The National Institute of Standards and Technology ("NIST") recently updated its 2020 Privacy Framework 1.0 to include artificial intelligence ("AI") risk management....more
On April 22, 2025, the Federal Trade Commission ("FTC") published the finalized amendments to the Children's Online Privacy Protection Act ("COPPA") Rule (the "Rule"), marking the first major update since 2013....more
5/9/2025
/ COPPA ,
Data Privacy ,
Federal Trade Commission (FTC) ,
FERPA ,
Final Rules ,
First Amendment ,
New Regulations ,
NPRM ,
Online Safety for Children ,
Parental Consent ,
Personal Information ,
Regulatory Requirements
The Office of Management and Budget releases highly anticipated guidance to federal agencies on the use and deployment of artificial intelligence and how to manage its risks....more
5/7/2025
/ Artificial Intelligence ,
Executive Orders ,
Federal Contractors ,
Government Agencies ,
Machine Learning ,
National Security ,
New Guidance ,
OMB ,
Regulatory Requirements ,
Risk Management ,
Technology Sector ,
Trump Administration
The European Union's Artificial Intelligence Act ("AI Act"), the world's first comprehensive legal framework on AI, entered into force on August 1, 2024. The AI Act sets out staggered compliance deadlines for the various...more
The U.S. Commerce Department's Bureau of Industry and Security ("BIS") issued a rule establishing a framework to prevent U.S. adversaries from accessing the most advanced artificial intelligence ("AI") systems while...more
2/6/2025
/ Artificial Intelligence ,
Bureau of Industry and Security (BIS) ,
Cybersecurity ,
Export Controls ,
Innovative Technology ,
Licensing Rules ,
National Security ,
Regulatory Requirements ,
Risk Management ,
Semiconductors ,
U.S. Commerce Department
DORA, the first EU regulation designed to establish a unified and robust digital resilience standard for the financial sector, becomes directly applicable on January 17, 2025, introducing significant penalties and...more
The Transportation Security Administration's ("TSA") proposed rule would require owners and operators of certain pipeline, freight railroad, passenger railroad, rail transit, and over-the-road bus ("OTRB") systems to...more
12/2/2024
/ Comment Period ,
Cybersecurity ,
Infrastructure ,
Oil & Gas ,
Pipelines ,
Proposed Rules ,
Railroads ,
Regulatory Agenda ,
Risk Management ,
Rulemaking Process ,
Surface Transportation ,
Transportation Security Administration
As the national implementation deadline for the NIS 2 EU Directive is over, businesses in scope should ensure they will soon be ready to comply with the strengthened cybersecurity requirements....more
New York recently passed new cybersecurity regulations for hospitals licensed in New York to enhance patient safety and cybersecurity....more
11/7/2024
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
Hospitals ,
Information Technology ,
New Legislation ,
New York ,
Personally Identifiable Information ,
PHI ,
Regulatory Reform
On August 9, 2024, Illinois Governor J.B. Pritzker signed into law H.B. 3773 (the "Act"), making Illinois the second state to pass broad legislation on the use of artificial intelligence ("AI") in employment decisions....more
10/30/2024
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Bias ,
Employer Liability Issues ,
Employment Discrimination ,
Employment Policies ,
Hiring & Firing ,
Illinois ,
Job Applicants ,
Labor Reform ,
Machine Learning ,
New Legislation ,
State Labor Laws
The first wave of Australia's expansive privacy law reforms has been introduced into Federal Parliament in the Privacy and Other Legislation Amendment Bill 2024 (Cth) ("Bill")....more
10/29/2024
/ Australia ,
Cybersecurity ,
Damages ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Invasion of Privacy ,
Personally Identifiable Information ,
Proposed Regulation ,
Regulatory Agenda ,
Regulatory Reform
On October 10, 2024, the EU Cyber Resilience Act ("CRA") was adopted by the Council of the European Union....more
On September 4, 2024, U.S. Securities and Exchange Commission ("SEC") Chair Gary Gensler reiterated concerns about artificial intelligence-related ("AI") disclosures and the need for companies to communicate accurately about...more
10/24/2024
/ Artificial Intelligence ,
Boilerplate Language ,
Broker-Dealer ,
Class Action ,
Disclosure Requirements ,
Investment Adviser ,
Machine Learning ,
Misrepresentation ,
Publicly-Traded Companies ,
Regulatory Requirements ,
Securities and Exchange Commission (SEC) ,
Securities Regulation ,
Securities Violations ,
Shareholder Litigation
On September 19, 2024, California adopted the California AI Transparency Act ("SB 942") to create transparency mechanisms that allow consumers to determine whether an "image, video, or audio content, or content that is any...more
Actions in the last six months of the Brazilian National Data Protection Authority (“ANPD”) suggest that it intends to aggressively enforce the Brazilian Data Protection Law (“LGPD”). The LGPD applies to any entity that...more
9/23/2024
/ Brazil ,
Consumer Privacy Rights ,
Data Breach ,
Data Controller ,
Data Privacy ,
Data Protection ,
Data Security ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Sensitive Personal Information
The Federal Aviation Administration ("FAA") has proposed new rules to standardize its criteria for addressing cybersecurity threats for transport category airplanes, engines, and propellers....more
On June 20, 2024, a U.S. federal district court held, in a suit brought by Jones Day, that the Department of Health and Human Services ("HHS") had misapplied the Health Insurance Portability and Accountability Act ("HIPAA")...more
8/2/2024
/ Confidential Information ,
Covered Entities ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Medical Records ,
New Guidance ,
PHI
The U.S. District Court for the Southern District of New York dismissed the majority of claims that the Security and Exchange Commission ("SEC") asserted against SolarWinds, including claims that the company's alleged...more
Rhode Island is the latest state to adopt a comprehensive data privacy law, titled the Data Transparency and Privacy Protection Act....more
The Federal Trade Commission ("FTC") intends to "strengthen and modernize" the Health Breach Notification Rule with revamped and increased scrutiny on entities holding health information, including health apps, websites, and...more
On May 17, 2024, Colorado enacted S.B. 24-205 (the "Act"), which imposes a duty of reasonable care on developers and deployers of high-risk artificial intelligence ("AI") systems to protect consumers from risks of algorithmic...more
The sweeping FAA Reauthorization Act of 2024 includes measures intended to improve safety and cybersecurity for the U.S. aviation sector....more
California's privacy enforcement agency has published crucial data minimization guidance for businesses....more
With the bipartisan, bicameral proposed American Privacy Rights Act of 2024, the U.S. Congress seeks to adopt the first national personal data privacy and security law that would preempt comprehensive state privacy laws....more
4/30/2024
/ Algorithms ,
Artificial Intelligence ,
Covered Entities ,
Data Protection ,
Federal Data Privacy ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Personal Information ,
Preemption ,
Proposed Legislation ,
Regulatory Agenda ,
Regulatory Reform ,
State Privacy Laws
CISA's proposed rules will require organizations operating in U.S. critical infrastructure sectors to report cyber incidents within 72 hours and ransom payments within 24 hours. ...more