Our Privacy, Cyber & Data Strategy Team highlights the shift in priorities for privacy and cybersecurity regulation and enforcement across U.S. agencies under the second Trump Administration....more
On January 14, 2025, the United Kingdom government published a consultation on ransomware proposing new measures to increase incident reporting and reduce ransom payments (the “Consultation”). The Consultation outlines three...more
On November 14, 2024, the Department of Homeland Security (“DHS”) announced a set of voluntary recommendations called the “Roles and Responsibilities Framework for Artificial Intelligence in Critical Infrastructure”...more
11/20/2024
/ Artificial Intelligence ,
Automation Systems ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Management ,
Department of Homeland Security (DHS) ,
Machine Learning ,
National Security ,
Risk Assessment ,
Risk Management
The SEC has released its Examination Priorities: Fiscal Year 2025 (“Examination Priorities”), which may be a useful roadmap to SEC-registered investment advisers, exchanges, and other entities subject to routine examination...more
10/29/2024
/ Artificial Intelligence ,
Compliance ,
Cybersecurity ,
Emerging Technologies ,
Enforcement Priorities ,
Examination Priorities ,
Investment Firms ,
Investors ,
Regulatory Requirements ,
Securities and Exchange Commission (SEC) ,
Securities Regulation ,
Trading Platforms
On October 15, 2024, the Cyber Security Agency of Singapore (“CSA”) published Guidelines on Securing AI Systems (the “Guidelines”) alongside a Companion Guide for Securing AI Systems (the “Companion Guide”), which is intended...more
In the July 2024 King’s Speech, the UK government announced its intention to introduce a Cyber Security and Resilience Bill (the “Bill”) to improve the UK’s cyber defenses and protect essential public services. The...more
The revamped Health Breach Notification Rule by the Federal Trade Commission (FTC) took effect on July 29, 2024, expanding consumer privacy protections to the users of online health platforms and health and wellness apps. Our...more
8/16/2024
/ Breach Notification Rule ,
Consumer Privacy Rights ,
Data Breach ,
Data Privacy ,
Data Security ,
Digital Health ,
Electronic Protected Health Information (ePHI) ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Records ,
Patient Privacy Rights ,
PHI
On Monday, June 17, 2024, the Department of Justice (DOJ) announced a settlement in which two U.S. based consulting companies agreed to pay a combined total of $11.3 million to resolve allegations that they violated the False...more
On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) published a notice of proposed rulemaking (NPRM) implementing the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). For...more
After a three-year investigation/enforcement action by the New York Department of Financial Services (“NYDFS”), NYDFS entered into a Consent Order with a large title insurer (the “Company”) for its violation of NYDFS’s...more
On December 8, 2023, the California Privacy Protection Agency (CPPA) will hold a board meeting seeking public comment on various privacy regulations. The meeting, which will take place on Zoom, will cover several topics...more
At the end of September 2023, the Cyberspace Administration of China (CAC) released draft regulations (see the unofficial English translation) regulating the cross-border flow of personal information and important data out of...more
New York Attorney General Letitia James recently announced two agreements related to data breaches with entities that operate in the education industry. In both instances the entities paid the ransom and received evidence of...more
In late August 2023, the California Privacy Protection Agency (“CPPA” or “Agency”) released a discussion draft of proposed regulations under California’s data privacy law, the California Consumer Privacy Act (“CCPA”)....more
Our Securities, Securities Litigation, and Privacy, Cyber & Data Strategy teams highlight the key aspects of the Securities and Exchange Commission’s final changes to its cybersecurity reporting rules for public companies...more
In mid-July, the Federal Trade Commission (FTC) reportedly opened an investigation into OpenAI, the maker of ChatGPT, sending the company an extensive Civil Investigative Demand (CID). While FTC investigations are normally...more
According to recent reports issued by Microsoft and U.S. government agencies, hackers recently exploited a gap in Microsoft’s cloud environment, enabling the malicious actors to access the email accounts of employees at the...more
Our Privacy, Cyber & Data Strategy Team breaks down how the two dozen strategic objectives in Biden’s National Cybersecurity Strategy will fundamentally shift how the United States allocates roles, responsibilities, and...more
On January 6, 2023, the FCC released a Notice of Proposed Rulemaking (the “Notice”) proposing to “modernize the Commission’s data breach rules,” and thereby launching a formal effort to gather information from the industry on...more
The United Kingdom’s National Cyber Security Centre (NCSC) recently released its 2022 Annual Review, which reports on the state of cyber security threats in the country. As the UK’s technical authority for cyber security, the...more
On October 24, 2022, the Federal Trade Commission (“FTC”) announced a proposed consent order against both Drizly LLC, an online marketplace for alcohol delivery, and its CEO over the company’s alleged security failures that...more
On September 7, 2022 the U.S. Department of Transportation’s National Highway Traffic Safety Administration (NHTSA) released an updated edition of its Cybersecurity Best Practices for the Safety of Modern Vehicles, the last...more
On September 12, 2022, the Cybersecurity and Infrastructure Security Agency (CISA) issued a request for information (RFI) seeking input from stakeholders on the Cyber Incident Reporting for Critical Infrastructure Act of 2022...more
According to recent media reports there have been several instances of blockchain bridges being hacked this year, including reports on August 2 that a bridge lost close to $200 million to upwards of 40 hackers who exploited a...more
The Indian Computer Emergency Response Team (“CERT-In”) issued Directions on April 28, 2022 “to strengthen the cybersecurity in the country” and that has significant implications for the cybersecurity landscape. Effective...more