Category: Policy & Legislation
SEC Reporting Implications for Publicly Traded Companies Impacted by CrowdStrike Defective Software Update
There are a number of US Securities and Exchange Commission (SEC) reporting implications arising from the server-related outages caused by CrowdStrike’s defective software update on July 19, 2024, and their impacts on public companies, particularly in light of the SEC’s new cybersecurity disclosure rules. While the situation on the ground […]
SEC Settles Charges Against RR Donnelley Related to Cybersecurity Incident Disclosure and Internal Access Controls
On June 18, 2024, the Securities and Exchange Commission (SEC) announced that it had settled claims against RR Donnelley (RRD) related to a 2021 ransomware and cyber extortion attack. Despite RRD having discovered and reported the incident within 30 days (a relatively short time frame for investigating complex data breaches), […]
AI Act Enters Into Force
On 12 July 2024, the long-awaited Artificial Intelligence Act (AI Act) was published in the Official Journal of the European Union (OJEU), meaning that 20 days from this date it will enter into force and will apply from 2 August 2026, bringing certainty regarding the timeline for its applicability, which […]
Utah, Colorado Pave Way for AI-Specific State Laws – Is Your Company Ready for the Impending Regulation Wave?
The regulation of artificial intelligence (AI) has drawn significant interest from policymakers in the US, particularly at the state level. There has been a recent slew of legislative activity with respect to comprehensive AI bills across various states. We expect to see this new wave of comprehensive AI regulation at […]
EU Collective Redress Directive: What Services Companies Need to Know (Part One)
This article is the first in a three-part series on collective claims and class actions in the EU and the US. As collective claims become more prevalent in the EU, companies offering platforms, products, and services in both jurisdictions will benefit from implementing and maintaining a coordinated global class action […]
Understanding Washington’s My Health My Data (MHMD) Act: Applicability, Scope and Requirements
On January 31, 2024, Cooley lawyers Brooke Fritz and Andrew Epstein led a virtual presentation on Washington state’s My Health My Data (MHMD) Act. Below are some key highlights from the discussion. The MHMD Act’s origins and purposes:In an effort to close the “gap” that exists between consumer knowledge and […]
CISA Opens Notice and Comment Process on CIRCIA Draft Regulations
On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security published a long-awaited notice of proposed rulemaking (NPRM) pursuant to the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Signed into law in 2022 by President Joe Biden, CIRCIA required CISA to […]
Washington State’s My Health My Data Act FAQ, Part Three – Enforcement Risks
In Part Three of our FAQ series on Washington state’s My Health My Data (MHMD) Act, we answer questions related to the MHMD Act’s enforcement risks – including the much-feared private right of action. Given the MHMD Act’s broad scope, its private right of action, the potential for large certified […]
New Hampshire and New Jersey Pass Comprehensive Consumer Privacy Laws
The proliferation of state consumer privacy laws continues into 2024. On March 6, 2024, New Hampshire Gov. Chris Sununu signed SB255, the New Hampshire Privacy Act (NHPA), making New Hampshire the 14th state to enact a comprehensive privacy law. Similarly, on January 16, 2024, New Jersey Gov. Phil Murphy signed […]