On October 30, 2023, U.S. President Biden issued an Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence. It marks the Biden Administration’s most comprehensive action on artificial intelligence policy, building upon the Administration’s Blueprint for an AI Bill of Rights (issued in October 2022) and its announcement (in July 2023) of securing voluntary commitments from 15 leading AI companies to manage AI risks.
Continue Reading Biden AI Order Enables Agencies to Address Key Risks
National Institute of Standards and Technology
Texas Senate Passes Texas Data Privacy and Security Act
On May 10, 2023, the Texas Senate passed H.B. 4, also known as the Texas Data Privacy and Security Act. …
Continue Reading Texas Senate Passes Texas Data Privacy and Security Act
Tennessee Privacy Law Recognizes CBPR and PRP Certifications
On April 21, 2023, the Tennessee legislature voted to enact the Tennessee Information Privacy Act (H.B. 1181). …
Continue Reading Tennessee Privacy Law Recognizes CBPR and PRP Certifications
Montana and Tennessee Could Become Eighth and Ninth States to Enact Comprehensive Consumer Privacy Bills
On April 21, 2023, the Montana and Tennessee legislatures voted to enact comprehensive consumer privacy bills in their respective states. If signed by their governors, Montana’s Consumer Data Privacy Act (S.B. 384) and Tennessee’s Information Protection Act (H.B. 1181) could make these states the eighth and ninth U.S. states to enact comprehensive privacy legislation. …
Continue Reading Montana and Tennessee Could Become Eighth and Ninth States to Enact Comprehensive Consumer Privacy Bills
NIST Releases New Framework for Managing AI and Promoting Trustworthy and Responsible Use and Development
On January 26, 2023, the National Institute of Standards and Technology released the Artificial Intelligence Risk Management Framework, which provides a set of guidelines for organizations that design, develop, deploy or use AI to manage its many risks and promote trustworthy and responsible use and development of AI systems.
Continue Reading NIST Releases New Framework for Managing AI and Promoting Trustworthy and Responsible Use and Development
NHTSA Publishes Final Cybersecurity Best Practices
On September 9, 2022, the National Highway Traffic Safety Administration announced its publication of final Cybersecurity Best Practices for the Safety of Modern Vehicles. …
Continue Reading NHTSA Publishes Final Cybersecurity Best Practices
New California Legislation Adds to Existing Smart Device Labeling Requirements
On September 6, 2022, the California legislature presented Assembly Bill 2392 to Governor Gavin Newsom. AB-2392, which has not yet been signed by Governor Newsom, would allow Internet-connected device manufacturers to satisfy existing device labeling requirements by complying with National Institute of Standards and Technology standards for consumer Internet of Things products.
Continue Reading New California Legislation Adds to Existing Smart Device Labeling Requirements
NIST Publishes New Draft Guidance on HIPAA Security Rule
On July 21, 2022, the National Institute of Standards and Technology released an updated draft of its HIPAA Security Rule guidance. …
Continue Reading NIST Publishes New Draft Guidance on HIPAA Security Rule
DHS Issues Cybersecurity Guidance for Critical Infrastructure Firms
On September 22, 2021, Secretary of Homeland Security Alejandro N. Mayorkas and Secretary of Commerce Gina Raimondo released a joint statement on the Department of Homeland Security’s issuance of preliminary Critical Infrastructure Control Systems Cybersecurity Performance Goals and Objectives. The Preliminary Goals identify nine overarching control system cybersecurity performance goals, each containing specific objectives to support the deployment and operation of secure control systems.
Continue Reading DHS Issues Cybersecurity Guidance for Critical Infrastructure Firms
UPDATE: New Connecticut Breach Notification Requirements and Cybersecurity Safe Harbor Are Now in Effect
On October 1, 2021, Connecticut’s two new data security laws went into effect. The new laws modify Connecticut’s existing breach notification requirements and establish a safe harbor for businesses that create and maintain a written cybersecurity program.
Continue Reading UPDATE: New Connecticut Breach Notification Requirements and Cybersecurity Safe Harbor Are Now in Effect