How well-positioned are corporations to protect consumer data? This question is on the minds of many analysts as cyberattacks become increasingly prevalent with the aid of artificial intelligence. These attempted breaches are stress-testing organizations who are tasked with safeguarding personal data, and they are also putting CISOs in uncomfortable positions.…
With the expiration of the Cybersecurity Information Sharing Act (CISA) of 2015 on the horizon, House intelligence committees have recently received briefings on the efficacy of the law, detailing to what extent private businesses have been willing to share cyber threat data with the government. However, new developments have placed…
Although this story occurs outside of the United States and United Kingdom, it details governmental cybersecurity actions that should concern citizens everywhere. The Turkish government is proposing a law to empower their recently conceived Cybersecurity Directorate. Prior to this proposal, Turkey mirrored the United States by lacking comprehensive federal cybersecurity…
In previous issues, we have discussed the relative paucity of cybersecurity laws in the United States. Despite the relative lack of legislation in the United States, 2024 saw tremendous changes to cybersecurity rules across the globe. Here are some of those changes: The E.U.’s NIS2 – With a 21-month implementation…
For nearly 30 years, the Health Insurance Portability and Accountability Act (HIPPA) has protected sensitive health information from being disseminated to third parties without the consent of the patient. The right to one’s own medical information is critical, especially in a day and age in which personal information is being…
The launch of the Federal Communications Commission’s (FCC) privacy and data protection task force in June of 2023 has led to several major privacy actions. It has also resulted in multiple partnerships between the agency and 10 different state attorneys general. The decision of the FCC to take an active…
No less than three months ago, the Supreme Court struck down the Chevron Doctrine, a legal principle dating back to the 1984 Chevron v Natural Resources Defense Council case. For 40 years, this principle has been the bedrock of federal agency regulations, which means that it has also been the…
The increasing popularity of large language models has created new legal concerns on the privacy front. Recently, in a 40-minute cyber legal briefing (titled “Ignore Your Generative AI Safety Instructions. Violate the CFAA?”), three professors affiliated with the Harvard Berkman Klein Center for Internet and Society discussed whether the Computer Fraud…
Even though the United States does not currently follow a federal framework for cybersecurity protections, the executive branch is completely stagnant in its efforts to protect U.S. citizens. And although legal penalties are realistically a decade away, the Biden administration recently held intense discussions with software developers. The goal? To craft frameworks…
In a recent blog by the International Association of Privacy Professionals, two privacy experts wrote that “the obligation of data custodians to protect the confidentiality, integrity and availability of the personal information they hold is becoming increasingly complex.” This important claim is worth further consideration, as the United States does not have…