The civil action taken by the Security Exchange Commission (SEC) against SolarWinds and its Chief Information Security Officer (CISO) underscores the evolving landscape of liability concerns for CISOs. In the October 2023 suit filed in New York federal court, the SEC charged SolarWinds with failing to disclose the company’s cybersecurity weakness during a massive hack in its supply chain to investors.
Read more
In 2018, Interactive Advertising Bureau Europe (IAB Europe) released the Transparency and Consent Framework (TCF) to provide guidance to parties in the digital advertising chain regarding compliance with GDPR and the ePrivacy Directive when obtaining and managing user consent for online advertising purposes.
Read more
As 2024 begins, we look back on the year 2023’s legislative session and the four privacy legislation that wound their way through the Assembly and Senate. On July 14, 2023, the California Privacy Protection Agency (CPPA) unanimously voted to show their support for all four legislation because each “supports the CPPA’s mission of protecting the privacy rights of Californians.” Below is a brief summary of each legislation and their status.
Read more
On October 1, 2023, 23andMe, the personal genomics and biotechnology company, initially learned of a cyber threat after confirming user information was for sale on the dark web. 23andMe subsequently investigated the hacker’s claims that 4 million genetic profiles of UK customers were leaked.
Read more
On November 16, 2023, the California State Bar released the Practical Guidance For the Use of Generative Artificial Intelligence in the Practice of Law, which the Bar states should be considered “as guiding principles rather than as ‘best practices.” The guidance comes at a time of accelerated development and use of generative artificial intelligence (GenAI). The legal profession particularly has been the subject of articles for years that speculate the replacement of attorneys with AI, such as six years ago and this year. However, attorneys are adapting and using GenAI in their legal practice.
Read more
On November 27, 2023, the California Privacy Protection Agency (CPPA) released the draft automated decisionmaking technology regulations (ADTR) aiming to regulate consumer facing corporate use of artificial intelligence (AI). Along with the ADTR, CPPA also released an overview of the proposed framework for automated decisionmaking technology and key topics for their board meeting which was to be held on December 10, 2023.
Read more
As Artificial Intelligence (AI) becomes omnipresent, reshaping business practices across diverse sectors, such as healthcare, finance, and communication, the intricate interplay between AI and privacy law assumes heightened significance, demanding careful consideration and prompt adaptation. While many hail the release of generative AI to the public as a generational shift in technology, many still fear the perils that come with it.
Read more
On September 18, 2023, U.S. District Judge Beth Labson Freeman granted a preliminary injunction against the enforcement of the California Age-Appropriate Design Code Act (CAADCA or “the Act”). CAADCA was signed into law in September 2022 and would have gone into effect on July 1, 2024. The lawsuit enjoining the enforcement of CAADCA was brought by Netchoice, a trade association of online businesses and eCommerce businesses, in December 2022. Netchoice challenged the constitutionality of CAADCA in its complaint against California Attorney General Rob Bonta.
Read more
According to media reports, White House Office Federal Chief Information Security Officer and Deputy National Cyber Director Chris DeRusha has indicated that the Biden administration is already reexamining the implementation plan for its national cybersecurity strategy published back on March 2, 2023.
Read more
The French National Commission on Informatics and Liberty (CNIL) announced on 17 November 2022 that they issued a fine of 800,000 euros on 10 November 2022 against Discord, Inc., for failure to comply with several GDPR obligations, particularly the data retention periods and security of personal data.
Read more
1 of 8
Older posts