Author

Brian Hengesbaugh

Browsing

Abstract The recently introduced American Privacy Rights Act (APRA) represents the latest attempt to pass a comprehensive federal privacy law in the US that would govern privacy generally across the country. The draft bill proposes novel compromises on controversial topics such as federal preemption and rights of private action, which need refinement and will likely be changed in the legislative process. The attempt to cover not-for-profit entities without accounting for their different purposes seems ill…

This article was originally published by IAPP: How US national security interests may lead to a multilateral treaty on data privacy | IAPP. In Lewis Carroll’s classic Alice in Wonderland sequel “Through the Looking-Glass,” Alice enters a fantastical world by climbing through a mirror. Alice discovers that, like a mirror, everything is reversed in this other world. For observers of global data privacy issues over the past few decades, “Through the Looking Glass” is an…

In brief On May 21, 2024, Erik Gerding, Director of the US Securities and Exchange Commission (SEC) Division of Corporate Finance, issued a statement1 clarifying the SEC’s expectations for cybersecurity incident disclosures under the new Form 8-K Item 1.05. Gerding’s statement clarified that Item 1.05 disclosures should be reserved for material cybersecurity incidents, and voluntary disclosures of immaterial incidents, or of incidents before a materiality determination has been made, should be provided under a different item of…

On April 29, 2024, the Department of Commerce’s National Institute of Standards and Technology (NIST) released initial drafts of four significant policy and governance documents aimed at improving the safety and reliability of AI systems. The launch came on the 180th day following President Biden’s Executive Order 14110 on the Safe, Secure and Trustworthy Development of AI, which instructed NIST to establish guidelines and best practices to promote consensus industry standards for developing and deploying…

In Brief On May 17, 2024 Colorado Governor Polis signed the landmark Colorado AI Act (Senate Bill 24-205) into law. Colorado is now the first US state with comprehensive AI regulation, adopting a classification system like the European Union’s recent AI Act. The law will take effect February 1, 2026. The law exempts small employers (fewer than fifty full-time employees) from some of its requirements but otherwise requires companies to take extensive measures to protect…

In late April 2024, the U.S. enacted the 21st Century Peace through Strength Act. In addition to approving aid for Israel, Taiwan and Ukraine and advancing other U.S. policy objectives, the 21st Century Peace through Strength Act establishes the Protecting Americans’ Data from Foreign Adversaries Act of 2024 (the “Act”), which prohibits “data brokers” from making available personally identifiable sensitive data of U.S. individuals to “foreign adversary countries” — namely, North Korea, the People’s Republic…

On April 4, 2024, the Kentucky Governor Andy Brashear signed HB 15, enacting the Kentucky Consumer Data Protection Act (“KCDPA” or the “Act”), to make Kentucky the 15th US state to adopt a comprehensive privacy law. Kentucky joins New Hampshire and New Jersey in a trifecta of states that have enacted privacy legislation in the opening months of 2024. In the days since the KCDPA’s signing, the consumer privacy stakes have been raised, with the…

In brief Surrounded by an improbable retinue of country music stars and state lawmakers, on March 21, 2024 Tennessee Governor Bill Lee signed HB 2091, which amends the state’s right of publicity statute to create the Ensuring Likeness, Voice, and Image Security Act of 2024 (the “ELVIS Act”). The ELVIS Act is billed as the first law to protect “songwriters, performers, and music industry professionals’ voice from the misuse of artificial intelligence.” The ELVIS Act…

On February 8, 2024, the Federal Communications Commission (FCC) unanimously adopted a declaratory ruling deeming telephone calls using AI-generated voices subject to Telephone Consumer Protection Act (TCPA) restrictions on calls containing an “artificial or prerecorded voice”. According to the ruling, § 227 of the TCPA, which prohibits the initiation of “any telephone call to any residential telephone line using an artificial or pre-recorded voice to deliver a message without the prior express consent of the…

On February 28, President Biden issued Executive Order 14117 (the EO) directing the US Attorney General and other agencies to promulgate regulations that restrict and, in some cases, prohibit transactions that might involve the sharing of sensitive personal data and government-related data with “countries of concern” (currently China, including Hong Kong and Macau, Russia, Iran, North Korea, Cuba, and Venezuela). In tandem, the Department of Justice (DoJ) issued an Advance Notice of Proposed Rulemaking (ANPRM)…