Legal Blogs and Updates

Posts in Cybersecurity and Data Privacy.
Companies Now Have to Let Their Shareholders in on Their Cybersecurity Practices

Public companies now must disclose certain information regarding material cybersecurity incidents and the company’s cybersecurity risk management, strategy, and governance, under a Final Rule adopted by the Securities and Exchange Commission (SEC) on July 26, 2023. 

The Final Rule ...

EU’s Proposed AI Act is at the Forefront of International AI Regulation

By voting to adopt the latest version of the AI Act, EU lawmakers have ratified strict regulations governing how companies may use the most recent advances in generative artificial intelligence (AI) models. Considered stricter than the United States’ and the United Kingdom’s AI regulations, the latest version of the EU’s AI Act also widens the purview of the restrictions it imposes on “high-risk AI systems” described in Title III of the proposed Act.

Montana Bans TikTok 

On May 17, 2023, Montana became the first state to fully ban TikTok with Senate Bill 419.  Effective January 1, 2024, TikTok will be prohibited from operating within the state.  The law cites concerns about users’ privacy, national security concerns due to TikTok’s parent company ByteDance’s affiliation with China, and potentially dangerous content impact on minors.  

Public Agencies and Government Contractors Required to Report Cybersecurity Incidents to NJOHSP within 72 Hours

On March 13, 2023, the New Jersey Legislature approved S297/A493 (the “Act”).  The Act takes effect immediately and requires that every public agency and government contractor report cybersecurity incidents to the New Jersey Office of Homeland Security and Preparedness ...

Two States Now Prohibit Public Entities from Paying Ransoms

Late last year, North Carolina became the first U.S. jurisdiction to prohibit state agencies and local government entities from making a ransom payment or communicating with a threat actor following a ransomware attack.[1] Florida has now followed suit, making it the second state to ...

Safe Harbor Bill Revived in New Jersey Legislature

A bill that would provide companies with an affirmative defense for certain data security incidents has been introduced this term in the New Jersey Legislature. The bill seeks to follow legislation passed in other states -  Utah, Ohio and Connecticut – by providing an affirmative defense ...

Connecticut Amends Notification Law and Joins “Safe Harbor” Movement

Connecticut recently enacted two pieces of legislation that alter the landscape for data security incident reporting and notification practices in the state. Below is a synopsis of the changes, which become effective October 1, 2021.

First, the state amended its notification law  with ...

Class Members Take Notice: No Standing without Concrete Harm

A recent decision by the United States Supreme Court provides guidance for determining concrete harm as relates to standing to sue. As a result, complaints that cannot show an imminent injury similar to those traditionally recognized by American courts are expected to be precluded from ...

Biden Signs Executive Order Seeking to Harden Federal Cybersecurity Defenses

On May 12, 2021, President Biden signed a lengthy executive order aimed at advancing federal cybersecurity defenses following a tumultuous year of devastating cyberattacks on private and government sector networks. The release of the executive order came after the recent crippling ...

Utah Joins Ohio in Providing Safe Harbor to Businesses Weathering the Cyber Storm

On March 11, 2021, Utah joined Ohio to become one of two states nationally to offer an affirmative defense to lawsuits filed under tort law by individuals affected by a data security incident. Utah’s newly enacted Cybersecurity Affirmative Defense Act provides the incentive of ...

Archives

Back to Page