Cynthia Cole, Author at Connect On Tech

In Cybersecurity

The 2024 Baker McKenzie “Top 10” Predictions on Global Data Privacy and Cybersecurity Risks

This past year brought the rapid rise of ChatGPT and other generative AI platforms, accompanied by several noteworthy legal and regulatory developments. 2024 promises to continue with technology advances, making it a pivotal year for businesses navigating global data privacy and cybersecurity risks. Our Baker McKenzie Top 10 predictions for 2024 follow. AI-enhanced cyber threats will increase globally. Threat actors will continue to leverage AI for increasingly sophisticated attacks, exploiting new technologies to enable highly-personalized…

In Cybersecurity

California’s CPPA moves into 2024 with an ambitious agenda on Cybersecurity Audits, Risk Assessments, and Automated Decision-Making Technology

December 14, 2023 by Cynthia Cole, Justine Phillips, Grayson Myers and Garrett Stallins 3 Mins Read

The California Privacy Protection Agency (“CPPA”) held a public board meeting on December 8, 2023. As discussed in our previous article, the CPPA is in the process of preparing Draft Regulations on Cybersecurity Audits, Risk Assessments and Automated Decision-Making Technology. The Rules Subcommittee provided updates on these regulations, and Board members provided their feedback on the drafts. Key Takeaways Regarding CCPA Cybersecurity Audit Regulations The Cybersecurity Audit Regulations would require businesses “whose processing of consumers’…

In Cybersecurity

New York Cybersecurity Amendments Raise Regulatory Bar

December 5, 2023 by Cynthia Cole, Elizabeth Roper and Cyrus R. Vance Jr. 8 Mins Read

Effective Nov. 1, the New York State Department of Financial Services has strengthened cybersecurity requirements for financial services companies. All companies should take account of these amendments, as these NYDFS regulations are increasingly referenced as key benchmarks for cybersecurity compliance programs. New York’s Department of Financial Services finalized significant amendments to the cybersecurity requirements for financial services companies in Part 500 of Title 23 of the Official Compilation of Codes, Rules and Regulations of the…

In Cybersecurity

Hacker attempts to use SEC rules to further exploit victims

November 20, 2023 by Cynthia Cole, Elizabeth Roper, Avi Toltzis and Jerome Tomas 2 Mins Read

In a shocking show of gumption, a ransomware gang has reportedly not only hacked a US public company’s (MeridianLink) IT systems, but also filed a complaint on the SEC’s Tips, Complaints, and Referrals page, regarding Meridian Link’s claimed failure to disclose the incident in an 8-K in violation of the SEC’s new cybersecurity rules. Even though public companies are not yet required to comply with the new cybersecurity disclosure rules (8-K requirement goes effective on…

In Cybersecurity

New York State Sets the Bar for Cybersecurity Requirements

November 8, 2023 by Cynthia Cole, Brian Hengesbaugh, Gavin Meyers, Justine Phillips, Manisha Reddy, Elizabeth Roper, Avi Toltzis and Cyrus R. Vance Jr. 8 Mins Read

Effective November 1, 2023, New York State Department of Financial Services (“DFS”) Strengthens Cybersecurity Requirements for Financial Services Companies. All companies should take account of these amendments, as these DFS regulations are increasingly referenced as key benchmarks for cybersecurity compliance programs. New York State’s Department of Financial Services (“DFS”) finalized significant amendments to 23 CRR-NY 500 NY-CRR, “Cybersecurity Requirements for Financial Services Companies” (“Part 500”). This follows two rounds of proposed amendments and public comment…

In Cybersecurity

CISOs, Internal Accounting Controls, Crown Jewels and Disclosure Procedures: Peeling Back The Onion of the Solar Winds Enforcement Action

November 7, 2023 by Peter Chan, Cynthia Cole, Brian Hengesbaugh, Manisha Reddy, Elizabeth Roper, Avi Toltzis, Jerome Tomas and Cyrus R. Vance Jr. 12 Mins Read

In many ways, the Securities and Exchange Commission’s (“SEC”) October 30, 2023 enforcement action against software company SolarWinds Corporation (“SolarWinds”) and its chief information security officer (“CISO”) is a typical securities case. The first four counts involve alleged material misstatements by the public company related to widely reported operational turmoil that allegedly materially impacted the company. But aspects of the case may signal a change in how the SEC looks at cyber incidents, including internal…

In Artificial Intelligence

Biden’s Wide-Ranging Executive Order on Artificial Intelligence Sets Stage For Regulation, Investment, Oversight and Accountability

On October 30, 2023, President Biden issued a 63-page Executive Order to define the trajectory of artificial intelligence adoption, governance and usage within the United States government. The Executive Order outlines eight guiding principles and priorities for US federal agencies to adhere to as they adopt, govern and use AI. While safety and security are predictably high on the list, so too is a desire to make America a leader in the AI industry including…

In California Privacy Law

The Data Market in California faces another blow as data brokers will be subject to additional obligations under the streamlined deletion mechanism for California consumers

October 16, 2023 by Cynthia Cole, Lothar Determann, Helena Engfeldt, Mariana Oliver, Manisha Reddy, Michelle Shin and Jonathan Tam 3 Mins Read

If you are a data broker or a business that relies on data brokers for targeted advertising, you should be aware that the California Data Broker Law will be significantly changed under the California Delete Act On October 10, 2023, California Governor, Gavin Newsom, signed Senate Bill 362, referred to as the Delete Act, into law. The Delete Act amends existing data broker laws to subject all data brokers to new registration and disclosure requirements…

In Data Privacy

By the Dozen: Delaware Becomes the Twelfth US State to Enact Consumer Privacy Legislation

September 14, 2023 by Cynthia Cole and Helena Engfeldt 6 Mins Read

In Brief On September 11, 2023, Delaware Governor John Carney signed the Delaware Personal Data Privacy Act (HB 154) into law, making Delaware the twelfth US state to pass a consumer privacy law (and the seventh in 2023 alone). Like Connecticut, Colorado and Indiana, Delaware’s new law occupies a middle ground between detailed privacy regimes like the California Consumer Privacy Act (CCPA, as modified by the California Privacy Rights Act) and more business-friendly mandates like…

In Artificial Intelligence

California Governor Issues Executive Order Addressing the Development of Generative Artificial Intelligence

September 11, 2023 by Cynthia Cole, Brittney Justice and Manisha Reddy 2 Mins Read

On September 6, 2023, California Governor, Gavin Newson, issued an executive order to study the development, use, and risks of generative artificial intelligence (“Gen AI”). Similar to data privacy, California is the first state to analyze Gen AI under this lens. Under the executive order, state agencies will be required to perform risk assessments, create ethical guidelines for Gen AI usage and formulate new policies and regulations. Goals of the executive order are to (i)…