On March 8, 2024, the California Privacy Protection Agency Board discussed and voted 3-2 in favor of further edits to revised draft regulations regarding risk assessments and automated decisionmaking technology, which were released in February 2024, but did not initiate the formal rulemaking process for these regulations, which is anticipated to begin in July 2024.
Continue Reading CPPA Board Holds Meeting on Revised Draft Regulations for Risk Assessment and Automated Decisionmaking Technology
Information Security
FCC Updated Data Breach Notification Rules Go into Effect Despite Challenges
On March 13, 2024, the Federal Communications Commission’s updates to the FCC data breach notification rules went into effect.
Continue Reading FCC Updated Data Breach Notification Rules Go into Effect Despite Challenges
European Parliament Approves the AI Act
On March 13, 2024, the European Parliament adopted the AI Act by a majority of 523 votes in favor, 461 votes against, and 49 abstentions. The AI Act will introduce comprehensive rules to govern the use of AI in the EU.
Continue Reading European Parliament Approves the AI Act
FTC Chair Asserts Certain Sensitive Data Should Be Excluded from Training AI Models
As reported by Bloomberg Law, on February 27, 2024, at RemedyFest, a conference hosted by Bloomberg Beta and Y Combinator, Federal Trade Commission Chair Lina Khan said that sensitive personal data that is linked to health, geolocation and web browsing history should be excluded from training artificial intelligence models.
Continue Reading FTC Chair Asserts Certain Sensitive Data Should Be Excluded from Training AI Models
DOJ Regulations and White House Executive Order Will Target Protections for Americans’ Sensitive Personal Data Against Foreign Threat Actors
President Biden recently released an Executive Order “addressing the extraordinary and unusual national security threat posed by the continued effort of certain countries of concern to access Americans’ bulk sensitive personal data and certain U.S. Government-related data.”…
Continue Reading DOJ Regulations and White House Executive Order Will Target Protections for Americans’ Sensitive Personal Data Against Foreign Threat Actors
NIST Releases Cybersecurity Framework 2.0
On February 26, 2024, the National Institute of Standards and Technology (“NIST”) announced the release of Version 2.0 of its voluntary Cybersecurity Framework (“CSF”).
The first iteration of the CSF was released in 2014 as a result of an Executive Order, to help organizations understand, manage, and reduce their cybersecurity risks. The original CSF was developed for organizations in the critical infrastructure sector, such as hospitals and power plants, but has since been voluntarily implemented across various sectors and industries, including throughout schools and local governments.Continue Reading NIST Releases Cybersecurity Framework 2.0
UK ICO Issues Enforcement Notice and Warning to UK Home Office
On March 1, 2024, the UK Information Commissioner’s Office announced that it had issued an enforcement notice and a warning to the UK Home Office for failing to sufficiently assess the privacy risks posed by the electronic monitoring of people arriving in the UK via unauthorized means.
Continue Reading UK ICO Issues Enforcement Notice and Warning to UK Home Office
HHS Targets Small Behavioral Health Clinic for HIPAA Violations Following Ransomware Investigation
On February 21, 2024, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement and corrective action plan with Green Ridge Behavioral Health LLC. This marks the second such settlement with a HIPAA-regulated entity for violations that were discovered following a ransomware attack, according to HHS. …
Continue Reading HHS Targets Small Behavioral Health Clinic for HIPAA Violations Following Ransomware Investigation
CIPL Publishes The Zero Risk Fallacy Paper
On February 20, 2024, The Centre for Information Policy Leadership at Hunton Andrews Kurth LLP and Theodore Christakis, Professor of International, European and Digital Law at University Grenoble Alpes, released a comprehensive study titled The “Zero Risk” Fallacy: International Data Transfers, Foreign Governments’ Access to Data and the Need for a Risk-Based Approach.
Continue Reading CIPL Publishes The Zero Risk Fallacy Paper
FTC Proposes Measures to Combat AI Impersonation Threats
The Federal Trade Commission recently announced a public comment period for a supplemental Notice of Proposed Rulemaking that would ban the impersonation of individuals through the use of AI technologies.
Continue Reading FTC Proposes Measures to Combat AI Impersonation Threats