The United States Patent and Trademark Office, along with the U.S. Departments of State and Commerce, sought initial public comment last week on draft guidelines entitled "International Guiding Principles for Organizations...more
10/31/2023
/ Algorithms ,
Artificial Intelligence ,
Comment Period ,
Copyright ,
Copyright Litigation ,
Cybersecurity ,
Intellectual Property Protection ,
Machine Learning ,
Technology ,
U.S. Commerce Department ,
USPTO
On August 15, 2023, the Consumer Financial Protection Bureau ("CFPB") announced it was launching a rulemaking aimed at subjecting any company or entity that collects and sells consumer data to the Fair Credit Reporting Act...more
8/28/2023
/ Consumer Financial Protection Bureau (CFPB) ,
Consumer Reporting Agencies ,
Consumer Reports ,
Cybersecurity ,
Data Brokers ,
Data Collection ,
Data Privacy ,
Data Protection ,
Fair Credit Reporting Act (FCRA) ,
Financial Services Industry ,
Personal Data ,
Popular ,
Rulemaking Process
In Short -
The Situation: Following a cyberattack on a law firm's systems, the Securities and Exchange Commission ("SEC") subpoenaed the firm for information, including the identity of clients whose information may have...more
8/15/2023
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Discovery ,
Enforcement Actions ,
Evidence ,
Fourth Amendment ,
Government Investigations ,
Hackers ,
Material Nonpublic Information ,
Personally Identifiable Information ,
Securities and Exchange Commission (SEC) ,
Subpoenas
In Short -
The Situation: On July 26, 2023, the U.S. Securities and Exchange Commission ("SEC") adopted final rules that significantly alter cybersecurity disclosure obligations for companies. The SEC's final rules adopt...more
8/2/2023
/ Corporate Governance ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 10-K ,
Form 8-K ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
On July 21, 2023, the White House announced that seven leading technology companies—Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI—voluntarily committed to mitigating the risks posed by artificial...more
7/25/2023
/ Algorithms ,
Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Innovative Technology ,
Machine Learning ,
Regulatory Agenda ,
Regulatory Oversight ,
Risk Mitigation
On July 10, 2023, the EU Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework, concluding that the United States ensures an adequate level of protection for personal data transferred from the...more
On June 16, the U.S. Department of Commerce published a final rule, effective July 17, 2023, on Securing the Information and Communications Technology and Services ("ICTS") Supply Chain, signaling potential new actions on...more
On March 28, 2023, Iowa—following California, Colorado, Connecticut, Utah, and Virginia—became the sixth state to adopt a comprehensive consumer data privacy law.
On March 28, 2023, Iowa Governor Kim Reynolds signed "An...more
If adopted, these proposed rules would (i) enhance protection of customer information under Regulation S-P, (ii) add new requirements addressing cybersecurity risk to the U.S. securities markets, and (iii) expand the types of...more
Asserting that the company misstated the scope of data stolen in the cyberattack, the SEC provides a clear reminder that cybersecurity disclosures remain an agency priority....more
The Federal Trade Commission ("FTC") has brought its first enforcement action for violations of the Health Breach Notification Rule ("HBNR"), signaling heightened federal agency scrutiny of digital health platforms,...more
The National Institute of Standards and Technology ("NIST") has released its AI Risk Management Framework ("AI RMF") as a resource to reportedly assist individuals, organizations, and society identify risks associated with...more
In Short -
The Situation: Following a number of high-profile cyber incidents resulting in significant data breaches, the Australian Government has doubled down on its efforts to strengthen privacy laws and cybersecurity...more
Across multiple continents and industries, artificial intelligence ("AI") is a topic of intense focus by governments, research institutions, investors, and corporations—from start-ups to well-established industry players. As...more
In Short -
The Situation: The California Privacy Protection Agency ("CPPA" or "Agency") has modified its proposed regulations implementing many key California Privacy Rights Act ("CPRA") requirements....more
On October 7, 2022, President Biden signed an executive order on "Enhancing Safeguards for United States Signals Intelligence Activities," outlining the measures that the United States will take to implement its commitments...more
On September 28, 2022, the European Commission published two proposals—the Revised Product Liability Directive and the AI Liability Directive—aimed at adapting liability rules to the green and digital transition within the...more
On September 15, 2022, the European Commission ("EU") published a proposal for a Cyber Resilience Act, the first EU-wide legislation introducing a single set of cybersecurity rules for hardware and software products placed in...more
On August 24, 2022, California Attorney General Rob Bonta announced his office's first privacy enforcement action and settlement against a publicly disclosed entity, Sephora, Inc., for violations of the CCPA, including the...more
The Federal Trade Commission announced on August 11, 2022, that it is seeking public comment regarding its Advanced Notice of Proposed Rulemaking on commercial surveillance and data security.
The Federal Trade Commission...more
On March 24, 2022, Utah followed California, Virginia, and Colorado in adopting a comprehensive consumer data privacy law.
On March 24, 2022, Utah Governor Spencer Cox signed the Consumer Privacy Act ("Act"), making Utah...more
4/7/2022
/ Cybersecurity ,
Data Breach ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Security ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Reform ,
State Data Privacy Laws
On March 15, 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the "Act"), creating new requirements for organizations operating in critical infrastructure sectors to...more
3/18/2022
/ Biden Administration ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Data Protection ,
Data Security ,
New Legislation ,
Popular ,
Regulatory Reform ,
Reporting Requirements
As part of the SEC's broader rulemaking initiative, on March 9, 2022, the SEC proposed amendments to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by...more
3/14/2022
/ Corporate Governance ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Foreign Private Issuers ,
Form 10-K ,
Form 10-Q ,
Form 8-K ,
Proposed Amendments ,
Publicly-Traded Companies ,
Regulation S-K ,
Regulatory Agenda ,
Regulatory Reform ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
Regulations will mandate more robust customer identity verification procedures and special measures to combat malicious cyber activities.
On September 24, 2021, the Department of Commerce ("Commerce") published an Advance...more
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
President Biden Issues Cybersecurity Executive Order -
On May 12, 2021, President Biden issued an executive order that placed new standards on the...more
8/10/2021
/ Article III ,
Biden Administration ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Executive Orders ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Technology ,
Mobile Apps ,
Personal Data ,
Popular ,
Ransomware ,
SCOTUS ,
Standing ,
TransUnion LLC v Ramirez