On October 10, 2023, California Gov. Gavin Newsom signed into law Senate Bill 362, also known as the Delete Act, allowing California residents to have their personal information deleted by all registered data brokers...more
12/15/2023
/ Audits ,
California ,
California Privacy Protection Agency (CPPA) ,
Compliance ,
Data Brokers ,
Data Deletion ,
Disclosure ,
Fair Credit Reporting Act (FCRA) ,
GLBA Privacy ,
Governor Newsom ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
Penalties ,
Regulatory Agenda
Following the declaration of the international artificial intelligence (AI) “Safety Summit” at Bletchley Park (Bletchley Summit) on November 1, 2023, and the White House’s October 30, 2023, Executive Order on AI (Executive...more
12/13/2023
/ Artificial Intelligence ,
Bank of England ,
Banking Sector ,
Biden Administration ,
Consumer Financial Protection Bureau (CFPB) ,
EU ,
Executive Orders ,
Financial Conduct Authority (FCA) ,
Financial Institutions ,
Financial Regulatory Reform ,
Financial Services Industry ,
Machine Learning ,
Popular ,
Regulatory Agenda ,
UK
Key Points The rapid adoption of artificial intelligence (AI) technology across the economy has raised a number of novel legal issues. In this article, we discuss five key issues to track in 2024, including:...more
A recent draft of the EU Agency for Cybersecurity’s (ENISA’s) European Union Cybersecurity Certification Scheme on Cloud Services (EUCS) reveals what requirements are currently being considered (and what requirements have...more
On 16 October 2023, France’s Data Protection Authority, the National Commission on Informatics and Liberty (CNIL), issued a set of guidelines for complying with the EU General Data Protection Regulation (GDPR) when...more
11/22/2023
/ Artificial Intelligence ,
CNIL ,
Data Protection ,
Data Storage ,
EU ,
General Data Protection Regulation (GDPR) ,
New Guidance ,
Personal Data ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Reform ,
Technology ,
UK
On September 28, 2023, the Cyberspace Administration of China (CAC) published the draft Provisions on Regulating and Promoting Cross-Border Data Transfers (Draft Provisions). If adopted into law in their current form, the...more
On October 30, 2023, the SEC filed a litigated complaint against SolarWinds, a software development company, and Timothy Brown, its chief information security officer (CISO). The SEC alleges that from October 2018, when...more
11/7/2023
/ Compliance ,
Corporate Governance ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Disclosure ,
Enforcement Actions ,
Information Security ,
Information Technology ,
Popular ,
Risk Management ,
Risk Mitigation ,
SolarWinds
On October 30, the U.S. government released its long-awaited, sweeping executive order (the AI EO or Order) on artificial intelligence (AI). The Order directs various U.S. government departments and agencies to evaluate AI...more
11/6/2023
/ Artificial Intelligence ,
Biden Administration ,
Compliance ,
Copyright ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Executive Orders ,
Healthcare ,
Innovative Technology ,
Intellectual Property Protection ,
Legislative Agendas ,
Life Sciences ,
Machine Learning ,
National Security ,
Popular ,
Regulatory Agenda ,
Regulatory Reform ,
Regulatory Requirements ,
Technology Sector
Partner and co-head of Skadden’s Cybersecurity and Data Privacy practice David Simon recently sat down with two chief information security officers (CISOs) from the private equity sector as part of the firm’s National Cyber...more
11/6/2023
/ Artificial Intelligence ,
Chief Information Security Officer (CISO) ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Interviews ,
Machine Learning ,
Popular ,
Private Equity ,
Risk Management ,
Securities and Exchange Commission (SEC)
The EU Digital Operational Resilience Act (Regulation (EU) 2022/2554) (DORA) creates a regulatory framework intended to enhance the operational resilience of the financial sector by establishing uniform requirements for the...more
11/3/2023
/ Compliance ,
Corporate Governance ,
Cybersecurity ,
Digital Markets Strategy ,
EU ,
Financial Crisis ,
Financial Institutions ,
Financial Regulatory Reform ,
Investment Funds ,
Investment Management ,
Regulatory Agenda ,
Regulatory Reform ,
Risk Management
A recently unsealed case against Pennsylvania State University:
- Serves as yet another example of the increased use of the False Claims Act (FCA) in cybersecurity enforcement.
- Underscores the need for companies...more
On September 20, 2023, the U.S. Department of Homeland Security released a report outlining the varied and sometimes conflicting reporting requirements that private entities face when they are victims of a cyber incident. The...more
10/17/2023
/ CIRC ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Department of Homeland Security (DHS) ,
Legislative Agendas ,
Popular ,
Public-Private Entities ,
Regulatory Agenda ,
Reporting Requirements ,
Securities and Exchange Commission (SEC)
In this month’s Privacy & Cybersecurity Update, we examine Delaware’s new comprehensive data privacy law, a joint statement by 12 data protection authorities on data scraping and data protection, a district court ruling on a...more
10/3/2023
/ California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Popular ,
Privacy Laws ,
Risk Assessment ,
Risk Management ,
State and Local Government ,
State Data Privacy Laws ,
State Privacy Laws ,
Web Scraping
In this month’s Privacy & Cybersecurity Update, we analyze the Biden administration’s proposed cybersecurity labeling program for smart devices, NIST’s extensive overhaul of its cybersecurity framework, and data privacy law...more
9/6/2023
/ Biden Administration ,
California ,
California Privacy Rights Act (CPRA) ,
Colorado ,
Compliance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Labeling ,
NIST ,
Popular ,
Privacy Laws ,
Smart Devices ,
State Privacy Laws
In this month’s Privacy & Cybersecurity Update, we examine the newly established data privacy framework between the EU and U.S. and new consumer privacy laws in Oregon and Texas. We also review a court ruling that delayed...more
8/2/2023
/ Biometric Information Privacy Act ,
California ,
California Privacy Rights Act (CPRA) ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Framework ,
Data Privacy ,
Data Transfers ,
Disclosure ,
EU ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
NYDFS ,
Oregon ,
Popular ,
Privacy Laws ,
Proposed Amendments ,
Regulatory Requirements ,
Risk Management ,
Texas
On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) voted 3-2 to adopt final rules that are intended to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance and...more
7/28/2023
/ Compliance ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
New Rules ,
Proposed Rules ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Required Forms ,
Risk Management ,
Securities and Exchange Commission (SEC)