Danielle Ocampo, a member of the CLA’s Law Section, interviewed Steve Millendorf (Partner, San Diego) to gain a deeper understanding of how California is approaching and implementing the EU AI Act.
How do the principles...more
Whether the game is football, baseball, hockey, or Indy Car racing, no team goes into their major championship matchup without training. Companies need to train as well if they intend to operate on the internet and expect to...more
6/14/2024
/ Breach Notification Rule ,
Critical Infrastructure Sectors ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
EU ,
Gramm-Leach-Blilely Act ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Intellectual Property Protection ,
NIST ,
Personal Information ,
Privacy Laws ,
Reporting Requirements ,
Software ,
Supply Chain ,
Third-Party Risk
On January 29 the California legislature introduced the California Children’s Data Privacy Act (AB 1949) in what appears to be the first bill proposed to amend the California Consumer Privacy Act (CCPA) since passage of...more
On October 30, 2023, President Biden signed the 53-page Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence that significantly advances the United States' policy framework...more
11/17/2023
/ Algorithms ,
Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Equity ,
Executive Orders ,
Innovative Technology ,
Machine Learning ,
National Security ,
OMB ,
Popular ,
Regulatory Agenda ,
Regulatory Oversight
Following a California Chamber of Commerce lawsuit, a Superior Court of California judge has delayed enforcement of the California Privacy Rights Act (CPRA) regulations until March 29, 2024. The suit argued that California...more
As we previously discussed, earlier this year the National Institute of Standards and Technology (NIST) launched the Trustworthy and Responsible AI Resource Center. Included in the AI Resource Center is NIST’s AI Risk...more
7/6/2023
/ Artificial Intelligence ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Hardware ,
Information Governance ,
Machine Learning ,
NIST ,
Raw Data Metrics ,
Reliability Standards ,
Risk Management ,
Safety Standards ,
Software ,
Third-Party ,
Transparency ,
Validation and Re-Validation Requirements
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
On July 6, 2022, the heads of the U.S. Federal Bureau of Investigation (FBI) and the British MI5 law enforcement agencies issued an unprecedented joint statement warning about espionage and other economic threats from China....more
7/12/2022
/ Audits ,
China ,
Corporate Counsel ,
Cybersecurity ,
Enforcement Actions ,
FBI ,
NIST ,
Policies and Procedures ,
Popular ,
Supply Chain ,
UK
On March 21, 2022, President Biden issued a statement reiterating warnings that Russia is “exploring” options for potential cyberattacks against the United States in retaliation for sanctions against Russia for its invasion...more
The Federal Trade Commission (FTC) accepted a proposed consent agreement earlier this week that includes payment of $500,000 for consumer redress from CafePress, an online platform allowing consumers to purchase customized...more
On February 22, 2022, U.S. Department of Homeland Security Secretary Alejandro Mayorkas warned critical infrastructure organizations located in the United States of possible cyberattacks by Russian state-sponsored actors in...more
On August 15, 2021, a number of media outlets indicated that T-Mobile was investigating a data breach that may have included the names, date of births, phone numbers, T-Mobile account pins, Social Security numbers, and...more
The European Commission adopted new versions of the Standard Contractual Clauses (SCCs) on June 4, 2021. The new SCCs finally replace the original SCCs adopted under the 1998 European Data Protection Directive (DPD) and did...more
7/6/2021
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK Data Protection Act
On June 2, 2021, Anne Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology, published a rare open letter to the corporate executives and business leaders of...more
6/14/2021
/ Corporate Executives ,
Cybersecurity ,
Department of Justice (DOJ) ,
Economic Sanctions ,
Embargo ,
Executive Orders ,
Hackers ,
International Emergency Economic Powers Act (IEEPA) ,
Joe Biden ,
Office of Foreign Assets Control (OFAC) ,
Popular ,
Ransomware ,
TWEA
On May 12, 2021, President Biden issued an Executive Order on Improving the Nation’s Cybersecurity following a series of highly publicized cybersecurity incidents during the first four months of his presidency, including the...more
5/14/2021
/ Compliance ,
Cybersecurity ,
Department of Defense (DOD) ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
DFARS ,
Encryption ,
Executive Orders ,
FBI ,
Federal Acquisition Regulations (FAR) ,
Joe Biden ,
National Security Agency (NSA) ,
Popular ,
Software ,
Supply Chain
On October 28, 2020, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) issued a joint warning that they...more
10/30/2020
/ Coronavirus/COVID-19 ,
Cyber Crimes ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Health and Human Services (HHS) ,
FBI ,
Germany ,
Health Care Providers ,
Hospitals ,
New Guidance ,
Pennsylvania ,
Ransomware
On May 13, 2020, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Research Agency (CISA) issued an announcement directed at organizations involved in COVID-19 research to be on increased...more
As industry continues to adapt to the evolving realities of shelter-in-place orders, companies face challenges in supporting an unprecedented remote workforce while balancing compliance with a variety of regulatory agencies....more
5/4/2020
/ CARES Act ,
Centers for Disease Control and Prevention (CDC) ,
Centers for Medicare & Medicaid Services (CMS) ,
Consumer Financial Protection Bureau (CFPB) ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Popular ,
Safe Harbors ,
World Health Organization
As industry continues to adapt to the evolving realities of shelter-in-place orders, companies face challenges in supporting an unprecedented remote workforce while balancing compliance with a variety of regulatory agencies....more
4/9/2020
/ Business Interruption ,
California Consumer Privacy Act (CCPA) ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Regulatory Standards ,
Remote Working ,
Small Business ,
State of Emergency
New York State has enacted S5575, the Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”). This new law amends New York General Business Code 899-aa and adds Section 899-bb to significantly expand consumer...more
9/30/2019
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Personally Identifiable Information ,
SHIELD Act ,
State Attorneys General ,
State Data Breach Notification Statutes
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
On September 26, 2018, a record settlement was reached between Uber and the attorneys general of all 50 states and the District of Columbia over the company’s 2016 data breach. While this case presents an extreme example of...more
...On June 28, 2018, California passed AB 375, the California Consumer Privacy Act of 2018 (CCPA), which will become effective January 1, 2020. Introduced just a week earlier in an effort to defeat a much stricter...more
7/3/2018
/ Consumer Protection Laws ,
Cybersecurity ,
Data Collection ,
General Data Protection Regulation (GDPR) ,
Governor Brown ,
New Legislation ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Portability ,
Right to Be Forgotten ,
State and Local Government