On July 23, 2025, the Trump Administration released its long-anticipated AI Action Plan, outlining a federal roadmap to maintain U.S. global leadership in artificial intelligence (AI). The plan serves as a guiding policy...more
7/25/2025
/ Artificial Intelligence ,
Department of Defense (DOD) ,
Executive Orders ,
Export Controls ,
Government Agencies ,
Innovation ,
National Security ,
Popular ,
Regulatory Reform ,
Trump Administration ,
U.S. Commerce Department
On April 4, 2024, Kentucky became the fifteenth state to enact a comprehensive data privacy law, with Governor Andy Beshear signing the Kentucky Consumer Data Protection Act (KCDPA) into law. The Kentucky law will go into...more
6/3/2024
/ Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Fair Credit Reporting Act (FCRA) ,
FERPA ,
General Data Protection Regulation (GDPR) ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opt-In ,
Popular ,
Right of Access ,
Sensitive Personal Information ,
State Data Privacy Laws
On November 1, 2023, the New York Department of Financial Services (NYDFS) announced the adoption of amendments to its Cybersecurity Regulation 23 NYCRR Part 500 (“Amended Cybersecurity Rules” or “Amended Rules”). NYDFS...more
12/20/2023
/ Banks ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Information Technology ,
NYDFS ,
Popular ,
Ransomware ,
Regulatory Requirements ,
Risk Management
On October 30, 2023, the Biden administration released a far-reaching executive order (EO) on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI). The EO issues directives related to the use...more
12/4/2023
/ Artificial Intelligence ,
Biden Administration ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Security ,
Executive Orders ,
Legislative Agendas ,
Machine Learning ,
National Security ,
New Legislation ,
NIST ,
Personal Information ,
Popular ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Reform ,
Regulatory Requirements ,
Risk Management ,
Technology Sector
On 7 November 2023, in the King’s Speech, the UK government announced three draft laws aimed at supporting tech companies’ growth and competitiveness: the Automated Vehicles Bill (AV Bill), the Digital Markets, Competition...more
12/1/2023
/ Data Protection ,
Digital Single Market ,
Driverless Cars ,
EU ,
Mergers ,
Penalties ,
Personal Data ,
Popular ,
Technology Sector ,
Threshold Requirements ,
UK
Key Takeaways -
With the SolarWinds enforcement action, the SEC continues to ratchet up its enforcement against companies that fail to properly disclose their cybersecurity incidents and risks. By naming the SolarWinds CISO...more
11/22/2023
/ Chief Information Security Officer (CISO) ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement Actions ,
Fraud ,
Incident Response Plans ,
Popular ,
Risk Assessment ,
Securities and Exchange Commission (SEC) ,
SolarWinds
On October 30, 2023, the Biden administration issued its long-awaited artificial intelligence (AI) executive order (EO), which issues directives to over 20 federal agencies, with the deadline for implementation spanning...more
11/13/2023
/ Artificial Intelligence ,
Biden Administration ,
Critical Infrastructure Sectors ,
Department of Defense (DOD) ,
Department of Health and Human Services (HHS) ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
Department of Labor (DOL) ,
Department of Transportation (DOT) ,
Draft Guidance ,
Executive Orders ,
Hiring & Firing ,
Machine Learning ,
NIST ,
OMB ,
Popular ,
U.S. Commerce Department
On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) adopted final rules that generally require public companies to disclose (i) material cybersecurity incidents within four business days after determining the...more
On May 25, 2023, the New York Department of Financial Services (NYDFS) announced that OneMain Financial Group (OneMain) will pay a $4.25 million fine pursuant to a consent order to settle alleged violations of NYDFS’s...more
On April 27, 2023, Washington Governor Jay Inslee signed the My Health My Data Act (the “Act”) into law, establishing new limits on the collection, use and sharing of “consumer health data” and creating numerous compliance...more
The U.S. Department of Health and Human Services (HHS) continues to play a central role in helping health care organizations defend against cybersecurity threats, issuing cybersecurity briefs and a new cybersecurity framework...more
In 2018, an investment professional sued the firm he co-founded for wrongful termination and federal privacy law violations associated with the former employer’s remote accessing into a desktop computer it had purchased for...more
The UK government (the “Government”) has published proposals for a new regulatory framework for artificial intelligence (the “White Paper”). Its goal is to “provide a clear, pro-innovation regulatory environment” to make...more
The European Union (EU) adopted Regulation (EU) 2022/2554 on digital operational resilience for the financial sector (the “DORA Regulation”) in January 2023.
The DORA Regulation seeks to establish a harmonised digital...more
Growing regulatory action to combat so-called “dark patterns” used in web design to influence consumer choice has resulted in hundreds of millions of dollars in fines, and promises to continue to be an area of enforcement in...more
The National Institute for Standards and Technology (NIST) recently unveiled the first version of its Artificial Intelligence Risk Management Framework (AI RMF 1.0, or “Framework”). This highly anticipated and detailed...more
This year has seen some substantial new data breach settlements including a $500,000 Federal Trade Commission (FTC) fine against CafePress, a $1.25 million multi-state class action settlement and $5 million New York...more
11/3/2022
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Notification Requirements ,
NYDFS ,
Personally Identifiable Information ,
Popular
The UK government has recently published a Policy Paper setting out its early proposals for what the UK’s regulatory framework in respect of artificial intelligence (AI) might look like (the “Framework”). This follows the...more
In this episode, Natasha Kohne and Michelle Reed, who head Akin Gump’s cybersecurity, privacy and data protection practice, and counsel Lauren York discuss the firm’s new CCPA Litigation Annual Report – 2021 Trends and...more
Key Points -
Fourth Circuit points to SEC guidance on “less is more” approach to cybersecurity disclosures, while finding such disclosures did not violate federal securities laws.
Omissions of data vulnerabilities were...more
The Federal Trade Commission (FTC) issued a surprisingly strong warning to companies that they may face potential regulatory action if they fail to address known vulnerabilities, focusing in particular on the Log4j...more
On October 27, 2021, Secretary of State Antony Blinken formally announced plans to modernize and reorient American diplomacy to meet the evolving demands of the 21st century. The State Department, in consultation with...more
Key Points -
On October 6, 2021, the DOJ announced two new initiatives: the Civil Cyber-Fraud Initiative and the National Cryptocurrency Enforcement Team.
The Civil Cyber-Fraud Initiative will fight rising cyber threats...more
10/13/2021
/ Cryptocurrency ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Department of Defense (DOD) ,
Department of Justice (DOJ) ,
DFARS ,
False Claims Act (FCA) ,
Federal Acquisition Regulations (FAR) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
NDAA ,
Popular ,
Supply Chain
On October 1, 2021, two Acts overhauling data privacy and cybersecurity in Connecticut took effect—the latest instance of stronger state breach reporting requirements with a safe harbor protection from litigation for...more
10/7/2021
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Notification Requirements ,
Personal Information ,
Popular ,
Safe Harbors ,
State Data Breach Notification Statutes
On September 8, 2021, U.S. Secretary of Commerce Secretary Gina Raimondo announced the establishment of the National Artificial Intelligence (AI) Advisory Committee (NAIAC or the “Committee”). The NAIAC will advise the...more