
Policies and Procedures ,
Privacy Framework ,
Risk Management ,
Risk Mitigation ,
Transparency ,
Vendors
The California Office of Attorney General (OAG) is responsible for enforcing the CCPA and began sending notifications of alleged non-compliance to companies on July 1, 2020.
Almost a year later, in June of 2021, the OAG...more
The National Institute of Standards and Technology (NIST) Privacy Framework is a widely known control set used to assist organizations in identifying privacy risks within their business environment and allocating resources to...more
Since its enactment just over a year ago, some companies have struggled to interpret the California Consumer Privacy Act (CCPA) and the circumstances that might subject them to penalties and fines for violations. In an effort...more