The Privacy Insider Podcast Ep. 7: David, Goliath, and Data Privacy Part II: Max Schrems
When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
Navigating Emerging Privacy Issues in Financial Services — The Consumer Finance Podcast
The Privacy Insider Podcast Episode 4: Don't Be Evil: In the Hot Seat of Data Privacy, Part 1
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Preventative Medicine: Health Care AI Privacy and Cybersecurity – Part 1 — The Good Bot Podcast
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
[Webinar] AI and Data Privacy: Minimizing Risk and Maximizing Opportunity
Work This Way: A Labor & Employment Law Podcast | Episode 14: How Employers Can Navigate Cybersecurity Issues with Brandon Robinson, Maynard Nexsen Attorney
As discussed in our previous blog post, the Cybersecurity and Infrastructure Security Agency (CISA) is proposing a significant new rule to bolster the nation’s cyber defenses through mandatory incident reporting. While...more
April 2024 On April 4, 2024, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (“CISA”) published a 447-page Notice of Proposed Rulemaking (“Proposed Rules”) in accordance with the...more
On March 15, 2022, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 was signed into law. Generally, CIRCIA requires “covered entities,” defined as entities in certain critical infrastructure sectors, to...more
On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) within the US Department of Homeland Security released a much-anticipated notice of proposed rulemaking (NPRM) to implement the Cyber Incident...more
The Department of Defense published a much-anticipated Proposed Rule at the end of last year for its Cybersecurity Maturity Model Certification program. The proposed rule is our first comprehensive look at the latest...more
The Department of Health and Human Services ("HHS") has released a concept paper outlining its new cybersecurity strategies for the health care sector, identifying cybersecurity priorities, potential future regulations and...more
When I reflect on the relationship that our firm has with our clients, I’m most proud of the fact that you can always count on us. That often means defending complex litigation, steering you through regulatory threats,...more
Welcome to this month's issue of The BR Privacy & Security Download, the digital newsletter of Blank Rome’s Privacy, Security & Data Protection practice....more
On October 3, 2023, the FAR Council released two long-awaited proposed rules for federal contractor cybersecurity stemming from the Biden Administration’s Cybersecurity Executive Order from May 2021 (Executive Order 14028)....more
Welcome to the third edition of our AI Legal News Summer Roundup! After five class actions were filed between June 28 and July 11 (as reported on in our first edition of this series), on July 21, another class action lawsuit...more
At an Open Meeting on July 26, 2023, the US Securities and Exchange Commission (SEC) adopted final rules and amendments that impose new cybersecurity-related disclosure requirements for public companies subject to the...more
In yet another indication of the increasing weight being given by government officials to cybersecurity, on July 26, 2023, the Securities and Exchange Commission adopted new rules requiring public companies to disclose...more
Regulator proposes requiring content moderation, algorithmic transparency, data protection and security, nondiscrimination, and quality of training data - Regulators around the globe are paying close attention to the...more
On March 15, 2023 the Securities and Exchange Commission (“SEC”) proposed three new sets of rules (the “Proposed Rules”) which, if adopted, would require a variety of companies to beef up their cybersecurity policies and data...more
The Securities and Exchange Commission (SEC or Commission) voted on March 15, 2023, to propose three new sets of rules for data security, cybersecurity, and IT operational resilience. The newly proposed rules would, among...more
The Colorado Attorney General's Office has published its much-anticipated proposed rules (Proposed Rules) implementing the Colorado Privacy Act (CPA), which, as we discussed in an earlier blog post, was enacted on July 7,...more
Government agencies at the state and federal levels are increasingly training their sights on the cybersecurity resiliency of companies in an array of industries. The US Securities and Exchange Commission has proposed rules...more
President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) on March 15, 2022. The background and contours of CIRCIA are discussed in a previous update. CIRCIA authorizes and...more
The first half of 2022 brought plenty of activity in the data privacy and cybersecurity space, much of which is applicable to or of interest to the insurance industry. We outline some of this activity below. Revisions to...more
On May 27, 2022, the California Privacy Protection Agency (CPPA) released draft regulations (though still not yet part of a formal rulemaking process) that include what would be seismic changes to California Privacy Rights...more
In the wake of Russia’s invasion of Ukraine, and amid growing concerns regarding the threat of increased cyberattacks targeting infrastructure and other critical industries, there has been a flurry of federal activity to...more
President Biden recently signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 as a part of a larger omnibus appropriations bill. The new law sets out mandatory reporting requirements for...more
In remarks in January before the Northwestern Pritzker School of Law’s Annual Securities Regulation Institute, SEC Chair Gary Gensler addressed cybersecurity under the securities laws. (See this PubCo post.) Gensler suggested...more
Following U.S. Securities and Exchange Commission (SEC) Chairman Gary Gensler's recent speech directing the agency to expand cybersecurity requirements on regulated entities, the SEC on Feb. 9, 2022, voted to propose new...more
In This Issue. The Office of the Comptroller of the Currency (OCC), the Federal Deposit Insurance Corporation (FDIC) and the Board of Governors of the Federal Reserve System (together, the Agencies) issued a final rule...more