Author

Brian Hengesbaugh

Browsing

In the classic movie “The Wizard of Oz,” Dorothy, Scarecrow and Tinman walk through the forest while expressing great concern about the “lions and tigers and bears, oh my!” they may face on their journey to Oz. Companies experiencing global ransomware and cyberattacks can experience similar emotions as they grapple with increasingly complex global legal risks. Across the globe, local legislatures and regulatory authorities have established a multitude of different and sometimes conflicting legal obligations…

On December 21, 2023 the Federal Communications Commission (FCC) issued updates to its Data Breach Notification Rule, which applies to telecommunications carriers, as well as to voice over internet protocol (VoIP) and telecommunications relay service (TRS) providers. The updated Data Breach Notification Rule marks the most significant changes to the Rule since its adoption 16 years ago and modernizes the FCC requirements by bringing them more closely in line with other breach reporting obligations. The…

This past year brought the rapid rise of ChatGPT and other generative AI platforms, accompanied by several noteworthy legal and regulatory developments. 2024 promises to continue with technology advances, making it a pivotal year for businesses navigating global data privacy and cybersecurity risks. Our Baker McKenzie Top 10 predictions for 2024 follow. AI-enhanced cyber threats will increase globally. Threat actors will continue to leverage AI for increasingly sophisticated attacks, exploiting new technologies to enable highly-personalized…

In a month already full of activity with respect to regulation of artificial intelligence (AI) globally, the U.S. Federal Trade Commission (FTC) has continued to assert its role in regulating AI in the US. On November 21, 2023, FTC commissioners unanimously resolved to streamline the FTC’s ability to issue civil investigative demands (CIDs) regarding AI in products and services. FTC staff may now more easily compel release of documents, information, and testimony as part of…

Effective November 1, 2023, New York State Department of Financial Services (“DFS”) Strengthens Cybersecurity Requirements for Financial Services Companies. All companies should take account of these amendments, as these DFS regulations are increasingly referenced as key benchmarks for cybersecurity compliance programs. New York State’s Department of Financial Services (“DFS”) finalized significant amendments to 23 CRR-NY 500 NY-CRR, “Cybersecurity Requirements for Financial Services Companies” (“Part 500”). This follows two rounds of proposed amendments and public comment…

In many ways, the Securities and Exchange Commission’s (“SEC”) October 30, 2023 enforcement action against software company SolarWinds Corporation (“SolarWinds”) and its chief information security officer (“CISO”) is a typical securities case. The first four counts involve alleged material misstatements by the public company related to widely reported operational turmoil that allegedly materially impacted the company. But aspects of the case may signal a change in how the SEC looks at cyber incidents, including internal…

On October 30, 2023, President Biden issued a 63-page Executive Order to define the trajectory of artificial intelligence adoption, governance and usage within the United States government. The Executive Order outlines eight guiding principles and priorities for US federal agencies to adhere to as they adopt, govern and use AI. While safety and security are predictably high on the list, so too is a desire to make America a leader in the AI industry including…

In Brief On September 29, 2023, China’s primary data protection regulator, the Cyberspace Administration of China (“CAC”), proposed new rules for cross-border data transfers from China (the “Draft Rules”). If implemented as written, the Draft Rules, which are currently subject to public comment through mid-October, will significantly roll back requirements for many US and multinational organizations. There is no specific deadline for adoption, but it is expected prior to November 30, 2023, which is the…

*Article originally posted on Law.com authored by Cassandre Coyer at LegalTech News.* This summer marked a key development in the history of data transfers between the U.S. and European Union when the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework after two prior invalidated agreements. But whether that milestone is translating to a wave of companies registering to get certified under the new framework is less apparent. Given the looming possibility of a Schrems…

In recent years, China has adopted a series of complex regulations around cybersecurity and privacy. In 2022, it issued rules for cross-border transfers of data, and its version of Standard Contractual Clauses (“China SCCs”) in February 2023. The China SCCs became effective in June, but there was a six month grace period for filing, until November 30, 2023. Any company that has a presence in China or processes or transfers Chinese resident data outside of…