In October 2024, the Department of Labor released its principles and best practices for developers and employers using AI (pdf), aiming to provide employers with guidelines to promote workplace augmentation through the use of...more
The federal Cybersecurity and Infrastructure Security Agency (CISA) released a draft of its proposed rule detailing how covered entities operating in critical infrastructure sectors report cyberattacks and ransomware payments...more
3/28/2024
/ Biden Administration ,
Comment Period ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Preservation ,
Data Privacy ,
New Legislation ,
New Rules ,
Popular ,
Proposed Rules ,
Public Comment ,
Reporting Requirements
The U.S. Department of Defense (DoD) released a proposed rule to implement its Cybersecurity Maturity Model Certification (CMMC) program, which would establish a comprehensive set of cybersecurity requirements applicable to...more
3/1/2024
/ Applications ,
Certifications ,
Contractors ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Privacy ,
Department of Defense (DOD) ,
Federal Contractors ,
Popular ,
Privacy Laws ,
Proposed Rules ,
Regulatory Requirements ,
Small Business ,
Subcontractors
CISA’s Incident Response Guide outlines ways in which WWS owners and operators can engage with federal agencies to prepare for, mitigate, and respond to cyber incidents, including best practices for incident response and...more
2/7/2024
/ Best Practices ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Homeland Security (DHS) ,
Energy Sector ,
Environmental Protection Agency (EPA) ,
FBI ,
Incident Response Plans ,
Waste Treatment Facilities ,
Wastewater ,
Water
Generally, biometric privacy laws seek to protect the unique attributes of human beings that could be leveraged to access sensitive information about them, such as fingerprints and the measurements utilized for facial...more
January 1, 2023, is now a more ominous deadline in the data privacy compliance world. Privacy professionals have been watching California’s 2022 legislative session to see whether California Consumer Privacy Act (CCPA)...more
9/14/2022
/ B2B Organizations ,
California ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Privacy ,
Data-Sharing ,
Employees ,
Employer Liability Issues ,
Enforcement Actions ,
Exemptions ,
Regulatory Agenda ,
State Privacy Laws
In an opinion released on March 10, 2022, California Attorney General Rob Bonta addressed the applicability of the “right to know” under the California Consumer Privacy Act (CCPA) (pdf) to internal inferences that...more
4/18/2022
/ Algorithms ,
California Consumer Privacy Act (CCPA) ,
Data Breach Plans ,
Data Collection ,
Data Privacy ,
Disclosure Requirements ,
Inference ,
Personal Information ,
Privacy Notice Rule ,
Proprietary Information ,
Record Retention ,
Right To Know ,
Security Controls
This month, the Securities and Exchange Commission (SEC) proposed new cybersecurity disclosure rules for publicly traded companies. The comment period is ongoing, but the take-away for public companies is immediate: a public...more
In a growing trend, states around the nation are passing or considering their own data privacy laws. The Colorado Privacy Act (CPA, or “the Act”) will make Colorado the third state to pass major data privacy legislation. ...more
Rarely do Virginia and California fall into the same camp on legislation, but that may change with Virginia’s Consumer Data Privacy Act (the “Act”). The Virginia House of Delegates overwhelmingly passed the Act on January...more
2/11/2021
/ Cybersecurity ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Protection ,
Legislative Agendas ,
Pending Legislation ,
Personal Data ,
Popular ,
Regulatory Agenda ,
State and Local Government ,
State Data Privacy Laws