Board Governance & Cyber Risk Management

Top Ten Takeaways from California AG’s Healthcare AI Advisory

January 15, 2025 By Daniel Felz and Jennifer Everett

On January 13, 2025, California Attorney General (“AG”) Rob Bonta issued an advisory describing providers’ and businesses’ obligations related to the development, sale, and use of artificial intelligence (“AI”) and automated decision systems (“ADS”) in the healthcare industry (“Advisory”). The Advisory puts healthcare providers, insurers, and businesses serving the healthcare industry on notice of the […]

OFAC Announces Sanctions Against Chinese-Based Cybersecurity Company

January 13, 2025 By Kim Peretti and Carson Kuck

On January 3, 2025, the Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) announced sanctions on a Chinese-based cybersecurity company, Integrity Technology Group, Inc. (“Integrity Tech”). These sanctions were in response to Integrity Tech’s “role in multiple computer intrusion incidents against U.S. victims.” The incidents have been attributed to Flax Typhoon, a Chinese […]

New York Amends Data Breach Notification Law with Immediate Implications

January 6, 2025 By Kim Peretti and Alysa Austin

In late December 2024, the New York Governor signed two bills (S2659B and S2376B) amending the state’s data breach notification law (N.Y. Gen. Bus. Law § 899-aa), to expand the definition of reportable personal information and impose new covered entity reporting obligations in the event of a data breach. Effective immediately, companies will have 30 […]

UK’s National Cyber Security Centre Releases 2024 Annual Review

December 30, 2024 By Kelly Hagedorn

The United Kingdom’s National Cyber Security Centre (NCSC) has released its Annual Review for 2024. As in prior years, the report covers the UK’s cyber security position, both in terms of threats to the public and private sectors, as well as the country’s readiness to deal with those threats. Unsurprisingly, the NCSC notes that the […]

The D.C. Circuit’s TikTok Decision Could Portend Greater Regulation of Chinese-Owned Apps

December 10, 2024 By Carson Kuck and Privacy, Cyber & Data Strategy Team

On December 6, 2024, the United States Court of Appeals for the D.C. Circuit upheld the constitutionality of the Protecting Americans from Foreign Adversary Controlled Applications Act (“Act”). The Act, signed into law by President Biden on April 24, 2024, prohibits the “distribution or maintenance” in the U.S. of applications controlled by ByteDance, TikTok’s China-based […]