Rhode Island is the latest state to adopt a comprehensive data privacy law, titled the Data Transparency and Privacy Protection Act....more
On May 17, 2024, Colorado enacted S.B. 24-205 (the "Act"), which imposes a duty of reasonable care on developers and deployers of high-risk artificial intelligence ("AI") systems to protect consumers from risks of algorithmic...more
California's privacy enforcement agency has published crucial data minimization guidance for businesses....more
CISA's proposed rules will require organizations operating in U.S. critical infrastructure sectors to report cyber incidents within 72 hours and ransom payments within 24 hours. ...more
In February 2024, the Department of Justice (“DOJ”) announced the results of its 2023 False Claims Act (“FCA”) enforcement efforts. Through those efforts, it obtained more than $2.6 billion in overall recoveries, and of that...more
4/8/2024
/ Anti-Kickback Statute ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
Enforcement Actions ,
False Claims Act (FCA) ,
Healthcare ,
Healthcare Fraud ,
Life Sciences ,
Medicare Advantage ,
OIG ,
Stark Law
In two back-to-back announcements, California and the FTC reemphasized their enforcement efforts related to the sale of personal information....more
3/14/2024
/ California ,
California Consumer Privacy Act (CCPA) ,
CalOPPA ,
Data Privacy ,
Data Selling ,
DoorDash ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Mobile Apps ,
Personal Information ,
Privacy Concerns ,
State and Local Government ,
State Attorneys General
The U.S. Government has identified the exploitation of Americans' bulk sensitive personal data and U.S. government-related data by "countries of concern" as posing a national security risk....more
The California Privacy Protection Agency ("CPPA") will be able to immediately enforce regulations issued under the California Consumer Privacy Act ("CCPA"), as amended, after a recent California appeals court decision...more
The Background: The California Privacy Protection Agency board ("CPPA" or "Board") is in the process of issuing new regulations as authorized under the California Privacy Rights Act. These three sets of proposed regulations...more
2/14/2024
/ Audits ,
Automation Systems ,
California ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Decision-Making Process ,
Innovative Technology ,
New Regulations ,
Personal Information ,
Privacy Concerns ,
Risk Assessment ,
Rulemaking Process ,
Software
On December 26, 2023, the Department of Defense ("DoD") published a proposed rule to implement the Cybersecurity Maturity Model Certification ("CMMC") 2.0, which will establish comprehensive cybersecurity requirements for...more
On Friday, October 27, the Federal Trade Commission ("FTC") announced new amendments to the Safeguards Rule, requiring covered financial institutions to report certain data breaches to the FTC and reflecting its continuing...more
11/13/2023
/ Cybersecurity ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Financial Regulatory Reform ,
Financial Services Industry ,
FTC Act ,
Gramm-Leach-Blilely Act ,
New Amendments ,
Non-Bank Lenders ,
Personal Information ,
Popular ,
Privacy Rule ,
Risk Assessment ,
Risk Management ,
Safeguards Rule ,
Section 5
On October 30, 2023, President Biden signed a first-of-its-kind executive order entitled, "Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence" ("AI")....more
11/1/2023
/ Algorithms ,
Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Executive Orders ,
Machine Learning ,
Regulatory Reform ,
Security Standards
The United States Patent and Trademark Office, along with the U.S. Departments of State and Commerce, sought initial public comment last week on draft guidelines entitled "International Guiding Principles for Organizations...more
10/31/2023
/ Algorithms ,
Artificial Intelligence ,
Comment Period ,
Copyright ,
Copyright Litigation ,
Cybersecurity ,
Intellectual Property Protection ,
Machine Learning ,
Technology ,
U.S. Commerce Department ,
USPTO
Delaware is the latest state to enact a comprehensive data privacy law, which creates unique compliance challenges and risks for companies....more
California is the first U.S. state to secure an adequacy decision from the Dubai International Financial Center Authority....more
On July 18, 2023, Oregon Governor Tina Kotek signed Senate Bill 619, referred to as the "Oregon Consumer Privacy Act" ("OCPA" or "the Act"), making Oregon the 11th state to enact a comprehensive data privacy law....more
In Short -
The Background: The prevalence of generative artificial intelligence ("GenAI") is rapidly expanding, providing vast opportunities for efficiency and innovation, while also creating new risks....more
8/7/2023
/ Algorithms ,
Artificial Intelligence ,
Confidentiality Agreements ,
Data Privacy ,
End-Users ,
EULA ,
Innovation ,
Liability ,
License Agreements ,
Machine Learning ,
Popular
In Short -
The Situation: On July 26, 2023, the U.S. Securities and Exchange Commission ("SEC") adopted final rules that significantly alter cybersecurity disclosure obligations for companies. The SEC's final rules adopt...more
8/2/2023
/ Corporate Governance ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 10-K ,
Form 8-K ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
On July 21, 2023, the White House announced that seven leading technology companies—Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI—voluntarily committed to mitigating the risks posed by artificial...more
7/25/2023
/ Algorithms ,
Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Innovative Technology ,
Machine Learning ,
Regulatory Agenda ,
Regulatory Oversight ,
Risk Mitigation
The Federal Trade Commission seeks to clarify how the Health Breach Notification Rule applies to health records collected by health apps and similar consumer health technologies. ...more
The sweeping law imposes new requirements on the processing and sale of consumer health data in the state.
On April 27, 2023, Washington State Governor Inslee signed the "My Health My Data Act" ("Act"). This Act marks the...more
New York City regulators have finalized rules implementing the city's law requiring bias audits of automated employment decision tools, publication of audit results, notice to employees, and other requirements....more
On March 28, 2023, Iowa—following California, Colorado, Connecticut, Utah, and Virginia—became the sixth state to adopt a comprehensive consumer data privacy law.
On March 28, 2023, Iowa Governor Kim Reynolds signed "An...more
If adopted, these proposed rules would (i) enhance protection of customer information under Regulation S-P, (ii) add new requirements addressing cybersecurity risk to the U.S. securities markets, and (iii) expand the types of...more
The National Institute of Standards and Technology ("NIST") has released its AI Risk Management Framework ("AI RMF") as a resource to reportedly assist individuals, organizations, and society identify risks associated with...more