William Ridgway

William Ridgway

Skadden, Arps, Slate, Meagher & Flom LLP

Contact

Readers' Choice Awards

Cybersecurity
Cybersecurity
View Bio
RSS

Latest Publications

Share:

The Informed Board - Winter 2024

The oversight obligations of boards continue to expand. Recent enforcement actions and new laws in areas such as cybersecurity, artificial intelligence and supply chains create new challenges for boards, as we explain in this...more

2/19/2024  /  Acquisitions , Activist , Artificial Intelligence , Board of Directors , Canada , China , Competition , Corporate Governance , Cyber Incident Reporting , Cybersecurity , Disclosure Requirements , EU , Executive Orders , Federal Contractors , Financial Services Industry , Forced Labor , Germany , International Labor Laws , Life Sciences , Machine Learning , Manufacturers , Mergers , NGOs , Political Campaigns , Political Contributions , Political Conventions , Publicly-Traded Companies , Risk Assessment , Risk Management , Securities and Exchange Commission (SEC) , Shareholder Activism , Shareholders , Technology Sector , UK , Uyghur Forced Labor Prevention Act (UFLPA)

Emerging Expectations: The Board’s Role in Oversight of Cybersecurity Risks

Key Points - - New SEC rules from 2023 require public companies to report material cybersecurity incidents promptly and detail their cybersecurity risk management strategies in annual reports — requirements that increase...more

2/13/2024  /  Board of Directors , Corporate Governance , Cyber Incident Reporting , Cybersecurity , Disclosure Requirements , New Rules , Publicly-Traded Companies , Reporting Requirements , Risk Management , Securities and Exchange Commission (SEC)

AI Insights: Proposed FTC Order Suggests Blueprint for AI Adoption

A proposed settlement action filed on December 19, 2023, by the Federal Trade Commission (FTC) against Rite Aid Corp. highlights some of the key issues presented when companies use artificial intelligence (AI) for facial...more

1/8/2024  /  Algorithms , Artificial Intelligence , Commercial Litigation , Customer Privacy , Customers , Facial Recognition Technology , Federal Trade Commission (FTC) , Privacy Laws , Rite Aid , Settlement Proposals , Technology Sector

2024 Insights: Other Regulatory Developments

AI in 2024: Monitoring New Regulation and Staying in Compliance With Existing Laws Companies that develop or employ AI tools have to consider proposed AI-specific regulation as well as an array of existing IP, privacy,...more

12/22/2023  /  Acquisitions , Artificial Intelligence , CFIUS , China , Cybersecurity , Data Privacy , Energy Sector , EU , Intellectual Property Litigation , Intellectual Property Protection , International Litigation , Investment , IRS , Mergers , National Security , New Hires , New Legislation , New Regulations , Outer Space , Private Equity , Regulatory Agenda , Securities and Exchange Commission (SEC) , Taxation , Technology Sector , Trade Relations , Trade Restrictions , UK

FBI, DOJ and SEC Publish Guidance on Requesting Delayed Reporting of Material Cyber Incidents on Form 8-K: Takeaways for CISOs and...

The U.S. Securities and Exchange Commission (SEC) adopted final rules in 2023 that are intended to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance and incident reporting by...more

12/20/2023  /  Corporate Governance , Cyber Incident Reporting , Cybersecurity , Data Privacy , Data Protection , Department of Justice (DOJ) , Disclosure Requirements , FBI , Form 8-K , Incident Response Plans , Popular , Publicly-Traded Companies , Reporting Requirements , Risk Management , Securities and Exchange Commission (SEC)

California’s Data Deletion Law Imposes a Host of New Obligations on Data Brokers

On October 10, 2023, California Gov. Gavin Newsom signed into law Senate Bill 362, also known as the Delete Act, allowing California residents to have their personal information deleted by all registered data brokers...more

12/15/2023  /  Audits , California , California Privacy Protection Agency (CPPA) , Compliance , Data Brokers , Data Deletion , Disclosure , Fair Credit Reporting Act (FCRA) , GLBA Privacy , Governor Newsom , Gramm-Leach-Blilely Act , Health Insurance Portability and Accountability Act (HIPAA) , New Legislation , Penalties , Regulatory Agenda

AI in 2024: Monitoring New Regulation and Staying in Compliance With Existing Laws

Key Points The rapid adoption of artificial intelligence (AI) technology across the economy has raised a number of novel legal issues. In this article, we discuss five key issues to track in 2024, including:...more

12/13/2023  /  Artificial Intelligence , Corporate Counsel , Popular

AI Insights: Public Consultation Period Closes for French CNIL Guidance on GDPR-Compliant Development of AI Systems

On 16 October 2023, France’s Data Protection Authority, the National Commission on Informatics and Liberty (CNIL), issued a set of guidelines for complying with the EU General Data Protection Regulation (GDPR) when...more

11/22/2023  /  Artificial Intelligence , CNIL , Data Protection , Data Storage , EU , General Data Protection Regulation (GDPR) , New Guidance , Personal Data , Privacy Laws , Regulatory Agenda , Regulatory Reform , Technology , UK

China Intends To Ease Controls Over Cross-Border Data Transfers

On September 28, 2023, the Cyberspace Administration of China (CAC) published the draft Provisions on Regulating and Promoting Cross-Border Data Transfers (Draft Provisions). If adopted into law in their current form, the...more

11/8/2023  /  China , Cross-Border , Cross-Border Transactions , Cybersecurity , Data Privacy , Data Security , International Data Transfers , Personal Data , Privacy Laws

What Does the SEC’s Complaint Against SolarWinds Mean for CISOs and Boards?

On October 30, 2023, the SEC filed a litigated complaint against SolarWinds, a software development company, and Timothy Brown, its chief information security officer (CISO). The SEC alleges that from October 2018, when...more

11/7/2023  /  Compliance , Corporate Governance , Cyber Attacks , Cybersecurity , Data Breach , Data Privacy , Data Protection , Data Security , Disclosure , Enforcement Actions , Information Security , Information Technology , Popular , Risk Management , Risk Mitigation , SolarWinds

AI Insights: Biden Administration Passes Sweeping Executive Order on Artificial Intelligence

On October 30, the U.S. government released its long-awaited, sweeping executive order (the AI EO or Order) on artificial intelligence (AI). The Order directs various U.S. government departments and agencies to evaluate AI...more

11/6/2023  /  Artificial Intelligence , Biden Administration , Compliance , Copyright , Corporate Governance , Cybersecurity , Data Privacy , Data Security , Executive Orders , Healthcare , Innovative Technology , Intellectual Property Protection , Legislative Agendas , Life Sciences , Machine Learning , National Security , Popular , Regulatory Agenda , Regulatory Reform , Regulatory Requirements , Technology Sector

Cyber Fraud Alleged by Former CIO for Purported Noncompliance With DoD Cyber Requirements

A recently unsealed case against Pennsylvania State University: - Serves as yet another example of the increased use of the False Claims Act (FCA) in cybersecurity enforcement. - Underscores the need for companies...more

10/31/2023  /  Controlled Unclassified Information (CUI) , Cybersecurity , Department of Defense (DOD) , DFARS , False Claims Act (FCA) , Fraud , Policies and Procedures

Federal Report Proposes Harmonization of Divergent Cyber Incident Reporting Regimes

On September 20, 2023, the U.S. Department of Homeland Security released a report outlining the varied and sometimes conflicting reporting requirements that private entities face when they are victims of a cyber incident. The...more

10/17/2023  /  CIRC , Corporate Governance , Cyber Incident Reporting , Cybersecurity , Department of Homeland Security (DHS) , Legislative Agendas , Popular , Public-Private Entities , Regulatory Agenda , Reporting Requirements , Securities and Exchange Commission (SEC)

Privacy & Cybersecurity Update - September 2023

In this month’s Privacy & Cybersecurity Update, we examine Delaware’s new comprehensive data privacy law, a joint statement by 12 data protection authorities on data scraping and data protection, a district court ruling on a...more

10/3/2023  /  California Privacy Protection Agency (CPPA) , Cybersecurity , Data Privacy , Data Protection , Popular , Privacy Laws , Risk Assessment , Risk Management , State and Local Government , State Data Privacy Laws , State Privacy Laws , Web Scraping

Privacy & Cybersecurity Update - August 2023

In this month’s Privacy & Cybersecurity Update, we analyze the Biden administration’s proposed cybersecurity labeling program for smart devices, NIST’s extensive overhaul of its cybersecurity framework, and data privacy law...more

9/6/2023  /  Biden Administration , California , California Privacy Rights Act (CPRA) , Colorado , Compliance , Cybersecurity , Data Privacy , Data Protection , Labeling , NIST , Popular , Privacy Laws , Smart Devices , State Privacy Laws

Privacy & Cybersecurity Update - July 2023

In this month’s Privacy & Cybersecurity Update, we examine the newly established data privacy framework between the EU and U.S. and new consumer privacy laws in Oregon and Texas. We also review a court ruling that delayed...more

8/2/2023  /  Biometric Information Privacy Act , California , California Privacy Rights Act (CPRA) , Cyber Incident Reporting , Cybersecurity , Cybersecurity Framework , Data Privacy , Data Transfers , Disclosure , EU , European Commission , European Economic Area (EEA) , General Data Protection Regulation (GDPR) , NYDFS , Oregon , Popular , Privacy Laws , Proposed Amendments , Regulatory Requirements , Risk Management , Texas

SEC Adopts Rules for Cybersecurity Risk Management, Strategy, Governance and Incident Disclosure

On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) voted 3-2 to adopt final rules that are intended to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance and...more

7/28/2023  /  Compliance , Corporate Governance , Cyber Incident Reporting , Cybersecurity , Disclosure Requirements , New Rules , Proposed Rules , Publicly-Traded Companies , Regulation S-K , Reporting Requirements , Required Forms , Risk Management , Securities and Exchange Commission (SEC)

Privacy & Cybersecurity - June 2023

In our June Privacy & Cybersecurity Update, we review new data privacy laws in Colorado, Connecticut, Florida and Montana; Verizon’s annual Data Breach Investigations Report; AM Best’s report on cyber insurance trends; and...more

7/6/2023  /  Biometric Information Privacy Act , Consumer Privacy Rights , Cyber Insurance , Cybersecurity , Data Breach , Data Collection , Data Processors , Data Protection , Employer Liability Issues , Employment Litigation , Enforcement , Investigations , Liability , Negligence , New Amendments , New Legislation , New Regulations , Opt-Outs , Popular , Privacy Laws , State and Local Government , State Privacy Laws , Technology Sector , Verizon

Supreme Court Clarifies False Claims Act Scienter Element in Schutte

On June 1, 2023, the U.S. Supreme Court issued its highly anticipated decision in the consolidated cases United States ex rel. Schutte v. SuperValu Inc. and United States ex rel. Proctor v. Safeway, Inc., Nos. 21-1326 &...more

6/12/2023  /  Drug Pricing , False Claims Act (FCA) , Fraud , Healthcare , Pharmaceutical Industry , Pharmacies , Prescription Drugs , Reasonable Interpretations , Safeco , Scienter , SCOTUS , US ex rel Thomas Proctor v Safeway Inc , US ex rel Tracy Schutte et al v SuperValu Inc et al

Privacy & Cybersecurity Update - May 2023

In this month’s Privacy & Cybersecurity Update, we review new consumer privacy laws in Tennessee and Indiana, three GDPR rulings by the Court of Justice of the European Union, updates regarding future California Privacy...more

6/5/2023  /  California Privacy Protection Agency (CPPA) , Cyber Insurance , Cybersecurity , EU , European Court of Justice (ECJ) , Fraud , General Data Protection Regulation (GDPR) , Hackers , Insureds , Liability , Privacy Laws , State Privacy Laws , Wire Fraud

AI Risk: Evaluating and Managing It Using the NIST Framework

The rapid adoption of artificial intelligence (AI) technology into corporate environments has left many organizations understandably struggling with how to identify, measure and manage the unique risks of these nascent...more

5/19/2023  /  Artificial Intelligence , EU , NIST , Risk Management , Technology Sector , U.S. Commerce Department

Privacy & Cybersecurity Update - April 2023

In this month’s Privacy & Cybersecurity Update, we look at Washington state’s passage of the first-ever state-level health data privacy law and the finalized California Consumer Privacy Act regulations. We also examine a...more

5/2/2023  /  California Consumer Privacy Act (CCPA) , California Privacy Rights Act (CPRA) , Cybersecurity , Data Privacy , Data Protection , Department of Health and Human Services (HHS) , Food and Drug Administration (FDA) , Fraudulent Wire Transfers , Health Insurance Portability and Accountability Act (HIPAA) , Healthcare , Insurance Industry , Medical Devices , Notice of Proposed Rulemaking (NOPR) , Popular , Privacy Laws , Reproductive Healthcare Issues , State Privacy Laws

Privacy & Cybersecurity Update - March 2023

In this month’s Privacy & Cybersecurity Update, we examine Iowa’s new data privacy law (the sixth state to enact a privacy law), the Biden administration’s new national cybersecurity strategy, the U.K. government’s revised...more

4/4/2023  /  Amended Regulation , Biden Administration , Consumer Privacy Rights , Critical Infrastructure Sectors , Cybersecurity , Data Protection , National Security , Popular , Privacy Laws , State Privacy Laws , UK

Recent Actions by the Fed Show Its Continued Cautious Approach to Cryptoasset Activities by Supervised Institutions

In the past year, the Board of Governors of the Federal Reserve System (the Board) Biden administration officials, and other U.S. banking regulators have repeatedly voiced growing concerns about certain cryptoasset...more

2/7/2023  /  Banking Regulators , Banking Sector , Banks , Biden Administration , Blockchain , Cryptoassets , Cryptocurrency , FDIC , Federal Reserve , Financial Institutions , Financial Services Industry , OCC , Risk Assessment

Privacy & Cybersecurity Update - January 2023

In this month’s Privacy & Cybersecurity Update, we analyze recent fines against Meta and their impact on the future of behavioral advertising, the timeline for the California Privacy Rights Act’s regulations to become...more

2/1/2023  /  Advertising , California , California Privacy Rights Act (CPRA) , Class Action , Court of Justice of the European Union (CJEU) , Cybersecurity , Data Breach , FCC , Fines , Investigations , Metaverse , Popular , Privacy Laws , Proposed Amendments , Reporting Requirements , Settlement Agreements , State and Local Government , State Privacy Laws , UK
148 Results
 / 
View per page
« Previous
Page: of 6
Next »

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide