New York recently passed new cybersecurity regulations for hospitals licensed in New York to enhance patient safety and cybersecurity....more
11/7/2024
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
Hospitals ,
Information Technology ,
New Legislation ,
New York ,
Personally Identifiable Information ,
PHI ,
Regulatory Reform
California's privacy enforcement agency has published crucial data minimization guidance for businesses....more
CISA's proposed rules will require organizations operating in U.S. critical infrastructure sectors to report cyber incidents within 72 hours and ransom payments within 24 hours. ...more
In February 2024, the Department of Justice (“DOJ”) announced the results of its 2023 False Claims Act (“FCA”) enforcement efforts. Through those efforts, it obtained more than $2.6 billion in overall recoveries, and of that...more
4/8/2024
/ Anti-Kickback Statute ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
Enforcement Actions ,
False Claims Act (FCA) ,
Healthcare ,
Healthcare Fraud ,
Life Sciences ,
Medicare Advantage ,
OIG ,
Stark Law
The U.S. Government has identified the exploitation of Americans' bulk sensitive personal data and U.S. government-related data by "countries of concern" as posing a national security risk....more
The Background: The California Privacy Protection Agency board ("CPPA" or "Board") is in the process of issuing new regulations as authorized under the California Privacy Rights Act. These three sets of proposed regulations...more
2/14/2024
/ Audits ,
Automation Systems ,
California ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Decision-Making Process ,
Innovative Technology ,
New Regulations ,
Personal Information ,
Privacy Concerns ,
Risk Assessment ,
Rulemaking Process ,
Software
On December 26, 2023, the Department of Defense ("DoD") published a proposed rule to implement the Cybersecurity Maturity Model Certification ("CMMC") 2.0, which will establish comprehensive cybersecurity requirements for...more
On Friday, October 27, the Federal Trade Commission ("FTC") announced new amendments to the Safeguards Rule, requiring covered financial institutions to report certain data breaches to the FTC and reflecting its continuing...more
11/13/2023
/ Cybersecurity ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Financial Regulatory Reform ,
Financial Services Industry ,
FTC Act ,
Gramm-Leach-Blilely Act ,
New Amendments ,
Non-Bank Lenders ,
Personal Information ,
Popular ,
Privacy Rule ,
Risk Assessment ,
Risk Management ,
Safeguards Rule ,
Section 5
On October 30, 2023, President Biden signed a first-of-its-kind executive order entitled, "Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence" ("AI")....more
11/1/2023
/ Algorithms ,
Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Executive Orders ,
Machine Learning ,
Regulatory Reform ,
Security Standards
The United States Patent and Trademark Office, along with the U.S. Departments of State and Commerce, sought initial public comment last week on draft guidelines entitled "International Guiding Principles for Organizations...more
10/31/2023
/ Algorithms ,
Artificial Intelligence ,
Comment Period ,
Copyright ,
Copyright Litigation ,
Cybersecurity ,
Intellectual Property Protection ,
Machine Learning ,
Technology ,
U.S. Commerce Department ,
USPTO
In Short -
The Situation: On July 26, 2023, the U.S. Securities and Exchange Commission ("SEC") adopted final rules that significantly alter cybersecurity disclosure obligations for companies. The SEC's final rules adopt...more
8/2/2023
/ Corporate Governance ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 10-K ,
Form 8-K ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
On July 21, 2023, the White House announced that seven leading technology companies—Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI—voluntarily committed to mitigating the risks posed by artificial...more
7/25/2023
/ Algorithms ,
Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Innovative Technology ,
Machine Learning ,
Regulatory Agenda ,
Regulatory Oversight ,
Risk Mitigation
On March 28, 2023, Iowa—following California, Colorado, Connecticut, Utah, and Virginia—became the sixth state to adopt a comprehensive consumer data privacy law.
On March 28, 2023, Iowa Governor Kim Reynolds signed "An...more
If adopted, these proposed rules would (i) enhance protection of customer information under Regulation S-P, (ii) add new requirements addressing cybersecurity risk to the U.S. securities markets, and (iii) expand the types of...more
The National Institute of Standards and Technology ("NIST") has released its AI Risk Management Framework ("AI RMF") as a resource to reportedly assist individuals, organizations, and society identify risks associated with...more
In Short -
The Situation: The California Privacy Protection Agency ("CPPA" or "Agency") has modified its proposed regulations implementing many key California Privacy Rights Act ("CPRA") requirements....more
On October 7, 2022, President Biden signed an executive order on "Enhancing Safeguards for United States Signals Intelligence Activities," outlining the measures that the United States will take to implement its commitments...more
The OMB has issued memorandum M-22-18 with new security requirements (the "Rules") requiring federal agencies to ensure that all third-party software they use complies with secure software development standards and guidance...more
On August 24, 2022, California Attorney General Rob Bonta announced his office's first privacy enforcement action and settlement against a publicly disclosed entity, Sephora, Inc., for violations of the CCPA, including the...more
The Federal Trade Commission announced on August 11, 2022, that it is seeking public comment regarding its Advanced Notice of Proposed Rulemaking on commercial surveillance and data security.
The Federal Trade Commission...more
On March 24, 2022, Utah followed California, Virginia, and Colorado in adopting a comprehensive consumer data privacy law.
On March 24, 2022, Utah Governor Spencer Cox signed the Consumer Privacy Act ("Act"), making Utah...more
4/7/2022
/ Cybersecurity ,
Data Breach ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Security ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Reform ,
State Data Privacy Laws
On March 15, 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the "Act"), creating new requirements for organizations operating in critical infrastructure sectors to...more
3/18/2022
/ Biden Administration ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Data Protection ,
Data Security ,
New Legislation ,
Popular ,
Regulatory Reform ,
Reporting Requirements
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
President Biden Issues Cybersecurity Executive Order -
On May 12, 2021, President Biden issued an executive order that placed new standards on the...more
8/10/2021
/ Article III ,
Biden Administration ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Executive Orders ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Technology ,
Mobile Apps ,
Personal Data ,
Popular ,
Ransomware ,
SCOTUS ,
Standing ,
TransUnion LLC v Ramirez
United States -
Regulatory—Policy, Best Practices, and Standard -
NIST Unveils Draft Guidance to Protect Critical Infrastructure -
On October 22, 2020, the National Institute of Standards and Technology ("NIST")...more
1/8/2021
/ CNIL ,
Consumer Privacy Rights ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
NIST ,
Personal Data ,
Popular ,
Risk Management
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
NIST Releases Revision to Security Standard -
On September 23, the National Institute of Standards and Technology ("NIST") released Revision 5 to...more