The National Institute of Standards and Technology (NIST) published its Artificial Intelligence Risk Management Framework (NIST AI 100-1) in January 2023.
The NIST AI Framework consists of 19 categories and 72...more
Colorado became the first U.S. state to pass a law protecting consumers from harm when using artificial intelligence (AI). Senate Bill 24-205 on Consumer Protections for Artificial Intelligence was passed on May 17, 2024. The...more
8/22/2024
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Bias ,
Colorado ,
Compliance ,
Governance Standards ,
Incident Response Plans ,
Machine Learning ,
New Legislation ,
NIST ,
Risk Management ,
Transparency
The National Institute of Standards and Technology (NIST) published its Artificial Intelligence Risk Management Framework (NIST AI 100-1) in January 2023...more
In December 2023, European Union (EU) lawmakers reached an agreement on the EU AI Act. In our article titled An Introduction to the EU AI Act, we focused on applicability, thresholds, timing, and penalties related to the EU...more
4/19/2024
/ Artificial Intelligence ,
Cybersecurity ,
Data Protection ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Machine Learning ,
Regulatory Oversight ,
Reporting Requirements ,
Risk Management ,
Risk-Based Approaches ,
Technology Sector
The National Institute of Standards and Technology (NIST) Artificial Intelligence Risk Management Framework, published in January 2023, was designed to equip organizations with an approach that increases the trustworthiness...more
In December 2023, European Union (EU) lawmakers reached an agreement on the EU AI Act. Our article titled “An Introduction to the EU AI Act” focused on applicability, thresholds, timing, and penalties related to the EU AI...more
This article is a continuation of our article series focused on the management of AI regulatory compliance risk. Our first article highlighted privacy topics related to collecting personal information via AI applications,...more
In December 2023, European Union (EU) lawmakers reached an agreement on the EU AI Act. In our prior article titled “An Introduction to the EU AI Act,” we focused on the applicability, timing, and penalties of the EU AI...more
On December 8, 2023, European Union (EU) lawmakers reached an agreement on the EU’s AI Act. The EU AI Act has many similar themes to the EU’s General Data Protection Regulation (GDPR) and reflects a big step forward in the...more
1/25/2024
/ Artificial Intelligence ,
Biometric Information ,
Critical Infrastructure Sectors ,
EU ,
Fines ,
General Data Protection Regulation (GDPR) ,
Governance Standards ,
New Legislation ,
Noncompliance ,
Risk Management ,
Threshold Requirements
The latest proposed Federal Privacy Law, titled the American Data Privacy and Protection Act (“ADPPA”), continues to gain momentum and in late July 2022, the House Committee on Energy and Commerce voted to advance the bill to...more
7/28/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Corrective Actions ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Data Privacy ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Notification Requirements ,
Policies and Procedures ,
Privacy Laws ,
Privacy Policy ,
Proposed Legislation
Over the span of five months in 2021, our team published a series of articles on how to implement the five core functions of the National Institute of Standards and Technology (NIST) Privacy Framework. We wrote an initial...more
2/23/2022
/ Cybersecurity ,
Data Privacy ,
Data Processing Rules ,
Data Protection ,
Data Security ,
Governance Standards ,
NIST ,
Policies and Procedures ,
Privacy Framework ,
Risk Assessment ,
Risk Management ,
Training Requirements
This is the first of a multi-article series focused on privacy impact assessments. This first article provides an overview of privacy impact assessments, the existing and pending privacy laws which require privacy impact...more
This is the final installment in a series of articles on the core functions of the National Institute of Standards and Technology (NIST) Privacy Framework where we cover the Protect function.
As previously published in an...more
11/9/2021
/ Cybersecurity ,
Data Loss Prevention ,
Data Protection ,
Data Security ,
Incident Response Plans ,
NIST ,
Popular ,
Privacy Framework ,
Privacy Laws ,
Siemens ,
Vulnerability Assessments
In this fourth installment of five articles centered around the core functions within the National Institute of Standards and Technology (NIST) Privacy Framework, we cover the Communicate function and the corresponding...more
10/25/2021
/ Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
NIST ,
Policies and Procedures ,
Privacy Framework ,
Risk Management ,
Risk Mitigation ,
Transparency ,
Vendors
The National Institute of Standards and Technology (NIST) Privacy Framework is a widely known control set used to assist organizations in identifying privacy risks within their business environment and allocating resources to...more
The National Institute of Standards and Technology (NIST) Privacy Framework is a widely known control set used to assist organizations in identifying privacy risks within their business environment and allocating resources to...more
The National Institute of Standards and Technology (NIST) Privacy Framework, published in January 2020, is quickly becoming the mainstream control set for organizations to align with when assessing their data privacy posture,...more
On Tuesday, June 15, 2021, a French court ordered IKEA to pay 1 million euros ($1.2 million) for spying on its employees in France. The allegations included reviewing employees' bank account records, using fake employees to...more
7/28/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CNIL ,
Data Collection ,
Data Privacy ,
Disclosure Requirements ,
EU ,
France ,
General Data Protection Regulation (GDPR) ,
IKEA ,
International Data Transfers ,
Privacy Notice Rule
Since the General Data Protection Regulation (GDPR) was enacted a little over 3 years ago in May 2018, many organizations that collect personal data of individuals in the European Union (EU) have enhanced their data privacy...more