When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
Navigating Emerging Privacy Issues in Financial Services — The Consumer Finance Podcast
The Privacy Insider Podcast Episode 4: Don't Be Evil: In the Hot Seat of Data Privacy, Part 1
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Preventative Medicine: Health Care AI Privacy and Cybersecurity — The Good Bot Podcast
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
[Webinar] AI and Data Privacy: Minimizing Risk and Maximizing Opportunity
Work This Way: A Labor & Employment Law Podcast | Episode 14: How Employers Can Navigate Cybersecurity Issues with Brandon Robinson, Maynard Nexsen Attorney
Uncovering Hidden Risks: Ep 13 - Unveil Data Security Paradoxes
Cyberattacks powered by artificial intelligence have become more sophisticated as bad actors utilize machine learning to analyze vulnerabilities, automate exploits, and outpace traditional security measures. Through the use...more
As discussed in our previous blog post, the Cybersecurity and Infrastructure Security Agency (CISA) is proposing a significant new rule to bolster the nation’s cyber defenses through mandatory incident reporting. While...more
On May 23, 2024, the U.S. Department of Housing and Urban Development (“HUD”) issued requirements, effective immediately, for all FHA-approved mortgagees to report certain cyber incidents to HUD within 12 hours of detection....more
We are pleased to announce that several of the firm’s practice groups and attorneys were recognized in the 2024 edition of Chambers USA, a directory of leading law firms and attorneys. Chambers and Partners annually...more
For years, the Gramm-Leach-Bliley Act (GLBA) has required financial institutions to maintain reasonable safeguards for consumer data, but has only had limited breach-reporting requirements. To the extent financial...more
On May 24, 2024, the Office of the Information and Privacy Commissioner of Canada (OPC) issued new guidance relating to data breach reporting for federal institutions and businesses....more
The Securities and Exchange Commission (“SEC”) has announced the adoption of amendments to Regulation S-P (“Amendments”) to modernize and enhance the rules that govern the treatment of consumers’ nonpublic personal...more
The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) was enacted in 2022 with the primary purpose of preserving national security, economic security, and public health and safety. CIRCIA provides the Director...more
Le 13 mai 2024, le gouvernement de l’Ontario (le « gouvernement ») a déposé le projet de loi 194, Loi de 2024 visant à renforcer la cybersécurité et la confiance dans le secteur public (le « projet de loi 194 »). S’il est...more
On May 13, 2024, the Government of Ontario introduced Bill 194, the Strengthening Cyber Security and Building Trust in the Public Sector Act, 2024 (Bill 194), which, if passed, will significantly reform the Freedom of...more
The State of Utah recently amended its general data breach notification statute to update the content that must be reported to the Utah Attorney General or the Utah Cyber Center. The amendments also clarify when notifications...more
On May 2, the Department of Defense (DOD) issued a class deviation to DFARS 252.204-7012 “to provide industry time for a more deliberate transition upon the forthcoming release of [National Institute of Standards and...more
On April 4, 2024, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) officially published its Notice of Proposed Rulemaking (NPRM) detailing significant new cybersecurity...more
Utah, among other privacy laws it has enacted or modified recently, has also modified its breach notification law. This follows last year’s changes to the law, which among other things codified the state’s Cyber Center....more
The Cybersecurity and Infrastructure Agency (CISA) is seeking comment on a proposed rule to implement reporting requirements for critical infrastructure entities, including health care entities, on cyberattacks and ransomware...more
April 2024 On April 4, 2024, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (“CISA”) published a 447-page Notice of Proposed Rulemaking (“Proposed Rules”) in accordance with the...more
On March 15, 2022, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 was signed into law. Generally, CIRCIA requires “covered entities,” defined as entities in certain critical infrastructure sectors, to...more
On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (“CISA”) released proposed regulations requiring expansive new cybersecurity incident and ransomware payment reporting across sixteen “critical...more
On March 19, Utah enacted SB 98 which amended the state’s online data security and privacy requirements. SB 98 will include new protocols that individuals and governmental entities must follow under its data breach reporting...more
On March 11, the Governor of Indiana signed SB 220 (the “Act”) which will add cyber incident notification guidelines for financial institutions. The Act defined the term "corporation" as the following entities organized in...more
On Jan. 1, the Corporate Transparency Act (CTA) went into effect, premised on the belief that illicit actors use corporate structures like shell companies and fronts to hide their identities and launder criminal proceeds...more
Threat actors are evolving. Our Privacy, Cyber & Data Strategy Team explains how ransomware gangs have changed their tactics and how companies can respond to the threat while navigating new scrutiny from investors and...more
Introduction: On February 12, 2024, the Federal Communications Commission (FCC) finalized a critical cybersecurity rule, Sec. 64.2011, mandating telecommunications carriers and TRS (Telecommunications Relay Services)...more
Amidst the relentless waves of pandemic-induced uncertainty, organizations found themselves at a crossroads, compelled to reimagine how their businesses operated. For example, when stay at home orders continued to be extended...more
In recognition of International Privacy Day on January 28, we wanted to share some insights on the top privacy and cybersecurity issues for the new year. Data privacy and cybersecurity will continue to be one of the most...more