On January 31, 2024, the European Commission (EC) adopted the first of a series of initiatives to harmonize cybersecurity certification across the EU: the European Cybersecurity Scheme on Common Criteria (EUCC).
While EUCC...more
The Federal Communications Commission (FCC) recently approved a voluntary Internet of Things (IoT) Labeling Program, which allows manufacturers of IoT products to earn the FCC’s approval to display a “U.S. Cyber Trust Mark”...more
3/22/2024
/ Cybersecurity ,
Data Security ,
FCC ,
Internet of Things ,
Internet Retailers ,
Labeling ,
NIST ,
Online Marketplace ,
Popular ,
Regulatory Agenda ,
Telecommunications ,
Wireless Technology
On February 28, 2024, President Biden issued Executive Order 14117 (the EO) on “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” that would...more
3/7/2024
/ Biden Administration ,
CFIUS ,
Cybersecurity ,
Data Privacy ,
Department of Justice (DOJ) ,
Executive Orders ,
Legislative Agendas ,
National Security ,
New Legislation ,
Popular ,
Regulatory Requirements ,
Risk Mitigation ,
Security and Privacy Controls ,
Sensitive Personal Information
Last year, the U.S. Securities and Exchange Commission (SEC) proposed ambitious rules relating to artificial intelligence (AI) that have drawn significant commentary and criticism. While it is unlikely that any changes in the...more
2/27/2024
/ Artificial Intelligence ,
Compliance ,
Cybersecurity ,
Data Protection ,
Disclosure Requirements ,
Enforcement Actions ,
Final Rules ,
Machine Learning ,
Policies and Procedures ,
Popular ,
Proposed Rules ,
Regulatory Requirements ,
Securities and Exchange Commission (SEC) ,
Securities Fraud ,
Securities Violations ,
Technology
The oversight obligations of boards continue to expand. Recent enforcement actions and new laws in areas such as cybersecurity, artificial intelligence and supply chains create new challenges for boards, as we explain in this...more
2/19/2024
/ Acquisitions ,
Activist ,
Artificial Intelligence ,
Board of Directors ,
Canada ,
China ,
Competition ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
EU ,
Executive Orders ,
Federal Contractors ,
Financial Services Industry ,
Forced Labor ,
Germany ,
International Labor Laws ,
Life Sciences ,
Machine Learning ,
Manufacturers ,
Mergers ,
NGOs ,
Political Campaigns ,
Political Contributions ,
Political Conventions ,
Publicly-Traded Companies ,
Risk Assessment ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Shareholder Activism ,
Shareholders ,
Technology Sector ,
UK ,
Uyghur Forced Labor Prevention Act (UFLPA)
On January 29, 2024, the Department of Commerce, Bureau of Industry and Security (BIS) released a proposed rule (Proposed Rule) that would require U.S. cloud services providers (a.k.a. Infrastructure as a Service, or IaaS,...more
2/15/2024
/ Artificial Intelligence ,
Bureau of Industry and Security (BIS) ,
Cloud Service Providers (CSPs) ,
Cybersecurity ,
Enforcement ,
IaaS ,
Know Your Customers ,
Machine Learning ,
Popular ,
Proposed Rules ,
Regulatory Requirements ,
Reporting Requirements ,
U.S. Commerce Department
Key Points -
- New SEC rules from 2023 require public companies to report material cybersecurity incidents promptly and detail their cybersecurity risk management strategies in annual reports — requirements that increase...more
On 21 January 2024, a near complete draft version of the proposed text for the EU AI Act was unofficially shared with the public by a European media publication, after which a senior advisor in the European Parliament shared...more
A proposed settlement action filed on December 19, 2023, by the Federal Trade Commission (FTC) against Rite Aid Corp. highlights some of the key issues presented when companies use artificial intelligence (AI) for facial...more
1/8/2024
/ Algorithms ,
Artificial Intelligence ,
Commercial Litigation ,
Customer Privacy ,
Customers ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Privacy Laws ,
Rite Aid ,
Settlement Proposals ,
Technology Sector
AI in 2024: Monitoring New Regulation and Staying in Compliance With Existing Laws Companies that develop or employ AI tools have to consider proposed AI-specific regulation as well as an array of existing IP, privacy,...more
12/22/2023
/ Acquisitions ,
Artificial Intelligence ,
CFIUS ,
China ,
Cybersecurity ,
Data Privacy ,
Energy Sector ,
EU ,
Intellectual Property Litigation ,
Intellectual Property Protection ,
International Litigation ,
Investment ,
IRS ,
Mergers ,
National Security ,
New Hires ,
New Legislation ,
New Regulations ,
Outer Space ,
Private Equity ,
Regulatory Agenda ,
Securities and Exchange Commission (SEC) ,
Taxation ,
Technology Sector ,
Trade Relations ,
Trade Restrictions ,
UK
The U.S. Securities and Exchange Commission (SEC) adopted final rules in 2023 that are intended to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance and incident reporting by...more
12/20/2023
/ Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
FBI ,
Form 8-K ,
Incident Response Plans ,
Popular ,
Publicly-Traded Companies ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)
On October 10, 2023, California Gov. Gavin Newsom signed into law Senate Bill 362, also known as the Delete Act, allowing California residents to have their personal information deleted by all registered data brokers...more
12/15/2023
/ Audits ,
California ,
California Privacy Protection Agency (CPPA) ,
Compliance ,
Data Brokers ,
Data Deletion ,
Disclosure ,
Fair Credit Reporting Act (FCRA) ,
GLBA Privacy ,
Governor Newsom ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
Penalties ,
Regulatory Agenda
Following the declaration of the international artificial intelligence (AI) “Safety Summit” at Bletchley Park (Bletchley Summit) on November 1, 2023, and the White House’s October 30, 2023, Executive Order on AI (Executive...more
12/13/2023
/ Artificial Intelligence ,
Bank of England ,
Banking Sector ,
Biden Administration ,
Consumer Financial Protection Bureau (CFPB) ,
EU ,
Executive Orders ,
Financial Conduct Authority (FCA) ,
Financial Institutions ,
Financial Regulatory Reform ,
Financial Services Industry ,
Machine Learning ,
Popular ,
Regulatory Agenda ,
UK
Key Points The rapid adoption of artificial intelligence (AI) technology across the economy has raised a number of novel legal issues. In this article, we discuss five key issues to track in 2024, including:...more
A recent draft of the EU Agency for Cybersecurity’s (ENISA’s) European Union Cybersecurity Certification Scheme on Cloud Services (EUCS) reveals what requirements are currently being considered (and what requirements have...more
On 16 October 2023, France’s Data Protection Authority, the National Commission on Informatics and Liberty (CNIL), issued a set of guidelines for complying with the EU General Data Protection Regulation (GDPR) when...more
11/22/2023
/ Artificial Intelligence ,
CNIL ,
Data Protection ,
Data Storage ,
EU ,
General Data Protection Regulation (GDPR) ,
New Guidance ,
Personal Data ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Reform ,
Technology ,
UK
On September 28, 2023, the Cyberspace Administration of China (CAC) published the draft Provisions on Regulating and Promoting Cross-Border Data Transfers (Draft Provisions). If adopted into law in their current form, the...more
On October 30, 2023, the SEC filed a litigated complaint against SolarWinds, a software development company, and Timothy Brown, its chief information security officer (CISO). The SEC alleges that from October 2018, when...more
11/7/2023
/ Compliance ,
Corporate Governance ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Disclosure ,
Enforcement Actions ,
Information Security ,
Information Technology ,
Popular ,
Risk Management ,
Risk Mitigation ,
SolarWinds
On October 30, the U.S. government released its long-awaited, sweeping executive order (the AI EO or Order) on artificial intelligence (AI). The Order directs various U.S. government departments and agencies to evaluate AI...more
11/6/2023
/ Artificial Intelligence ,
Biden Administration ,
Compliance ,
Copyright ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Executive Orders ,
Healthcare ,
Innovative Technology ,
Intellectual Property Protection ,
Legislative Agendas ,
Life Sciences ,
Machine Learning ,
National Security ,
Popular ,
Regulatory Agenda ,
Regulatory Reform ,
Regulatory Requirements ,
Technology Sector
Partner and co-head of Skadden’s Cybersecurity and Data Privacy practice David Simon recently sat down with two chief information security officers (CISOs) from the private equity sector as part of the firm’s National Cyber...more
11/6/2023
/ Artificial Intelligence ,
Chief Information Security Officer (CISO) ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Interviews ,
Machine Learning ,
Popular ,
Private Equity ,
Risk Management ,
Securities and Exchange Commission (SEC)
The EU Digital Operational Resilience Act (Regulation (EU) 2022/2554) (DORA) creates a regulatory framework intended to enhance the operational resilience of the financial sector by establishing uniform requirements for the...more
11/3/2023
/ Compliance ,
Corporate Governance ,
Cybersecurity ,
Digital Markets Strategy ,
EU ,
Financial Crisis ,
Financial Institutions ,
Financial Regulatory Reform ,
Investment Funds ,
Investment Management ,
Regulatory Agenda ,
Regulatory Reform ,
Risk Management
A recently unsealed case against Pennsylvania State University:
- Serves as yet another example of the increased use of the False Claims Act (FCA) in cybersecurity enforcement.
- Underscores the need for companies...more
On September 20, 2023, the U.S. Department of Homeland Security released a report outlining the varied and sometimes conflicting reporting requirements that private entities face when they are victims of a cyber incident. The...more
10/17/2023
/ CIRC ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Department of Homeland Security (DHS) ,
Legislative Agendas ,
Popular ,
Public-Private Entities ,
Regulatory Agenda ,
Reporting Requirements ,
Securities and Exchange Commission (SEC)
In this month’s Privacy & Cybersecurity Update, we examine Delaware’s new comprehensive data privacy law, a joint statement by 12 data protection authorities on data scraping and data protection, a district court ruling on a...more
10/3/2023
/ California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Popular ,
Privacy Laws ,
Risk Assessment ,
Risk Management ,
State and Local Government ,
State Data Privacy Laws ,
State Privacy Laws ,
Web Scraping
In this month’s Privacy & Cybersecurity Update, we analyze the Biden administration’s proposed cybersecurity labeling program for smart devices, NIST’s extensive overhaul of its cybersecurity framework, and data privacy law...more
9/6/2023
/ Biden Administration ,
California ,
California Privacy Rights Act (CPRA) ,
Colorado ,
Compliance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Labeling ,
NIST ,
Popular ,
Privacy Laws ,
Smart Devices ,
State Privacy Laws