Public companies now must disclose certain information regarding material cybersecurity incidents and the company’s cybersecurity risk management, strategy, and governance, under a Final Rule adopted by the Securities and Exchange Commission (SEC) on July 26, 2023.
The Final Rule ...
By voting to adopt the latest version of the AI Act, EU lawmakers have ratified strict regulations governing how companies may use the most recent advances in generative artificial intelligence (AI) models. Considered stricter than the United States’ and the United Kingdom’s AI regulations, the latest version of the EU’s AI Act also widens the purview of the restrictions it imposes on “high-risk AI systems” described in Title III of the proposed Act.
On May 17, 2023, Montana became the first state to fully ban TikTok with Senate Bill 419. Effective January 1, 2024, TikTok will be prohibited from operating within the state. The law cites concerns about users’ privacy, national security concerns due to TikTok’s parent company ByteDance’s affiliation with China, and potentially dangerous content impact on minors.
On March 13, 2023, the New Jersey Legislature approved S297/A493 (the “Act”). The Act takes effect immediately and requires that every public agency and government contractor report cybersecurity incidents to the New Jersey Office of Homeland Security and Preparedness ...
Late last year, North Carolina became the first U.S. jurisdiction to prohibit state agencies and local government entities from making a ransom payment or communicating with a threat actor following a ransomware attack.[1] Florida has now followed suit, making it the second state to ...
A bill that would provide companies with an affirmative defense for certain data security incidents has been introduced this term in the New Jersey Legislature. The bill seeks to follow legislation passed in other states - Utah, Ohio and Connecticut – by providing an affirmative defense ...
Connecticut recently enacted two pieces of legislation that alter the landscape for data security incident reporting and notification practices in the state. Below is a synopsis of the changes, which become effective October 1, 2021.
First, the state amended its notification law with ...
A recent decision by the United States Supreme Court provides guidance for determining concrete harm as relates to standing to sue. As a result, complaints that cannot show an imminent injury similar to those traditionally recognized by American courts are expected to be precluded from ...
On May 12, 2021, President Biden signed a lengthy executive order aimed at advancing federal cybersecurity defenses following a tumultuous year of devastating cyberattacks on private and government sector networks. The release of the executive order came after the recent crippling ...
On March 11, 2021, Utah joined Ohio to become one of two states nationally to offer an affirmative defense to lawsuits filed under tort law by individuals affected by a data security incident. Utah’s newly enacted Cybersecurity Affirmative Defense Act provides the incentive of ...