On August 29, 2022, the California Senate passed the landmark Assembly Bill 2273, which would enact the California Age-Appropriate Design Code Act (the “Act”). If signed into law by Governor Newsom, the Act could have...more
On August 24, 2022, California Attorney General Rob Bonta (AG) announced a proposed settlement with beauty retailer Sephora USA, Inc. to resolve claims that Sephora violated the California Consumer Privacy Act (CCPA). Under...more
On Tuesday, the Department of Justice (DOJ) released its Comprehensive Cyber Review report (the “Review”) summarizing its review of the Department’s cyber-related activities and its recommendations around the Department’s...more
Companies are now on the clock for comments on the new proposed California Privacy Rights Act (CPRA) regulations. On July 8, 2022, the California Privacy Protection Agency (CPPA) filed a Notice of Proposed Action, triggering...more
Key Points -
Three of the four bipartisan leaders of the House and Senate committees with jurisdiction over data privacy have struck a deal on a comprehensive federal bill, the American Data Privacy and Protection Act,...more
In this episode, Natasha Kohne and Michelle Reed, who head Akin Gump’s cybersecurity, privacy and data protection practice, and counsel Lauren York discuss the firm’s new CCPA Litigation Annual Report – 2021 Trends and...more
Key Points -
Fourth Circuit points to SEC guidance on “less is more” approach to cybersecurity disclosures, while finding such disclosures did not violate federal securities laws.
Omissions of data vulnerabilities were...more
On March 10, 2022, the U.S. Department of Transportation’s (DOT) National Highway Traffic and Safety Administration (NHTSA) issued a first-of-its-kind final rule updating occupant safety requirements to account for vehicles...more
With the recent signing of the Utah Consumer Privacy Act (UCPA) by Gov. Spencer J. Cox on March 24, 2022, Utah has become the fourth state to enact a comprehensive law addressing consumer data privacy, joining California,...more
Colorado requires businesses to take reasonable steps to protect consumer data under both the Colorado Consumer Protection Act and its landmark new data privacy law, the Colorado Privacy Act (CPA). The CPA comes into force on...more
Under legislation signed into law today by President Joe Biden, certain companies will be required to report cyberattacks to the federal government within 72 hours, and ransomware payments within 24 hours.
Within 24...more
Key Points -
Proposed amendments bolster cyber disclosure and incident reporting requirements to better inform investors about a company’s risk management, strategy and governance relative to cyber issues.
Under the...more
On February 17, 2022, the California Privacy Protection Agency (CPPA) Board held its first Board meeting of 2022. Notably, CPPA Executive Director Ashkan Soltani delivered an update on the CPPA’s rulemaking activities and...more
Key Points -
Proposed amendments bolster cyber disclosure and incident reporting requirements to better inform investors about a company’s risk management, strategy and governance relative to cyber issues. ...more
The Federal Trade Commission (FTC) issued a surprisingly strong warning to companies that they may face potential regulatory action if they fail to address known vulnerabilities, focusing in particular on the Log4j...more
On January 28, 2022, the California Attorney General (AG) announced an “investigative sweep” of businesses operating loyalty programs in the state, which it launched by sending multiple businesses notice of noncompliance with...more
The ground-breaking draft European Union Act on Artificial Intelligence (AI), which has far-reaching implications beyond Europe, is currently going through the legislative procedure of the European Parliament and Council. The...more
Gary Gensler, Chair of the U.S. Securities and Exchange Commission (SEC), signaled a new era of cybersecurity law (and accompanying enforcement) in his keynote address “Cybersecurity and Securities Laws” on January 24, 2022,...more
Public comments to recently published regulations governing compliance with the California Privacy Rights Act (CPRA) show that stakeholders sharply disagree on multiple areas of the CPRA. Seventy submissions totaling nearly...more
This December, the Transportation Security Administration (TSA) issued a pair of Directives establishing cybersecurity measures for high-risk freight rail, passenger rail, and rail transit owners and operators. These...more
1/7/2022
/ Aviation Industry ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Department of Homeland Security (DHS) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Incident Response Plans ,
Public Transportation ,
Railways ,
Surface Transportation ,
Transportation Industry ,
TSA ,
Vulnerability Assessments
On September 21, 2021, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) published an updated sanctions advisory, providing guidance to companies on sanctions compliance obligations related to ransomware...more
12/14/2021
/ Compliance ,
Cryptocurrency ,
Cyber Attacks ,
Cybersecurity ,
Data Security ,
New Guidance ,
Office of Foreign Assets Control (OFAC) ,
Ransomware ,
Sanctions ,
U.S. Treasury ,
Virtual Currency
The National Institute of Standards and Technology (NIST) issued a request for public comment to help guide the development of the current and future state of technology in eight emerging technology areas. Those areas include...more
12/3/2021
/ America Competes Act ,
Comment Period ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Internet of Things ,
NIST ,
Public Comment ,
Request For Information ,
Software Developers
On November 17, 2021, the U.S. Department of Defense (DOD) published an Advanced Notice of Proposed Rulemaking (ANPRM) previewing significant changes to its Cybersecurity Maturity Model Certification (CMMC) program.1 The...more
On 10 November 2021, the Supreme Court dismissed the United Kingdom’s first ever “opt-out” class action brought outside of the competition law sector, in Lloyd v Google LLC. The claim, seeking an award of damages of around £3...more
[co-author: Christina Barone]
The Infrastructure Investment and Jobs Act (the “bill”) is historic bipartisan legislation that will make available $1.2 trillion in funding for infrastructure programs across the...more