In May, the National Institute of Standards and Technology (NIST) issued updated recommendations for security controls for controlled unclassified information (CUI) that is processed, stored or transmitted by nonfederal...more
Last week, the Securities and Exchange Commission imposed expanded privacy and cybersecurity obligations on fund managers and sponsors registered with the SEC as investment advisers. While many registered investment advisers...more
5/21/2024
/ Breach Notification Rule ,
Customer Information ,
Cybersecurity ,
Fund Managers ,
Incident Response Plans ,
Investment Adviser ,
Notice Requirements ,
Policies and Procedures ,
Privacy Laws ,
Private Funds ,
Recordkeeping Requirements ,
Regulation S-P ,
Securities and Exchange Commission (SEC) ,
Sponsors
On May 15, 2024, the Senate AI Working Group—Senate Majority Leader Chuck Schumer (D-NY) and Sens. Mike Rounds (R-SD), Todd Young (R-IN), and Martin Heinrich (D-NM)—issued their long-anticipated Roadmap for Artificial...more
5/17/2024
/ Artificial Intelligence ,
Cybersecurity ,
Data Privacy ,
Financial Services Industry ,
Fraud ,
General Elections ,
Healthcare ,
Innovation ,
Intellectual Property Protection ,
Investment ,
Machine Learning ,
National Security ,
NIST ,
Policies and Procedures ,
Proposed Legislation ,
Research and Development ,
Risk Mitigation
On April 4, 2024, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) officially published its Notice of Proposed Rulemaking (NPRM) detailing significant new cybersecurity...more
4/24/2024
/ Critical Infrastructure Sectors ,
Cyber Threats ,
Cybersecurity ,
Data Security ,
Department of Defense (DOD) ,
Department of Homeland Security (DHS) ,
Enforcement ,
Extortion ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Incident Response Plans ,
Notice of Proposed Rulemaking (NOPR) ,
Ransomware ,
Reporting Requirements
Welcome to the March edition of Akin Intelligence. This month, the EU AI Act was approved by the European Parliament, moving one step closer to becoming the first major AI law. In the U.S., the DOJ brought criminal charges...more
4/10/2024
/ Artificial Intelligence ,
Biden Administration ,
Commercial Litigation ,
Copyright ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Data Security ,
EU ,
Executive Orders ,
Healthcare ,
Innovative Technology ,
Intellectual Property Protection ,
Legislative Agendas ,
Life Sciences ,
Machine Learning ,
National Security ,
Regulatory Agenda ,
Regulatory Reform ,
Regulatory Requirements ,
State and Local Government ,
Technology Sector ,
UK
On March 12, 2024, the Department of Defense (DoD) finalized a rule to open its Defense Industrial Base (DIB) Cybersecurity (CS) Program to all defense contractors who own or operate an unclassified information system that...more
On November 1, 2023, the New York Department of Financial Services (NYDFS) announced the adoption of amendments to its Cybersecurity Regulation 23 NYCRR Part 500 (“Amended Cybersecurity Rules” or “Amended Rules”). NYDFS...more
12/20/2023
/ Banks ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Information Technology ,
NYDFS ,
Popular ,
Ransomware ,
Regulatory Requirements ,
Risk Management
On December 4, the Department of Defense Office of Inspector General (DoD OIG) issued a “special” Audit Report (the Report) that provides insight into common cybersecurity weaknesses related to the protection of Controlled...more
On October 30, 2023, the Biden administration released a far-reaching executive order (EO) on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI). The EO issues directives related to the use...more
12/4/2023
/ Artificial Intelligence ,
Biden Administration ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Security ,
Executive Orders ,
Legislative Agendas ,
Machine Learning ,
National Security ,
New Legislation ,
NIST ,
Personal Information ,
Popular ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Reform ,
Regulatory Requirements ,
Risk Management ,
Technology Sector
Key Takeaways -
With the SolarWinds enforcement action, the SEC continues to ratchet up its enforcement against companies that fail to properly disclose their cybersecurity incidents and risks. By naming the SolarWinds CISO...more
11/22/2023
/ Chief Information Security Officer (CISO) ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement Actions ,
Fraud ,
Incident Response Plans ,
Popular ,
Risk Assessment ,
Securities and Exchange Commission (SEC) ,
SolarWinds
Two years after the Department of Justice (DOJ) established its Civil-Cyber Fraud Initiative, there has been a recent uptick in enforcement and regulatory activity related to cybersecurity. September opened with the unsealing...more
11/3/2023
/ Cyber Threats ,
Cybersecurity ,
Data Breach ,
Department of Defense (DOD) ,
Department of Justice (DOJ) ,
Enforcement Actions ,
False Claims Act (FCA) ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Fraud ,
General Services Administration (GSA) ,
Proposed Rules ,
Reporting Requirements ,
Settlement ,
Verizon ,
Whistleblowers
Welcome to the October edition of Akin Intelligence. We continue to see bipartisan and international interest in artificial intelligence (AI) regulation. In the executive branch, agencies are working towards developing...more
10/19/2023
/ Artificial Intelligence ,
Biden Administration ,
Copyright ,
Copyright Office ,
Cybersecurity ,
Executive Orders ,
Federal Trade Commission (FTC) ,
Healthcare ,
Intellectual Property Protection ,
ISOs ,
Machine Learning ,
National Security ,
National Security Agency (NSA) ,
New Regulations ,
NIST ,
OMB ,
SAG ,
Screenwriters ,
Shareholders ,
USPTO ,
Writers
Welcome to the September edition of Akin Intelligence. As the U.S. Congress reconvenes after the August recess, we continue to see bipartisan interest in artificial intelligence (AI) regulation. In the executive branch,...more
9/18/2023
/ Age Discrimination ,
Artificial Intelligence ,
Biden Administration ,
China ,
Class Action ,
Consumer Financial Protection Bureau (CFPB) ,
Copyright ,
Copyright Office ,
Cybersecurity ,
Deep Fake ,
Department of Defense (DOD) ,
EU ,
Executive Orders ,
Fair Credit Reporting Act (FCRA) ,
Federal Election Commission (FEC) ,
Foreign Investment ,
Healthcare ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Jurisdiction ,
NDAA ,
Outbound Transactions ,
Preliminary Injunctions ,
Rulemaking Process ,
Securities and Exchange Commission (SEC) ,
Thought Leadership ,
UK ,
USPTO
On August 7, 2023, the Commissioner of Data Protection of the Dubai International Financial Centre (the DIFC), a financial free-zone in the United Arab Emirates, issued the first adequacy decision regarding the California...more
8/18/2023
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Dubai ,
Information Governance ,
International Data Transfers ,
Personal Data ,
United Arab Emirates (UAE)
Welcome back to Akin Intelligence: Hot AI Summer Edition! This month’s newsletter reflects the ongoing and increasing global activity around artificial intelligence (AI), including more proposed AI legislation and court...more
8/15/2023
/ Artificial Intelligence ,
Consumer Protection Laws ,
Cybersecurity ,
Federal Trade Commission (FTC) ,
Innovative Technology ,
Legislative Agendas ,
Machine Learning ,
NIST ,
Proposed Legislation ,
Regulatory Agenda ,
Working Groups
On May 11, 2023, Tennessee joined the rapidly growing ranks of U.S. states to enact a comprehensive data privacy law as Gov. Bill Lee (R-TN) signed the Tennessee Information Protection Act (TIPA) into law. Taking effect July...more
On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) adopted final rules that generally require public companies to disclose (i) material cybersecurity incidents within four business days after determining the...more
In a policy statement released on May 18, 2023, the Federal Trade Commission (FTC) warned of several consumer data privacy risks related to the increasing commercial use of biometrics technologies. The Commission unanimously...more
On June 18, 2023, Texas enacted the Texas Data Privacy and Security Act (TDPSA), joining the rapidly growing list of U.S. states with comprehensive data privacy laws.1 The statute will take effect on July 1, 2024, except for...more
As state-level data protection legislation steadily expands, one of the country’s early comprehensive privacy laws to be enacted, the Connecticut Data Privacy Act (CTDPA), will take effect on July 1, 2023. The CTDPA imposes...more
Key Points -
The FCC has launched a new “Privacy and Data Protection” Task Force to coordinate rulemaking and enforcement across the agency.
Chairwoman Rosenworcel called on her fellow Commissioners to finalize...more
On 8 June 2023, the UK Prime Minister and the US President jointly announced a commitment to a renewed partnership between the countries, and a framework for economic and diplomatic co-operation (the “Atlantic Declaration”1)....more
On May 25, 2023, the New York Department of Financial Services (NYDFS) announced that OneMain Financial Group (OneMain) will pay a $4.25 million fine pursuant to a consent order to settle alleged violations of NYDFS’s...more
On May 4, 2023, an Idaho federal judge ruled that the Federal Trade Commission (FTC) needs stronger assertions of consumer harm in order for its data privacy suit against data broker/mobile analytics provider Kochava Inc....more
On April 27, 2023, Washington Governor Jay Inslee signed the My Health My Data Act (the “Act”) into law, establishing new limits on the collection, use and sharing of “consumer health data” and creating numerous compliance...more