Kimia Favagehi

Kimia Favagehi

Paul Hastings LLP

Contact
View Bio
RSS

Latest Publications

Share:

CPPA Proposes Amendments to Draft Regulations on ADMTs

On May 1, the California Privacy Protection Agency (CPPA) Board held a meeting to discuss proposed amendments to the CPPA draft regulations on cybersecurity audits, risk assessments and automated decision-making technology...more

5/14/2025  /  California , California Privacy Protection Agency (CPPA) , Consumer Privacy Rights , Data Privacy , Privacy Laws , Proposed Amendments , Proposed Rules , Regulatory Requirements , State Privacy Laws

HHS OCR Releases Proposed Updates to HIPAA Security Rule

On December 27, 2024, the U.S. Department of Health and Human Services (HHS), through the Office for Civil Rights (OCR), announced a Notice of Proposed Rulemaking (NPRM) to amend the Security Standards for the Protection of...more

1/23/2025  /  Business Associates , Compliance , Critical Infrastructure Sectors , Cyber Threats , Cybersecurity , Data Protection , Data Security , Department of Health and Human Services (HHS) , Electronic Protected Health Information (ePHI) , Health Insurance Portability and Accountability Act (HIPAA) , HIPAA Security Rule , HITECH Act , Multi-Factor Authentication , OCR , PHI , Proposed Rules , Public Comment , Risk Management

NYDFS Issues AI Industry Letter

On October 16, 2024, the New York Department of Financial Services (NYDFS) issued an industry letter entitled “Cybersecurity Risks Arising from Artificial Intelligence and Strategies to Combat Related Risks” in response to...more

11/4/2024  /  Artificial Intelligence , Covered Entities , Cyber Attacks , Cybersecurity , Data Management , Financial Services Industry , NYDFS , Risk Assessment , Risk Management , Social Engineering , Third-Party Risk

SEC Adopts Amendments To Regulation S-P

On May 15, 2024, the Securities and Exchange Commission (the “SEC”) adopted amendments to Regulation S-P. Originally passed in 2000, Regulation S-P regulates the treatment of non-public personal information of consumers by...more

6/5/2024  /  Broker-Dealer , Customer Information , Cybersecurity , Data Breach , Financial Institutions , Incident Response Plans , Investment Adviser , Personal Information , Recordkeeping Requirements , Registered Investment Companies (RICs) , Regulation S-P , Reporting Requirements , Securities and Exchange Commission (SEC)

Illinois Legislature Passes Major BIPA Amendment

On May 16, 2024, the Illinois Legislature passed SB 2979, which amends the Illinois Biometric Information Privacy Act (BIPA) to clarify that any person whose biometric identifier or biometric information is “scanned” by a...more

5/20/2024  /  Biometric Information , Biometric Information Privacy Act , Damages , Governor Pritzker , Illinois , New Legislation

Paul Hastings Hosts Panel on Cybersecurity Insurance Trends and Insights

On May 8, 2024, Paul Hastings hosted the Cybersecurity Law Workshop at this spring’s Privacy + Security Forum featuring a panel on cybersecurity insurance trends and insights. The panel was moderated by Paul Hastings’ David...more

5/15/2024  /  Cyber Attacks , Cyber Insurance , Cybersecurity , Data Breach , Incident Response Plans , Insurance Claims

Paul Hastings Hosts Panel on Cybersecurity Regulatory Trends and Recent Developments

On May 8, 2024, Paul Hastings Hosted the Cybersecurity Law Workshop at this spring’s Privacy + Security Forum with a panel on cybersecurity regulatory trends and recent developments. The panel was moderated by Paul Hastings...more

5/15/2024  /  Compliance , Cyber Incident Reporting , Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) , Cybersecurity , Securities and Exchange Commission (SEC)

Paul Hastings Hosts Panel on Perspectives from Cybersecurity Regulators

On May 8, 2024, Paul Hastings Hosted the Cybersecurity Law Workshop at this spring’s Privacy + Security Forum with a panel on perspectives from cybersecurity regulators. The panel was moderated by Paul Hastings Global Chair...more

5/15/2024  /  Cybersecurity , Data Breach , Data Security , Federal Trade Commission (FTC) , Health Insurance Portability and Accountability Act (HIPAA) , Popular , State Attorneys General , Web Tracking , Websites

Key Takeaways From the Spring 2024 Privacy+Security Forum: Misinformation and Youth Online Safety

Paul Hastings attended the spring 2024 Privacy+Security Forum hosted by Professors Daniel Solove and Paul Schwartz, where privacy professionals from all over the world gathered in Washington, D.C. to learn about the latest...more

5/15/2024  /  Data Privacy , Data Protection , Data Security , Minors , Online Safety for Children , Parental Consent

Key Takeaways from SEC Speaks 2024 Event

Last week, Paul Hastings attended the Securities and Exchange Commission (SEC) Speaks 2024 event presented by the Practising Law Institute (PLI) in cooperation with the SEC on April 1 and 2. The SEC Speaks program provides...more

4/9/2024  /  Artificial Intelligence , Corporate Governance , Cyber Incident Reporting , Cyber Threats , Cybersecurity , Disclosure Requirements , Due Diligence , Form 10-K , Form 8-K , Information Technology , NASA , Reporting Requirements , Risk Management , Securities and Exchange Commission (SEC)

CISA Proposes Sweeping Cybersecurity Incident Reporting for U.S. Companies

On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (“CISA”) released proposed regulations requiring expansive new cybersecurity incident and ransomware payment reporting across sixteen “critical...more

4/2/2024  /  Critical Infrastructure Sectors , Cyber Attacks , Cyber Incident Reporting , Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) , Cybersecurity , Cybersecurity Information Sharing Act (CISA) , Data Breach , Data Security , Department of Defense (DOD) , DFARS , Federal Information Security Modernization Act (FISMA) , Healthcare , Information Technology , NERC , Popular , Proposed Regulation , Ransomware , Reporting Requirements , Water

Artificial Intelligence: Preparing for the EU AI Act

On February 2, 2024, EU member states approved the final text of the EU's Artificial Intelligence Act, providing an official framework for the use of AI. According to the European Parliament, its priority is to "make sure...more

2/29/2024  /  Artificial Intelligence , EU , European Commission , European Parliament , Machine Learning , Popular , Regulatory Agenda

White House Passes Sweeping AI Executive Order

On October 30, 2023, the Biden-Harris Administration unveiled a sweeping Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI). The Executive Order represents the most...more

11/1/2023  /  Artificial Intelligence , Biden Administration , Consumer Protection Laws , Critical Infrastructure Sectors , Cybersecurity , Directorate of Defense Trade Controls (DDTC) , Executive Orders , Healthcare , Immigration Procedures , National Security , NIST , Popular , Risk Management , U.S. Commerce Department

Oregon Enacts Privacy Law

Oregon is the latest state to join the growing patchwork of U.S. state privacy laws. On July 18, 2023, the Oregon Governor signed S.B. 619, enacting what will become the eleventh state privacy law. The Oregon law follows many...more

7/26/2023  /  Consumer Privacy Rights , Consumers , Data Controller , Data Privacy , Oregon , Personal Data , State Privacy Laws

Maine State Legislature Considering (Again) a BIPA-Like Statute

On May 22, 2023, the Maine Legislature held a public hearing on “H.P. 1094, An Act to Give Consumers Control Over Sensitive Personal Data By Requiring Consumer Consent Prior to Collection of Data” (“H.P. 1094”). H.P. 1094,...more

5/26/2023  /  Biometric Information , Biometric Information Privacy Act , Consent , Consumer Privacy Rights , Data Privacy , Disclosure Requirements , Sensitive Personal Information

Delaware Supreme Court Sides with SolarWinds in Shareholder Suit Related to 2020 Cyber Attack

On May 17, 2023, the Delaware Supreme Court upheld a September 2022 decision dismissing a shareholder suit against SolarWinds Corporation. In 2021, shareholders sued SolarWinds (“the Company”) for a 2020 cybersecurity...more

5/26/2023  /  Cyber Attacks , Data Breach , DE Supreme Court , Fiduciary Duty , Liability , Risk Management , Transparency

Key Takeaways at This Year’s IAPP Global Privacy Summit

Paul Hastings attended the 2023 Global Privacy Summit (GPS) hosted by the International Association of Privacy Professionals (IAPP). Privacy professionals from all over the world gathered in Washington, D.C. to learn about...more

4/13/2023  /  Artificial Intelligence , Cybersecurity , Data Breach , Data Privacy , Incident Response Plans , Sensitive Personal Information

SEC Proposes New Cybersecurity Rule and Amendments

On March 15, 2023, the SEC issued proposed amendments and a proposed rule addressing cybersecurity. Specifically, the SEC proposed Rule 10, which addresses cybersecurity risks, and proposed to amend Regulation SCI and...more

3/30/2023  /  Cyber Incident Reporting , Cybersecurity , Incident Response Plans , MSRB , Notification Requirements , Policies and Procedures , Popular , Proposed Amendments , Recordkeeping Requirements , Regulation S-P , Securities and Exchange Commission (SEC)
18 Results
 / 
View per page
Page: of 1

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide