As the development and use of AI continues to grow, the potential for security and safety incidents harming organizations and the public increases. Updated reporting and tracking processes for AI security and safety incidents...more
5/14/2024
/ Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Security ,
Executive Orders ,
Machine Learning ,
National Security Agency (NSA) ,
NIST ,
Proposed Legislation
Kentucky joins the growing trend of U.S. state data protection laws with well over a dozen now in place across the country.
Last year proved to be a huge year in U.S. state data protection law, ending with 13 U.S. states...more
In its first ever enforcement advisory, the CPPA highlighted the key concept of data minimization—specifically focusing on excessive data collected when consumers make requests pursuant to their data privacy rights under the...more
The newly promulgated measures increase the threshold of data triggering security assessments and contract requirements while leaving room for Chinese authorities to heavily restrict cross-border data transfers.
In...more
4/1/2024
/ China ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Free Trade Zone ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
New Regulations ,
Personal Information ,
Personal Information Protection Law (PIPL) ,
Regulatory Requirements ,
Risk Assessment ,
Security Risk Assessments ,
Sensitive Personal Information ,
Standard Contractual Clauses
President Biden issued an Executive Order last month calling on the DOJ and relevant government agencies to tighten regulations on bulk data transfers to “countries of concern.” In late February, President Biden issued...more
3/22/2024
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Justice (DOJ) ,
Executive Orders ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Regulatory Requirements
New Hampshire joins New Jersey as the second state passing a data protection law in 2024. New Hampshire is the 15th overall US state to do so.
Last year proved to be a huge year in U.S. state data protection law, ending...more
Utah became the fourth U.S. state to pass an omnibus data protection law when the Utah Consumer Privacy Act was signed into law March 24, 2022.
As the page turns to a new year, a new U.S. state data protection law will...more
The amended rule requires financial institutions to notify the FTC within 30 days of discovery of a security breach involving information of at least 500 consumers. ...more
Global Privacy Controls, vendor management, sensitive personal information, and the use of Ad Tech; new U.S. state data protection laws introduce twists to traditional notions of American data protection law.
In the U.S.,...more
11/17/2023
/ Adtech ,
Audits ,
Consent ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Personal Data ,
Privacy Laws ,
Recordkeeping Requirements ,
Sensitive Personal Information ,
State Privacy Laws ,
Third-Party Service Provider
Data Breaches risk legal consequences—both from state and federal governments and consumers, as well as reputational harm.
Last month, MCNA—a dental benefit provider—provided notice of a data breach that exposed the...more
6/8/2023
/ Covered Entities ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Dental Practice ,
Health Care Providers ,
HIPAA Breach ,
HIPAA Breach Notification Rule ,
PHI ,
Popular
Some states will affirmatively require annual audits of a business’s data collection and processing practices and—in some cases—to submit those audits to state regulators.
With new US state data protection laws taking...more
2/7/2023
/ Audits ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Security ,
Personal Information ,
Privacy Laws ,
State Privacy Laws ,
Subcontractors ,
Third-Party Service Provider
The new guidelines provide insight into how businesses can submit applications to the CAC in order to obtain approval via the CAC security assessment cross-border data transfer requirement.
As of September 2022, all...more
10/19/2022
/ China ,
Compliance ,
Cross-Border ,
Cybersecurity ,
Data Security ,
International Data Transfers ,
New Guidance ,
Personal Data ,
Personal Information Protection Law (PIPL) ,
Registration Requirement ,
Security Risk Assessments
The new law will require critical infrastructure entities to report certain covered cybersecurity incidents to government agencies within 72 hours; ransomware payments within 24 hours.
On March 15, President Biden signed...more
Banking organizations must notify the appropriate agency within 36 hours of certain computer-security incidents; and banking service providers must notify affected banking organizations as soon as possible in the event of an...more
12/22/2021
/ Banking Sector ,
CFTC ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
FDIC ,
Federal Reserve ,
Financial Services Industry ,
Notice Requirements ,
OCC ,
Popular ,
Securities and Exchange Commission (SEC)
Investors filed a derivative suit claiming that the company knew about, and failed to mitigate known, existing cybersecurity risks and shortfalls prior to the security breach.
In early November, pension funds and...more
12/7/2021
/ Board of Directors ,
Breach of Duty ,
Cybersecurity ,
Data Breach ,
Derivative Suit ,
Duty of Care ,
Duty of Loyalty ,
False Claims Act (FCA) ,
Federal Contractors ,
Fiduciary Duty ,
Good Faith ,
Home Depot ,
Institutional Investors ,
Marriott ,
Material Misstatements ,
Pension Funds ,
Popular ,
Security Breach ,
Shareholder Litigation ,
Shareholders ,
SolarWinds ,
Yahoo!
The updated rule also includes new exemptions, expands the definition of “financial institution,” and creates new accountability requirements.
On October 27th the Federal Trade Commission (“FTC”) adopted and published...more
11/11/2021
/ Customer Information ,
Cybersecurity ,
Data Security ,
Equifax ,
Exemptions ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Personally Identifiable Information ,
Regulatory Requirements ,
Safeguards Rule