Data Dive
Written and curated by a multidisciplinary group of attorneys, Data Dive delivers key insights on cybersecurity, privacy and other data-related topics impacting organizations across the globe.
Search Results
Data Dive
On July 30, 2024, the Senate passed the Kids Online Safety and Privacy Act (S. 2073) via an overwhelmingly bipartisan vote of 91-3 shortly before departing for the August recess.
Data Dive
The development of artificial intelligence (AI) and particularly Generative Artificial Intelligence (GenAI) has exploded in recent years, prompting government officials including the Biden administration to call for studies and recommendations that will likely lead to regulation on both the federal and state levels. With 35 out of 50 of the world’s leading AI tech companies based in California, the state’s Governor Gavin Newsom has stepped into the GenAI arena by issuing a September 6, 2023 executive order (EO) outlining steps to “foster[] a safe and responsible innovation ecosystem.”
Data Dive
This post summarizes the final rules recently adopted by the SEC generally requiring public companies to disclose material cybersecurity incidents and information. We discuss the key takeaways for affected companies and offer recommendations on how to prepare for the new requirements.
Read More
Data Dive
As of January 9, 2023, the comment period has closed for sweeping new regulations by the New York Department of Financial Services (NYDFS). Published on November 9, 2022, the new proposed amendments to the NYDFS Part 500 Cybersecurity Rules (the “Proposed Amendments”) include significant new obligations for covered companies’ cybersecurity programs and reflect pre-proposal comments from both consumers and businesses.
Data Dive
On August 24, 2022, California Attorney General Rob Bonta (AG) announced a proposed settlement with beauty retailer Sephora USA, Inc. to resolve claims that Sephora violated the California Consumer Privacy Act (CCPA). Under the settlement, Sephora must pay $1.2 million and commit to comply with the CCPA and relevant provisions of the California Privacy Rights Act (CPRA) when they become operative on January 1, 2023. This is the first public enforcement action by the AG under the CCPA.
Data Dive
The UK government is clearly keen to attract artificial intelligence (AI) developers to the UK by promising a regulatory environment that will nurture development and innovation. In its recently published Policy Paper, the UK government presented early proposals for what the UK’s regulatory framework in respect of AI might look like (the “Framework”). This follows the National Artificial Intelligence Strategy, which was published in September 2021 and specified AI regulation as a priority for the UK government. Whilst these early proposals are very high level, we set out the key points of interest in this post.
Data Dive
On Tuesday, the Department of Justice (DOJ) released its Comprehensive Cyber Review report (the “Review”) summarizing its review of the Department’s cyber-related activities and its recommendations around the Department’s “offensive” (i.e., cyber threat investigations and enforcement) and “defensive” (i.e., Department system protections) cyber capabilities. One element of the Review addressed federal contractor and vendor cybersecurity, and noted that “many of the cybersecurity provisions and standards set forth for federal contractors were found to be insufficiently rigorous,” and that the Department has offered to assist the Federal Acquisition Regulatory Council in updating cybersecurity contract terms, which is an effort that is underway pursuant to E.O. 14028.
Data Dive
The European Parliament has reached agreement on the text of the Digital Services Act (DSA). The DSA is new legislation that will require certain providers of online services to comply with new obligations in order to ensure online safety and to prevent the spread of illegal content. The practical effects of the legislation will likely include increased compliance costs for businesses, possible organisational/personnel changes at a compliance level and increased accountability to relevant authorities.