On January 26, 2023, the National Institute of Standards and Technology released the Artificial Intelligence Risk Management Framework, which provides a set of guidelines for organizations that design, develop, deploy or use AI to manage its many risks and promote trustworthy and responsible use and development of AI systems.
Continue Reading NIST Releases New Framework for Managing AI and Promoting Trustworthy and Responsible Use and Development
Cybersecurity
2022 Retail Industry Year in Review
On January 25, 2023, Hunton Andrews Kurth’s retail industry team released its annual Retail Industry in Review publication, which provides an overview of key issues and trends that impacted the retail sector in the past year, as well as a preview of relevant legal issues retailers can expect to arise in 2023.
Continue Reading 2022 Retail Industry Year in Review
CPPA Board to Hold Meeting on Status of CPRA Rulemaking
On January 23, 2023, the California Privacy Protection Agency Board announced that it will hold a public meeting on February 3, 2023 regarding the status of the California Privacy Rights Act of 2020 rulemaking process, particularly with respect to the issuance of new draft rules on risk assessments, cybersecurity audits and automated decisionmaking.
Continue Reading CPPA Board to Hold Meeting on Status of CPRA Rulemaking
New Cybersecurity Directives (NIS2 and CER) Enter into Force
On January 16, 2023, the Directive on measures for a high common level of cybersecurity across the Union and the Directive on the resilience of critical entities entered into force.
Continue Reading New Cybersecurity Directives (NIS2 and CER) Enter into Force
Five Guys Hit with BIPA Class Action
On December 20, 2022, a former employee in Illinois, brought a class action suit against Five Guys Enterprises, LLC, alleging that Five Guys violated the Illinois Biometric Information Privacy Act. …
Continue Reading Five Guys Hit with BIPA Class Action
Claimant to Maintain Anonymity in English High Court Cyber Attack Case
On December 20, 2022, the English High Court has granted the victim of a cyber attack a permanent injunction against cyber attackers whilst the victim organization maintains its anonymity.
Continue Reading Claimant to Maintain Anonymity in English High Court Cyber Attack Case
CPPA Board Holds Meeting on Status of CPRA Rulemaking and Other Topics
On December 16, 2022, the California Privacy Protection Agency Board held a public meeting regarding the status of the California Privacy Rights Act of 2020 rulemaking process and other topics, such as the CPPA’s advocacy regarding proposed federal and state privacy legislation. …
Continue Reading CPPA Board Holds Meeting on Status of CPRA Rulemaking and Other Topics
UK Cyber Laws Extended to Bring Outsourcers and Managed Service Providers into Scope to Strengthen UK’s Resilience Against Online Cyber Attacks
On November 30, 2022, the UK government confirmed that the Network and Information Systems Regulations 2018 will be strengthened to protect essential and digital services against cyber attacks.
Continue Reading UK Cyber Laws Extended to Bring Outsourcers and Managed Service Providers into Scope to Strengthen UK’s Resilience Against Online Cyber Attacks
CISA Releases Cross-Sector Cybersecurity Performance Goals
The Cybersecurity and Infrastructure Security Agency recently released the first iteration of the agency’s Cross-Sector Cybersecurity Performance Goals.
Continue Reading CISA Releases Cross-Sector Cybersecurity Performance Goals
NYDFS Amends Cybersecurity Rules for Financial Services Companies
On November 9, 2022, the New York Department of Financial Services released their second amendments to their Part 500 Cybersecurity Rules.
Continue Reading NYDFS Amends Cybersecurity Rules for Financial Services Companies