Data Dive
Written and curated by a multidisciplinary group of attorneys, Data Dive delivers key insights on cybersecurity, privacy and other data-related topics impacting organizations across the globe.
Filter by Category
Search Results
Data Dive
On July 30, 2024, the Senate passed the Kids Online Safety and Privacy Act (S. 2073) via an overwhelmingly bipartisan vote of 91-3 shortly before departing
for the August recess.
for the August recess.
Data Dive
The development of artificial intelligence (AI) and particularly Generative Artificial Intelligence (GenAI) has exploded in recent years, prompting government
officials including the Biden administration to call for studies and recommendations that will likely lead to regulation on both the federal and state levels. With
35 out of 50 of the world’s leading AI tech companies based in California, the state’s Governor Gavin Newsom has stepped into the GenAI arena by issuing a
September 6, 2023 executive order (EO) outlining steps to “foster[] a safe and responsible innovation ecosystem.”
officials including the Biden administration to call for studies and recommendations that will likely lead to regulation on both the federal and state levels. With
35 out of 50 of the world’s leading AI tech companies based in California, the state’s Governor Gavin Newsom has stepped into the GenAI arena by issuing a
September 6, 2023 executive order (EO) outlining steps to “foster[] a safe and responsible innovation ecosystem.”
Data Dive
This post summarizes the final rules recently adopted by the SEC generally requiring public companies to disclose material cybersecurity incidents and
information. We discuss the key takeaways for affected companies and offer recommendations on how to prepare for the new requirements.
Read More
information. We discuss the key takeaways for affected companies and offer recommendations on how to prepare for the new requirements.
Read More
Data Dive
As of January 9, 2023, the comment period has closed for sweeping new regulations by the New York Department of Financial Services (NYDFS). Published on
November 9, 2022, the new proposed amendments to the NYDFS Part 500 Cybersecurity Rules (the “Proposed Amendments”) include significant new
obligations for covered companies’ cybersecurity programs and reflect pre-proposal comments from both consumers and businesses.
November 9, 2022, the new proposed amendments to the NYDFS Part 500 Cybersecurity Rules (the “Proposed Amendments”) include significant new
obligations for covered companies’ cybersecurity programs and reflect pre-proposal comments from both consumers and businesses.
Data Dive
On August 24, 2022, California Attorney General Rob Bonta (AG) announced a proposed settlement with beauty retailer Sephora USA, Inc. to resolve claims
that Sephora violated the California Consumer Privacy Act (CCPA). Under the settlement, Sephora must pay $1.2 million and commit to comply with the CCPA
and relevant provisions of the California Privacy Rights Act (CPRA) when they become operative on January 1, 2023. This is the first public enforcement action
by the AG under the CCPA.
that Sephora violated the California Consumer Privacy Act (CCPA). Under the settlement, Sephora must pay $1.2 million and commit to comply with the CCPA
and relevant provisions of the California Privacy Rights Act (CPRA) when they become operative on January 1, 2023. This is the first public enforcement action
by the AG under the CCPA.
Data Dive
The UK government is clearly keen to attract artificial intelligence (AI) developers to the UK by promising a regulatory environment that will nurture
development and innovation. In its recently published Policy Paper, the UK government presented early proposals for what the UK’s regulatory framework in
respect of AI might look like (the “Framework”). This follows the National Artificial Intelligence Strategy, which was published in September 2021 and specified
AI regulation as a priority for the UK government. Whilst these early proposals are very high level, we set out the key points of interest in this post.
development and innovation. In its recently published Policy Paper, the UK government presented early proposals for what the UK’s regulatory framework in
respect of AI might look like (the “Framework”). This follows the National Artificial Intelligence Strategy, which was published in September 2021 and specified
AI regulation as a priority for the UK government. Whilst these early proposals are very high level, we set out the key points of interest in this post.
Data Dive
On Tuesday, the Department of Justice (DOJ) released its Comprehensive Cyber Review report (the “Review”) summarizing its review of the Department’s
cyber-related activities and its recommendations around the Department’s “offensive” (i.e., cyber threat investigations and enforcement) and “defensive”
(i.e., Department system protections) cyber capabilities. One element of the Review addressed federal contractor and vendor cybersecurity, and noted that
“many of the cybersecurity provisions and standards set forth for federal contractors were found to be insufficiently rigorous,” and that the Department has
offered to assist the Federal Acquisition Regulatory Council in updating cybersecurity contract terms, which is an effort that is underway pursuant to E.O.
14028.
cyber-related activities and its recommendations around the Department’s “offensive” (i.e., cyber threat investigations and enforcement) and “defensive”
(i.e., Department system protections) cyber capabilities. One element of the Review addressed federal contractor and vendor cybersecurity, and noted that
“many of the cybersecurity provisions and standards set forth for federal contractors were found to be insufficiently rigorous,” and that the Department has
offered to assist the Federal Acquisition Regulatory Council in updating cybersecurity contract terms, which is an effort that is underway pursuant to E.O.
14028.
Data Dive
The European Parliament has reached agreement on the text of the Digital Services Act (DSA). The DSA is new legislation that will require certain providers of
online services to comply with new obligations in order to ensure online safety and to prevent the spread of illegal content. The practical effects of the
legislation will likely include increased compliance costs for businesses, possible organisational/personnel changes at a compliance level and increased
accountability to relevant authorities.
online services to comply with new obligations in order to ensure online safety and to prevent the spread of illegal content. The practical effects of the
legislation will likely include increased compliance costs for businesses, possible organisational/personnel changes at a compliance level and increased
accountability to relevant authorities.
Data Dive
The countdown has begun for comments on the highly anticipated, new proposed California Privacy Rights Act (CPRA) regulations. The California Privacy
Protection Agency (CPPA) filed a Notice of Proposed Action for the first set of draft regulations governing compliance with the California Consumer Privacy
Act (CCPA), as amended by the CPRA (“CPRA Amendments”), on July 8, 2022. The public will now have 45 days to comment, followed by a public hearing (plus
an additional 15-day comment period if the CPPA proposes material changes as a result of public comments).
Protection Agency (CPPA) filed a Notice of Proposed Action for the first set of draft regulations governing compliance with the California Consumer Privacy
Act (CCPA), as amended by the CPRA (“CPRA Amendments”), on July 8, 2022. The public will now have 45 days to comment, followed by a public hearing (plus
an additional 15-day comment period if the CPPA proposes material changes as a result of public comments).
