In late August 2023, the California Privacy Protection Agency (“CPPA” or “Agency”) released a discussion draft of proposed regulations under California’s data privacy law, the California Consumer Privacy Act (“CCPA”). Importantly, the proposed regulations set forth more detailed obligations for company cybersecurity programs, including routinely assessing and filing audits with the CPPA. Though these draft […]
FTC Launches Investigation into Creator of ChatGPT
In mid-July, the Federal Trade Commission (FTC) reportedly opened an investigation into OpenAI, the maker of ChatGPT, sending the company an extensive Civil Investigative Demand (CID). While FTC investigations are normally non-public, the Washington Post published what appears to be part of the CID sent from the FTC to OpenAI. This investigation comes on the […]
Texas Becomes Tenth State to Enact a Comprehensive State Privacy Law
On June 18, 2023, Texas Governor Greg Abbott signed the Texas Data Privacy and Security Act (HB 4) (“TDPSA”) into law, making Texas the latest contributor to the growing patchwork of comprehensive U.S. state privacy laws. TDPSA takes effect July 1, 2024, except for provisions that enable consumers to designate authorized agents to exercise on […]
NY DFS Releases Revised Proposed Second Amendment of its Cybersecurity Regulation
The New York Department of Financial Services (“NY DFS”) published an updated proposed Second Amendment to its Cybersecurity Regulation (23 NYCRR Part 500) in the New York State Register on June 28, 2023, updating its previous proposed Second Amendment, which was published November 9, 2022. While the language proposed is largely similar to the previous […]
SEC’s Proposed Cybersecurity Rules Delayed Yet Again
On June 13, 2023, the Securities and Exchange Commission (“SEC”) published its Spring 2023 rulemaking agenda that delayed finalizing the proposed Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule for public companies and proposed rule on Cyber Risk Management for Investment Advisers, Registered Investment Companies and Business Development Companies until at least October 2023. […]