SEC Settles Charges Against RR Donnelley Related to Cybersecurity Incident Disclosure and Internal Access Controls
On June 18, 2024, the Securities and Exchange Commission (SEC) announced that it had settled claims against RR Donnelley (RRD) related to a 2021 ransomware and cyber extortion attack. Despite RRD having discovered and reported the incident within 30 days (a relatively short time frame for investigating complex data breaches), […]
AI Act Enters Into Force
On 12 July 2024, the long-awaited Artificial Intelligence Act (AI Act) was published in the Official Journal of the European Union (OJEU), meaning that 20 days from this date it will enter into force and will apply from 2 August 2026, bringing certainty regarding the timeline for its applicability, which […]
Utah, Colorado Pave Way for AI-Specific State Laws – Is Your Company Ready for the Impending Regulation Wave?
The regulation of artificial intelligence (AI) has drawn significant interest from policymakers in the US, particularly at the state level. There has been a recent slew of legislative activity with respect to comprehensive AI bills across various states. We expect to see this new wave of comprehensive AI regulation at […]
EU Collective Redress Directive: What Services Companies Need to Know (Part One)
This article is the first in a three-part series on collective claims and class actions in the EU and the US. As collective claims become more prevalent in the EU, companies offering platforms, products, and services in both jurisdictions will benefit from implementing and maintaining a coordinated global class action […]
Fatal Flaws in SEC’s Amended Complaint Against SolarWinds
In March 2024, a coalition of more than 50 cybersecurity leaders and organizations called for dismissal of an amended complaint by the Securities and Exchange Commission (SEC) against SolarWinds and its chief information security officer (CISO), Tim Brown. Amici from the business community and the software industry, as well as […]
Fatal Flaws in SEC’s Amended Complaint Against SolarWinds
In March 2024, a coalition of more than 50 cybersecurity leaders and organizations called for dismissal of an amended complaint by the Securities and Exchange Commission (SEC) against SolarWinds and its chief information security officer (CISO), Tim Brown. Amici from the business community and the software industry, as well as […]
Understanding Washington’s My Health My Data (MHMD) Act: Applicability, Scope and Requirements
On January 31, 2024, Cooley lawyers Brooke Fritz and Andrew Epstein led a virtual presentation on Washington state’s My Health My Data (MHMD) Act. Below are some key highlights from the discussion. The MHMD Act’s origins and purposes:In an effort to close the “gap” that exists between consumer knowledge and […]
CISA Opens Notice and Comment Process on CIRCIA Draft Regulations
On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security published a long-awaited notice of proposed rulemaking (NPRM) pursuant to the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Signed into law in 2022 by President Joe Biden, CIRCIA required CISA to […]
Washington State’s My Health My Data Act FAQ, Part Three – Enforcement Risks
In Part Three of our FAQ series on Washington state’s My Health My Data (MHMD) Act, we answer questions related to the MHMD Act’s enforcement risks – including the much-feared private right of action. Given the MHMD Act’s broad scope, its private right of action, the potential for large certified […]