The U.S. government’s recent complaint in a relator-filed case under the False Claims Act (FCA):
- Marks the first FCA suit in which the Department of Justice (DOJ) has intervened since launching its ongoing Civil...more
As AI systems become more complex, companies are increasingly exposed to reputational, financial and legal risk from developing and deploying AI systems that do not function as intended or that yield problematic outcomes. The...more
9/4/2024
/ Artificial Intelligence ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
EU ,
Machine Learning ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Assessment ,
Risk Management ,
Technology Sector ,
UK
Earlier this year, a dedicated policy prepared by the European Central Bank (ECB) came into effect requiring bank management bodies to broaden their collective understanding of and proficiency in identifying and dealing with...more
Two recent settlements under the False Claims Act (FCA):
- Signal enhanced risk around cybersecurity for recipients of federal funds.
- Underscore the need to assess compliance with cybersecurity requirements and...more
Colorado has become the first state to enact a comprehensive law relating to the development and deployment of certain artificial intelligence (AI) systems. The Colorado Artificial Intelligence Act (CAIA), which will go into...more
6/24/2024
/ Artificial Intelligence ,
Colorado ,
Consumer Financial Products ,
Consumer Protection Laws ,
Cybersecurity ,
Data Privacy ,
Disclosure Requirements ,
FinTech ,
Machine Learning ,
New Legislation ,
Regulatory Reform ,
Regulatory Requirements ,
Risk Management
On April 2, 2024, the Enforcement Division of the California Privacy Protection Agency (CPPA) issued Enforcement Advisory No. 2024-01. This first-ever enforcement advisory focuses on promoting compliance with California...more
4/19/2024
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Litigation ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Enforcement ,
Financial Institutions ,
FinTech ,
Intellectual Property Protection ,
Opt-Outs ,
Regulatory Requirements ,
Technology
AI in 2024: Monitoring New Regulation and Staying in Compliance With Existing Laws Companies that develop or employ AI tools have to consider proposed AI-specific regulation as well as an array of existing IP, privacy,...more
12/22/2023
/ Acquisitions ,
Artificial Intelligence ,
CFIUS ,
China ,
Cybersecurity ,
Data Privacy ,
Energy Sector ,
EU ,
Intellectual Property Litigation ,
Intellectual Property Protection ,
International Litigation ,
Investment ,
IRS ,
Mergers ,
National Security ,
New Hires ,
New Legislation ,
New Regulations ,
Outer Space ,
Private Equity ,
Regulatory Agenda ,
Securities and Exchange Commission (SEC) ,
Taxation ,
Technology Sector ,
Trade Relations ,
Trade Restrictions ,
UK
The U.S. Securities and Exchange Commission (SEC) adopted final rules in 2023 that are intended to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance and incident reporting by...more
12/20/2023
/ Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
FBI ,
Form 8-K ,
Incident Response Plans ,
Popular ,
Publicly-Traded Companies ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)
On September 28, 2023, the Cyberspace Administration of China (CAC) published the draft Provisions on Regulating and Promoting Cross-Border Data Transfers (Draft Provisions). If adopted into law in their current form, the...more
On October 30, 2023, the SEC filed a litigated complaint against SolarWinds, a software development company, and Timothy Brown, its chief information security officer (CISO). The SEC alleges that from October 2018, when...more
11/7/2023
/ Compliance ,
Corporate Governance ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Disclosure ,
Enforcement Actions ,
Information Security ,
Information Technology ,
Popular ,
Risk Management ,
Risk Mitigation ,
SolarWinds
On October 30, the U.S. government released its long-awaited, sweeping executive order (the AI EO or Order) on artificial intelligence (AI). The Order directs various U.S. government departments and agencies to evaluate AI...more
11/6/2023
/ Artificial Intelligence ,
Biden Administration ,
Compliance ,
Copyright ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Executive Orders ,
Healthcare ,
Innovative Technology ,
Intellectual Property Protection ,
Legislative Agendas ,
Life Sciences ,
Machine Learning ,
National Security ,
Popular ,
Regulatory Agenda ,
Regulatory Reform ,
Regulatory Requirements ,
Technology Sector
In this month’s Privacy & Cybersecurity Update, we examine Delaware’s new comprehensive data privacy law, a joint statement by 12 data protection authorities on data scraping and data protection, a district court ruling on a...more
10/3/2023
/ California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Popular ,
Privacy Laws ,
Risk Assessment ,
Risk Management ,
State and Local Government ,
State Data Privacy Laws ,
State Privacy Laws ,
Web Scraping
In this month’s Privacy & Cybersecurity Update, we analyze the Biden administration’s proposed cybersecurity labeling program for smart devices, NIST’s extensive overhaul of its cybersecurity framework, and data privacy law...more
9/6/2023
/ Biden Administration ,
California ,
California Privacy Rights Act (CPRA) ,
Colorado ,
Compliance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Labeling ,
NIST ,
Popular ,
Privacy Laws ,
Smart Devices ,
State Privacy Laws
In this month’s Privacy & Cybersecurity Update, we examine the newly established data privacy framework between the EU and U.S. and new consumer privacy laws in Oregon and Texas. We also review a court ruling that delayed...more
8/2/2023
/ Biometric Information Privacy Act ,
California ,
California Privacy Rights Act (CPRA) ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Framework ,
Data Privacy ,
Data Transfers ,
Disclosure ,
EU ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
NYDFS ,
Oregon ,
Popular ,
Privacy Laws ,
Proposed Amendments ,
Regulatory Requirements ,
Risk Management ,
Texas
In this month’s Privacy & Cybersecurity Update, we look at Washington state’s passage of the first-ever state-level health data privacy law and the finalized California Consumer Privacy Act regulations. We also examine a...more
5/2/2023
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Food and Drug Administration (FDA) ,
Fraudulent Wire Transfers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Insurance Industry ,
Medical Devices ,
Notice of Proposed Rulemaking (NOPR) ,
Popular ,
Privacy Laws ,
Reproductive Healthcare Issues ,
State Privacy Laws
In this month’s Privacy & Cybersecurity Update, we examine the European Commission’s draft adequacy decision on the EU-U.S. Data Privacy Framework, as well as guidance from the U.K. Information Commissioner’s Office on...more
1/3/2023
/ Biometric Information Privacy Act ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Employee Monitoring ,
EU ,
European Commission ,
International Data Transfers ,
Popular ,
Privacy Laws ,
Risk Assessment ,
UK
In this month’s Privacy & Cybersecurity Update, we examine the California Privacy Protection Agency’s revised draft regulations for the California Privacy Rights Act, the Federal Trade Commission’s settlement with a...more
12/6/2022
/ California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Direct Marketing ,
Electronic Communications ,
Enforcement ,
Federal Trade Commission (FTC) ,
Notice Requirements ,
Opt-Outs ,
Personally Identifiable Information ,
Popular ,
Proposed Regulation ,
Regulatory Agenda ,
Rulemaking Process ,
UK
In this month’s Privacy & Cybersecurity Update, we review California’s settlement of the first-ever enforcement action under the California Consumer Privacy Act, as well as the state’s new child-focused privacy law and...more
In this month’s Privacy & Cybersecurity Update, we review the FTC’s proposed data privacy and cybersecurity rulemaking and the European Data Protection Board’s draft guidelines on the calculation of GDPR administrative fines....more
9/7/2022
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Gramm-Leach-Blilely Act ,
Popular ,
Public Comment ,
Rulemaking Process
In this month’s Privacy & Cybersecurity Update, we examine the FTC’s blog post suggesting an increased focus on protecting consumers’ sensitive data and Plaid’s settlement to resolve a class action arising from its data...more
In this month's Privacy & Cybersecurity Update, we examine California’s draft amended regulations for the California Privacy Rights Act, the introduction of comprehensive federal privacy legislation in Congress and the U.K.’s...more
In this month’s Privacy & Cybersecurity Update, we review Connecticut’s passage of a comprehensive privacy law (making it the fifth state to do so), the newly enacted federal Better Cybercrime Metrics Act, New York’s new law...more
6/3/2022
/ COPPA ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Personal Data ,
Popular ,
State Privacy Laws
In this month’s Privacy & Cybersecurity Update, we examine the FTC chair’s comments suggesting a potential shift in its approach to data privacy regulation, the European Data Protection Board’s request for comment on its...more
5/4/2022
/ Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Food and Drug Administration (FDA) ,
Medical Devices ,
Personal Data ,
Personally Identifiable Information ,
Popular
In this month’s Privacy & Cybersecurity Update, we examine the Illinois Supreme Court’s decision in a case involving workers compensation and the state’s Biometric Information Privacy Act, U.K. data transfer regimes before...more
3/2/2022
/ Biometric Information ,
Biometric Information Privacy Act ,
COPPA ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection Authority ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
IL Supreme Court ,
International Data Transfers ,
Internet of Things ,
NIST ,
Personal Data ,
Popular ,
Standard Contractual Clauses
In this month’s Privacy & Cybersecurity Update, we examine the U.S. Chamber of Commerce’s letter to Congress calling for federal cybersecurity legislation, the New York attorney general’s report on “credential stuffing”...more
2/3/2022
/ Biometric Information Privacy Act ,
Commercial General Liability Policies ,
Consumer Financial Protection Bureau (CFPB) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
FTC Act ,
Medical Devices ,
Personal Information