On January 14, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released the AI Cybersecurity Collaboration Playbook (the “Playbook”) to provide guidance to organizations within the AI community (including AI providers, developers, and adopters) to voluntarily share AI-related cybersecurity information with CISA and its partners through the Joint Cyber Defense Collaborative (JCDC). To combat AI-related […]
Last Minute Biden Cybersecurity and Artificial Intelligence Executive Orders Survive Initial Trump Revocations
In the final week of the Biden Administration’s term in office, former President Biden issued two high profile executive orders that could have significant ramifications for the cybersecurity and technology industries. The first, issued on January 14, 2025, is an “Executive Order on Advancing United States Leadership in Artificial Intelligence Infrastructure” (the “AI Infrastructure Order”). […]
FTC Announces Proposed Settlement with GoDaddy Incorporating Prescriptive Cybersecurity Requirements
On January 15, 2025, the Federal Trade Commission (FTC) announced a proposed settlement with GoDaddy Inc. (GoDaddy) for making false or misleading representations about their security practices in violation of Section 5 of the FTC Act. GoDaddy, a website hosting company, serves approximately 5 million customers. In the complaint, the FTC indicated that although GoDaddy […]
OFAC Announces Sanctions Against Chinese-Based Cybersecurity Company
On January 3, 2025, the Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) announced sanctions on a Chinese-based cybersecurity company, Integrity Technology Group, Inc. (“Integrity Tech”). These sanctions were in response to Integrity Tech’s “role in multiple computer intrusion incidents against U.S. victims.” The incidents have been attributed to Flax Typhoon, a Chinese […]
New York Amends Data Breach Notification Law with Immediate Implications
In late December 2024, the New York Governor signed two bills (S2659B and S2376B) amending the state’s data breach notification law (N.Y. Gen. Bus. Law § 899-aa), to expand the definition of reportable personal information and impose new covered entity reporting obligations in the event of a data breach. Effective immediately, companies will have 30 […]