National Institute of Standards and Technology

On February 26, 2024, the National Institute of Standards and Technology (“NIST”) announced the release of Version 2.0 of its voluntary Cybersecurity Framework (“CSF”).

The first iteration of the CSF was released in 2014 as a result of an Executive Order, to help organizations understand, manage, and reduce their cybersecurity risks. The original CSF was developed for organizations in the critical infrastructure sector, such as hospitals and power plants, but has since been voluntarily implemented across various sectors and industries, including throughout schools and local governments.Continue Reading NIST Releases Cybersecurity Framework 2.0

On February 16, 2024, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) and the National Institute of Standards and Technology (“NIST”) published a final version of Special Publication 800-66 Revision 2, “Implementing the Health Insurance Portability and Accountability Act (“HIPAA”) Security Rule: A Cybersecurity Resource Guide.” The publication features guidance

On October 30, 2023, U.S. President Biden issued an Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence. It marks the Biden Administration’s most comprehensive action on artificial intelligence policy, building upon the Administration’s Blueprint for an AI Bill of Rights (issued in October 2022) and its announcement (in July 2023) of securing voluntary commitments from 15 leading AI companies to manage AI risks.
Continue Reading Biden AI Order Enables Agencies to Address Key Risks

On April 21, 2023, the Montana and Tennessee legislatures voted to enact comprehensive consumer privacy bills in their respective states. If signed by their governors, Montana’s Consumer Data Privacy Act (S.B. 384) and Tennessee’s Information Protection Act (H.B. 1181) could make these states the eighth and ninth U.S. states to enact comprehensive privacy legislation.
Continue Reading Montana and Tennessee Could Become Eighth and Ninth States to Enact Comprehensive Consumer Privacy Bills

On January 26, 2023, the National Institute of Standards and Technology released the Artificial Intelligence Risk Management Framework, which provides a set of guidelines for organizations that design, develop, deploy or use AI to manage its many risks and promote trustworthy and responsible use and development of AI systems.
Continue Reading NIST Releases New Framework for Managing AI and Promoting Trustworthy and Responsible Use and Development

On September 6, 2022, the California legislature presented Assembly Bill 2392 to Governor Gavin Newsom. AB-2392, which has not yet been signed by Governor Newsom, would allow Internet-connected device manufacturers to satisfy existing device labeling requirements by complying with National Institute of Standards and Technology standards for consumer Internet of Things products.
Continue Reading New California Legislation Adds to Existing Smart Device Labeling Requirements