Manisha Reddy, Author at Connect On Tech

In Cybersecurity

New York State Sets the Bar for Cybersecurity Requirements

November 8, 2023 by Cynthia Cole, Brian Hengesbaugh, Gavin Meyers, Justine Phillips, Manisha Reddy, Elizabeth Roper, Avi Toltzis and Cyrus R. Vance Jr. 8 Mins Read

Effective November 1, 2023, New York State Department of Financial Services (“DFS”) Strengthens Cybersecurity Requirements for Financial Services Companies. All companies should take account of these amendments, as these DFS regulations are increasingly referenced as key benchmarks for cybersecurity compliance programs. New York State’s Department of Financial Services (“DFS”) finalized significant amendments to 23 CRR-NY 500 NY-CRR, “Cybersecurity Requirements for Financial Services Companies” (“Part 500”). This follows two rounds of proposed amendments and public comment…

In Cybersecurity

CISOs, Internal Accounting Controls, Crown Jewels and Disclosure Procedures: Peeling Back The Onion of the Solar Winds Enforcement Action

November 7, 2023 by Peter Chan, Cynthia Cole, Brian Hengesbaugh, Manisha Reddy, Elizabeth Roper, Avi Toltzis, Jerome Tomas and Cyrus R. Vance Jr. 12 Mins Read

In many ways, the Securities and Exchange Commission’s (“SEC”) October 30, 2023 enforcement action against software company SolarWinds Corporation (“SolarWinds”) and its chief information security officer (“CISO”) is a typical securities case. The first four counts involve alleged material misstatements by the public company related to widely reported operational turmoil that allegedly materially impacted the company. But aspects of the case may signal a change in how the SEC looks at cyber incidents, including internal…

In California Privacy Law

The Data Market in California faces another blow as data brokers will be subject to additional obligations under the streamlined deletion mechanism for California consumers

October 16, 2023 by Cynthia Cole, Lothar Determann, Helena Engfeldt, Mariana Oliver, Manisha Reddy, Michelle Shin and Jonathan Tam 3 Mins Read

If you are a data broker or a business that relies on data brokers for targeted advertising, you should be aware that the California Data Broker Law will be significantly changed under the California Delete Act On October 10, 2023, California Governor, Gavin Newsom, signed Senate Bill 362, referred to as the Delete Act, into law. The Delete Act amends existing data broker laws to subject all data brokers to new registration and disclosure requirements…

In Artificial Intelligence

California Governor Issues Executive Order Addressing the Development of Generative Artificial Intelligence

September 11, 2023 by Cynthia Cole, Brittney Justice and Manisha Reddy 2 Mins Read

On September 6, 2023, California Governor, Gavin Newson, issued an executive order to study the development, use, and risks of generative artificial intelligence (“Gen AI”). Similar to data privacy, California is the first state to analyze Gen AI under this lens. Under the executive order, state agencies will be required to perform risk assessments, create ethical guidelines for Gen AI usage and formulate new policies and regulations. Goals of the executive order are to (i)…

In Artificial Intelligence

First Look at California Privacy Protection Agency’s Proposed Regulations on Risk Assessments

September 1, 2023 by Cynthia Cole, Justine Phillips, Brittney Justice and Manisha Reddy 3 Mins Read

On August 29, 2023, the California Privacy Protection Agency (“CPPA”) published draft regulations on risk assessments and cybersecurity audits required by the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”). The CPPA will discuss the draft regulations at the upcoming public meeting on September 8, 2023. The draft regulations make clear that the CPPA has not yet begun formal rulemaking, and that the draft regulations are “intended to facilitate…

In Data Privacy

Key Takeaways From India’s Digital Personal Data Protection Bill, 2023

On August 9, India’s Digital Personal Data Protection Bill, 2023 (“DPDP Bill”) passed both houses of the Indian Parliament and now awaits Presidential assent. In 2017, India’s Supreme Court mandated that privacy is a fundamental human right. Since that time, India has been working to pass data protection legislation. The DPDP Bill is India’s fifth draft of the bill. The DPDP Bill only applies to the processing of digital personal data in India, where the personal…

In Cybersecurity

SEC Adopts Final Cybersecurity Rules

In brief On July 26, 2023, the U.S. Securities and Exchange Commission (“SEC”) approved the final rules for Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (“Final Rules”). As previously reported, the SEC first proposed amendments to its rules on disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies on March 9, 2022 (“Proposed Rules”). Similar to the Proposed Rules, the Final Rules, broadly speaking, require (i) issuers to make disclosures…

In Data Privacy

China Standard Contractual Clauses: June 1 Adoption Deadline is Approaching

May 1, 2023 by Zhenyu Ruan, Brian Hengesbaugh, Rachel Ehlers, Manisha Reddy, Adam Aft, Cynthia Cole, Nick Merker, Stephen Reynolds and Harry Valetk 2 Mins Read

In brief Companies that export personal data out of China have roughly one month to adopt China’s Standard Contractual Clauses (“SCCs”) to comply with the Cyberspace Administration of China’s (“CAC”) deadline of June 1, 2023. As outlined in previous client alerts, the SCCs are one of three mechanisms in place for cross-border data transfers from mainland China to other jurisdictions. Many multinationals will be impacted by these requirements because Chinese employment data, which is…