On September 6, 2023, California Governor, Gavin Newson, issued an executive order to study the development, use, and risks of generative artificial intelligence (“Gen AI”). Similar to data privacy, California is the first state to analyze Gen AI under this lens. Under the executive order, state agencies will be required to perform risk assessments, create ethical guidelines for Gen AI usage and formulate new policies and regulations. Goals of the executive order are to (i)…
On August 29, 2023, the California Privacy Protection Agency (“CPPA”) published draft regulations on risk assessments and cybersecurity audits required by the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”). The CPPA will discuss the draft regulations at the upcoming public meeting on September 8, 2023. The draft regulations make clear that the CPPA has not yet begun formal rulemaking, and that the draft regulations are “intended to facilitate…
In brief On July 26, 2023, the U.S. Securities and Exchange Commission (“SEC”) approved the final rules for Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (“Final Rules”). As previously reported, the SEC first proposed amendments to its rules on disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies on March 9, 2022 (“Proposed Rules”). Similar to the Proposed Rules, the Final Rules, broadly speaking, require (i) issuers to make disclosures…
The Texas Data Privacy and Security Act joins the growing number of states that have passed or enacted legislation in 2023, and more are expected in the coming months.
The Federal Trade Commission (“FTC”) issued a warning on Monday about artificial intelligence (“AI”), telling businesses to “keep [their] AI claims in check” and reminding all industries that the Commission will be monitoring baseless or exaggerated marketing around AI. In the post published on the FTC’s website, an attorney for the FTC Division of Advertising Practices reminded businesses that “false or unsubstantiated claims about a product’s efficacy” is the FTC’s “bread and butter.” The FTC’s…
In Brief On February 24, 2023, the Cyberspace Administration of China (CAC) released the final version of the Standard Contractual Clauses (SCCs) and SCC Measures for the cross-border transfer of personal data under the Personal Information Protection Law (PIPL). The SCCs provide a mechanism for businesses to transfer personal information from mainland China to other jurisdictions. China’s SCCs closely mirror the EU’s SCCs, which were updated in 2021, but feature several important distinctions described in…