In October 2024, the Department of Labor released its principles and best practices for developers and employers using AI (pdf), aiming to provide employers with guidelines to promote workplace augmentation through the use of...more
Virginia, a leader in technology and privacy related regulations, is methodically examining artificial intelligence legislation. In particular, significant legislation establishing a regulatory framework for high-risk...more
12/19/2024
/ Artificial Intelligence ,
Disclosure Requirements ,
Legislative Agendas ,
Machine Learning ,
New Legislation ,
Proposed Legislation ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
Technology Sector ,
Transparency ,
Virginia
The Time Is Now for Defense Contractors To Get Compliant.
If you work for a defense contractor or subcontractor responsible for handling controlled unclassified information (CUI) and/or federal contract information...more
The United States Department of Defense (DoD) took another big step on the path to instituting its highly anticipated Cybersecurity Maturity Model Certification 2.0 program (CMMC 2.0). Once finalized, CMMC 2.0 will establish...more
8/21/2024
/ Certification Requirements ,
Comment Period ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Contracts ,
Defense Sector ,
Department of Defense (DOD) ,
DFARS ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Proposed Rules ,
Subcontractors
The United States Department of Defense (“DoD”) recently published its Defense Industrial Base Cybersecurity Strategy 2024. For context, the DIB is comprised of more than 100,000 domestic and foreign companies or...more
4/15/2024
/ Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Sector ,
Department of Defense (DOD) ,
DFARS ,
Environmental Social & Governance (ESG) ,
Information Technology ,
NIST ,
Risk Assessment ,
Sensitive Personal Information ,
Software
The federal Cybersecurity and Infrastructure Security Agency (CISA) released a draft of its proposed rule detailing how covered entities operating in critical infrastructure sectors report cyberattacks and ransomware payments...more
3/28/2024
/ Biden Administration ,
Comment Period ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Preservation ,
Data Privacy ,
New Legislation ,
New Rules ,
Popular ,
Proposed Rules ,
Public Comment ,
Reporting Requirements
On March 13, 2024, the European Union’s parliament formally approved the EU AI Act (pdf), making it the world’s first major set of regulatory ground rules to govern generative artificial intelligence (AI) technology. The EU...more
3/14/2024
/ Artificial Intelligence ,
Biometric Information ,
Disclosure Requirements ,
Endorsements ,
Enforcement ,
EU ,
Facial Recognition Technology ,
General Data Protection Regulation (GDPR) ,
Governance Standards ,
Noncompliance ,
Penalties ,
Safeguards Rule ,
Transparency
The U.S. Department of Defense (DoD) released a proposed rule to implement its Cybersecurity Maturity Model Certification (CMMC) program, which would establish a comprehensive set of cybersecurity requirements applicable to...more
3/1/2024
/ Applications ,
Certifications ,
Contractors ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Privacy ,
Department of Defense (DOD) ,
Federal Contractors ,
Popular ,
Privacy Laws ,
Proposed Rules ,
Regulatory Requirements ,
Small Business ,
Subcontractors
For businesses subject to California Consumer Privacy Act (CCPA), privacy compliance just became urgent. A California appellate court agreed on February 9, 2024, with the California Privacy Protection Agency (CPPA) that there...more
2/15/2024
/ Audits ,
Automated Decision Systems (ADS) ,
California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
New Regulations ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Assessment ,
State Privacy Laws ,
Technology Sector
CISA’s Incident Response Guide outlines ways in which WWS owners and operators can engage with federal agencies to prepare for, mitigate, and respond to cyber incidents, including best practices for incident response and...more
2/7/2024
/ Best Practices ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Homeland Security (DHS) ,
Energy Sector ,
Environmental Protection Agency (EPA) ,
FBI ,
Incident Response Plans ,
Waste Treatment Facilities ,
Wastewater ,
Water
The updated data breach notification rules broaden the definition of what is considered a breach and expand the scope of who must be notified when a data breach occurs.
The Federal Communications Commission (FCC or...more
Publicly traded companies have tangled with the question of when a cybersecurity incident should be disclosed to the public and investors. In a bid to add clarity to the topic, the U.S. Securities and Exchange Commission...more
10/17/2023
/ Corporate Governance ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Publicly-Traded Companies ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
Generally, biometric privacy laws seek to protect the unique attributes of human beings that could be leveraged to access sensitive information about them, such as fingerprints and the measurements utilized for facial...more
January 1, 2023, is now a more ominous deadline in the data privacy compliance world. Privacy professionals have been watching California’s 2022 legislative session to see whether California Consumer Privacy Act (CCPA)...more
9/14/2022
/ B2B Organizations ,
California ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Privacy ,
Data-Sharing ,
Employees ,
Employer Liability Issues ,
Enforcement Actions ,
Exemptions ,
Regulatory Agenda ,
State Privacy Laws
In an opinion released on March 10, 2022, California Attorney General Rob Bonta addressed the applicability of the “right to know” under the California Consumer Privacy Act (CCPA) (pdf) to internal inferences that...more
4/18/2022
/ Algorithms ,
California Consumer Privacy Act (CCPA) ,
Data Breach Plans ,
Data Collection ,
Data Privacy ,
Disclosure Requirements ,
Inference ,
Personal Information ,
Privacy Notice Rule ,
Proprietary Information ,
Record Retention ,
Right To Know ,
Security Controls
This month, the Securities and Exchange Commission (SEC) proposed new cybersecurity disclosure rules for publicly traded companies. The comment period is ongoing, but the take-away for public companies is immediate: a public...more
President Joe Biden recently signed into law the Cyber Incident Reporting For Critical Infrastructure Act of 2022. This new law updates the Federal Information Security Modernization Act (FISMA)...more
Supreme Court of Virginia Declines Certified Questions from Federal Court in In re: Capital One Consumer Data Security Breach Litigation -
The lawsuit In re: Capital One Consumer Data Security Breach Litigation, has already...more
11/30/2021
/ Capital One ,
Contract Claims ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Economic Loss Doctrine ,
Negligence ,
Personal Information ,
Popular ,
Security Breach ,
VA Supreme Court
In a growing trend, states around the nation are passing or considering their own data privacy laws. The Colorado Privacy Act (CPA, or “the Act”) will make Colorado the third state to pass major data privacy legislation. ...more
Even as the world slowed in 2020, threat actors picked up their pace and used work-from-home infrastructure to spread malicious attacks. These bad actors also exploited trusted software vendors from Solar Winds to Microsoft,...more
Elizabeth Burgin Waller Principal John Pilch Cybersecurity/Privacy Analyst The Virginia Consumer Data Protection Act (CDPA, or “the Act”) makes Virginia the second state in the nation to have sweeping data privacy...more
3/3/2021
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Information Governance ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
State and Local Government
Rarely do Virginia and California fall into the same camp on legislation, but that may change with Virginia’s Consumer Data Privacy Act (the “Act”). The Virginia House of Delegates overwhelmingly passed the Act on January...more
2/11/2021
/ Cybersecurity ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Protection ,
Legislative Agendas ,
Pending Legislation ,
Personal Data ,
Popular ,
Regulatory Agenda ,
State and Local Government ,
State Data Privacy Laws