As we have previously written, late last year the New York Department of Financial Services (NYDFS) adopted long-awaited amendments to its Part 500 Cybersecurity Regulations (Part 500). These are some of the most significant...more
On September 13, 2024, the Colorado Attorney General’s Office (AG) published proposed amendments to the Colorado Privacy Act (CPA) Rules that create new requirements for the collection and use of biometric data and children’s...more
On September 4, 2024, the California Privacy Protection Agency (CPPA) issued an Enforcement Advisory on the importance of avoiding dark patterns. As we have previously written, dark patterns were first addressed in detail in...more
On May 15, 2024, the Securities and Exchange Commission (the “SEC”) adopted amendments to Regulation S-P. Originally passed in 2000, Regulation S-P regulates the treatment of non-public personal information of consumers by...more
6/5/2024
/ Broker-Dealer ,
Customer Information ,
Cybersecurity ,
Data Breach ,
Financial Institutions ,
Incident Response Plans ,
Investment Adviser ,
Personal Information ,
Recordkeeping Requirements ,
Registered Investment Companies (RICs) ,
Regulation S-P ,
Reporting Requirements ,
Securities and Exchange Commission (SEC)
In the rapidly evolving landscape of AI, the valuation and viability of AI companies are extensively tied to their intellectual property assets. For AI companies, safeguarding these assets is not just about legal...more
5/30/2024
/ Algorithms ,
Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Early Stage Companies ,
General Data Protection Regulation (GDPR) ,
Infringement ,
Intellectual Property Protection ,
Investors ,
Open Source Software ,
Patent Examinations ,
Risk Management ,
Startups
On May 16, 2024, the Illinois Legislature passed SB 2979, which amends the Illinois Biometric Information Privacy Act (BIPA) to clarify that any person whose biometric identifier or biometric information is “scanned” by a...more
Paul Hastings attended the spring 2024 Privacy+Security Forum hosted by Professors Daniel Solove and Paul Schwartz, where privacy professionals from all over the world gathered in Washington, D.C. to learn about the latest...more
On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (“CISA”) released proposed regulations requiring expansive new cybersecurity incident and ransomware payment reporting across sixteen “critical...more
4/2/2024
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Security ,
Department of Defense (DOD) ,
DFARS ,
Federal Information Security Modernization Act (FISMA) ,
Healthcare ,
Information Technology ,
NERC ,
Popular ,
Proposed Regulation ,
Ransomware ,
Reporting Requirements ,
Water
Federal jurisdiction under the Gramm Leach Bliley Act (“GLBA”) is a patchwork, particularly for banks –the Federal Reserve, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency all...more
On October 3, 2023, the Federal Acquisition Regulatory (“FAR”) Council released two draft rules which would impose new cybersecurity requirements for federal contractors. Comment periods for both proposed rules were slated to...more
The New York Department of Financial Services (NYDFS) adopted a long-expected amendment to its Part 500 Cybersecurity Regulations (Part 500) this week. These are the first significant changes to Part 500 since its inception...more
On October 30, 2023, the Biden-Harris Administration unveiled a sweeping Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI). The Executive Order represents the most...more
11/1/2023
/ Artificial Intelligence ,
Biden Administration ,
Consumer Protection Laws ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Directorate of Defense Trade Controls (DDTC) ,
Executive Orders ,
Healthcare ,
Immigration Procedures ,
National Security ,
NIST ,
Popular ,
Risk Management ,
U.S. Commerce Department
As we enter into the final few months of the year, it is important for companies operating in the United States to not only assess the implementation of the compliance requirements for the four new comprehensive state privacy...more
11/1/2023
/ Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Employee Privacy Rights ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opt-Outs ,
Private Right of Action ,
State Privacy Laws
Earlier this month the Federal Acquisition Regulation (“FAR”) Council released two draft rules which would impose new cybersecurity requirements for federal contractors. The proposed rules, Cyber Threat and Incident Reporting...more
10/25/2023
/ Comment Period ,
Controlled Unclassified Information (CUI) ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Preservation ,
Executive Orders ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Information Technology ,
Popular ,
Proposed Rules ,
Software ,
Subcontractors
The SEC’s Cybersecurity Risk Management Strategy, Governance, and Incident Disclosure Rules were officially published in the Federal Register on August 4, 2023 and go into effect on September 5, 2023....more
On July 26, 2023, the U.S. Securities and Exchange Commission adopted enhanced disclosure requirements regarding cybersecurity risk management, strategy, governance and incident reporting for public companies. The final rules...more
Oregon is the latest state to join the growing patchwork of U.S. state privacy laws. On July 18, 2023, the Oregon Governor signed S.B. 619, enacting what will become the eleventh state privacy law. The Oregon law follows many...more
The New York Department of Financial Services (“NYDFS”) released a “revised proposed second amendment” on June 28 that makes further changes to its Cybersecurity Regulation (“23 NYCRR Part 500”). Part 500 was first enacted in...more
Based on recent changes to its rulemaking agenda, the Securities Exchange Commission has postponed the much anticipated release of its final rules for Cybersecurity Risk Management, Strategy, Governance and Incident...more
Washington State (“Washington”) is preparing to break new ground in the privacy law space, as its legislature finalizes the “My Health My Data Act“ which will further regulate how health data of Washington residents should be...more
On March 30, 2023, the California Office of Administrative Law (OAL) formally approved regulations that will govern the applicability and enforcement of the California Privacy Rights Act (CPRA)....more
As we continue to wait for a potential federal privacy law, the State of Iowa became the sixth state to pass a comprehensive state privacy law (Senate File 262) on March 28th when Governor Kim Reynolds signed the legislation....more
On March 23, 2023, the Illinois Supreme Court issued an opinion in Walton v. Roosevelt University, 2023 IL 128338 that affirms the validity of an important preemption defense for employers facing litigation under the Illinois...more
On March 15, 2023, the SEC issued proposed amendments and a proposed rule addressing cybersecurity. Specifically, the SEC proposed Rule 10, which addresses cybersecurity risks, and proposed to amend Regulation SCI and...more
3/30/2023
/ Cyber Incident Reporting ,
Cybersecurity ,
Incident Response Plans ,
MSRB ,
Notification Requirements ,
Policies and Procedures ,
Popular ,
Proposed Amendments ,
Recordkeeping Requirements ,
Regulation S-P ,
Securities and Exchange Commission (SEC)
Last week the Illinois Supreme Court issued its long awaited opinion in the Cothron v. White Castle System, Inc. In Cothron, the Seventh Circuit Court of Appeals had certified a question of Illinois law to the Illinois...more