New privacy class action litigation in Illinois and a number of other states is targeting organizations that use driver’s license and state ID card information to train AI models. Most of the suits cite the Illinois...more
01 Do I need to make money to go public?02 A new M&A playbook in the age of AI03 Cyber enforcement forecast post-SolarWinds decision04 Cyber diligence for IPOs with Kroll’s CISO05 The Download Quiz: Venture capital trends...more
RegFi co-hosts Jerry Buckley and Sherry Safchuk welcome Orrick partner Aravind Swaminathan for a conversation exploring the critical and evolving role of the Chief Information Security Officer in today’s corporate landscape.....more
More than 350 leaders from child protection NGOs, victim advocacy groups, research organisations, technology providers, domestic and international police forces, and advisors convened in London last month to tackle the global...more
The Federal Communications Commission (FCC) has released a declaratory ruling confirming that calls containing AI-generated voices are subject to consent requirements imposed on “artificial or prerecorded voices” under the...more
On December 13, 2023, the Federal Communications Commission (“FCC”) adopted new rules under the Telephone Consumer Protection Act (“TCPA”) that require comparison shopping websites, lead generators, and other companies...more
On November 1, the New York Department of Financial Services (NYDFS) amended its cybersecurity regulations to set additional notification, administrative, training and technical requirements. The Amended Cybersecurity...more
The U.S. Securities and Exchange Commission (SEC) has filed a fraud suit against SolarWinds and its chief information security officer (CISO), alleging they made false statements regarding the company’s security practices and...more
The SEC has finalized rules requiring public companies to disclose information about cybersecurity incidents, risk management, strategy and governance. This guide to help public companies comply with SEC rules covers...more
The SEC has scheduled an open meeting on Wednesday to decide on the adoption of eagerly anticipated cybersecurity incident and governance reporting rules. If the agency adopts rules that align with what it proposed last year,...more
In 2022, the stakes for data breaches grew in more ways than one. IBM reported the average cost of a data breach is up to $4.35 million. More importantly, though, regulators have zeroed in on higher-level executives and...more
Despite a recent Fifth Circuit decision that found the Consumer Financial Protection Bureau’s (“CFPB”) funding structure unconstitutional in a years-long series of attacks to undermine the constitutionality of the agency, the...more
The Federal Trade Commission (FTC) recently announced its position on breach notification: “Regardless of whether a breach notification law applies, a breached entity that fails to disclose information to help parties...more
The Cybersecurity and Infrastructure Security Agency (“CISA”) released a “Sharing Cyber Event Information” Fact Sheet on April 7 that may preview its implementation of the new federal government cyber incident reporting...more
The Department of Justice (DOJ)’s Civil Cyber-Fraud Initiative, less than six months old, just resolved the first case against Comprehensive Health Services (CHS). There are two critical takeaways for all organizations that...more
The SEC has proposed new disclosure rules for public companies regarding cybersecurity incidents and related policies and procedures. We will discuss in a forthcoming post practical considerations and best practices that...more
On February 9, 2022, the Securities and Exchange Commission (SEC) proposed expansive new rules addressing cybersecurity risk management for registered investment advisers (advisers) and investment companies (funds). The...more
As cybersecurity incidents become increasingly complex, your initial response to a potential cybersecurity crisis matters. The decisions that you make in the first 24 to 48 hours of a potential cybersecurity incident can have...more
11/4/2021
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Incident Response Plans ,
Policies and Procedures ,
Popular ,
Risk Management ,
Risk Mitigation
On June 10, 2021, China’s national legislature – the Standing Committee of the National People's Congress passed the Data Security Law (the “DSL”). The DSL (see here for a non-official English translation) took effect on...more
In the wake of a cyber incident, regulators and law enforcement agencies closely scrutinize the cyber security measures in place at the affected organization. ...more
On Monday, April 20th, the Supreme Court accepted cert in Van Burien v. United States to (hopefully) resolve a longstanding circuit split regarding the Computer Fraud and Abuse Act (or CFAA): Does an individual exceed...more
On Tuesday, Washington Governor Jay Inslee signed into law legal restrictions on the use of facial recognition by public agencies (SB 6280), while the Washington Legislature previously reached an impasse on the proposed...more
On January 30, 2020, the U.S. Department of Defense (“DoD”) released Version 1.0 of its Cybersecurity Maturity Model Certification (“CMMC”) framework (CMMC overview here; CMMC Version 1.0 and appendices here). By 2026, DoD...more
3/6/2020
/ Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Contracts ,
Defense Sector ,
Department of Defense (DOD) ,
DFARS ,
Federal Contractors ,
National Security ,
Popular ,
Supply Chain
Earlier this month, Andrew Smith, the FTC’s Director of the Bureau of Consumer Protection, announced that the Commission had made “three major changes” to its data security orders. Citing recent hearings at the FTC, as well...more
While the California Consumer Privacy Act (“CCPA”) has inspired many states to consider their own consumer privacy bills, including Nevada which recently enacted a new law, not to be lost in the CCPA-focused frenzy is the...more