On March 27, 2024, the National Telecommunications and Information Administration (“NTIA”) issued its AI Accountability Report, and, on March 28, 2024, the White House announced the Office of Budget and Management’s (“OMB’s”) government-wide policy on AI risk management.
Continue Reading White House Executive Order on AI Rulemaking Efforts Advances as NTIA and White House OMB Issue Reports and Guidance

On March 26, 2024, the CNIL published the 2024 edition of its Practice Guide for the Security of Personal Data, which is intended to support organizations in their efforts to implement adequate security measures in compliance with their security obligations under the GDPR.
Continue Reading CNIL Publishes Latest Edition of Its Practice Guide for the Security of Personal Data

On March 14, 2024, the U.S. Department of the Treasury’s Office of Foreign Assets Control announced a settlement with EFG International AG regarding violations of OFAC rules alleged to have occurred as a result of the firm’s buying, selling and holding U.S. securities on behalf of persons sanctioned by OFAC. This blog entry provides a link to a client alert on this topic.
Continue Reading OFAC Settlement Illustrates Sanctions Compliance Risks for Foreign Asset Managers Trading U.S. Securities

On March 22, 2024, the Cyberspace Administration of China issued the Provisions on Facilitation and Regulation of Cross-Border Data Flows, which were effective the same day. The CAC also held a press conference to introduce and explain the Provisions. This blog entry provides a summary of the Provisions.
Continue Reading New Era of Regulation for Cross-Border Transfers in China

On March 14, 2024, Bloomberg Law reported that the Federal Communications Commission adopted rules creating a voluntary cybersecurity labeling program for wireless consumer Internet of Things (“IoT”) products, as well as a further notice of proposed rulemaking that seeks comments addressing additional disclosure requirements for program participants with respect to national security.Continue Reading FCC Launches Cybersecurity IoT Labeling Program

Last week, Utah Governor Spencer J. Cox signed three privacy-related bills into law. The bills are focused on, respectively, protection of motor vehicle consumer data, regulations on social media companies with respect to minors, and access to protected health information by third parties.
Continue Reading Utah Governor Signs Spate of Privacy Bills into Law

On March 8, 2024, the California Privacy Protection Agency Board discussed and voted 3-2 in favor of further edits to revised draft regulations regarding risk assessments and automated decisionmaking technology, which were released in February 2024, but did not initiate the formal rulemaking process for these regulations, which is anticipated to begin in July 2024.
Continue Reading CPPA Board Holds Meeting on Revised Draft Regulations for Risk Assessment and Automated Decisionmaking Technology