Board Governance & Cyber Risk Management

Senate Passes Bill for Kids Online Safety and Privacy Act

August 7, 2024 By Maki DePalo, Jennifer Everett and Hyun Jai Oh

On July 30, 2024, in a 91-3 vote, the U.S. Senate passed the bill for the Kids Online Safety and Privacy Act (the “Bill”). The Bill, which combines the bills for the Kids Online Safety Act (“KOSA”) and the Children and Teens’ Online Privacy Protection Act (“CTOPPA”), aims to expand online safety and privacy protections […]

CISA and JCDC Conduct First-Ever Public-Private AI Security Incident Tabletop Exercise

August 6, 2024 By Daniel Felz and Kim Peretti

On June 13, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) collaborated with the Joint Cyber Defense Collaborative (JCDC) to hold the federal government’s first tabletop exercise for “AI security incidents. JCDC led the exercise and, true to JCDC’s public-private partnership model, included over 50 participants from various government agencies and private-sector companies. For those […]

Pennsylvania Amends Data Breach Notification Law

July 24, 2024 By Kim Peretti and Lance Taubin

Pennsylvania’s Governor recently approved amendments to the Commonwealth’s data breach notification law, which represent a significant overhaul to the law. As detailed below, the amended law makes a number of material changes, including adding a regulator notification requirement, lowering the threshold of impacted Pennsylvania residents triggering a notification requirement to the consumer reporting agencies, slightly […]

CPPA Board Declines to Advance CCPA Regulations to Formal Rulemaking; CPPA Highlights Enforcement Priorities

July 19, 2024 By Dorian Simmons

On July 16, 2024, the California Privacy Protection Agency (the “CPPA”) board declined to advance to formal rulemaking California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments, automated decisionmaking technology, insurance companies and updates to existing regulations. The CPPA board voted against advancing the regulations during its board meeting when it also […]

SEC Corporation Finance Provides Additional Guidance on the Disclosure of Material Cybersecurity Incidents in Form 8-K

July 10, 2024 By Seol Namgoong, Sierra Shear, Cara Peterman and Kim Peretti

On June 24, 2024, the Division of Corporation Finance (“Corp Fin”) of the Securities and Exchange Commission (“SEC”) issued five new Compliance and Disclosure Interpretations (“C&DIs”) related to the disclosure of “material” cybersecurity incidents in Item 1.05 of Form 8-Ks. The C&DIs present hypothetical fact patterns related to ransomware attacks and insurance reimbursement for damages […]