Cybersecurity

California Proposes Annual Audits to Assess Sufficiency and Compliance of Company Cybersecurity

September 18, 2023 By Kim Peretti, Kristen Bartolotta and Noelle Reyes

In late August 2023, the California Privacy Protection Agency (“CPPA” or “Agency”) released a discussion draft of proposed regulations under California’s data privacy law, the California Consumer Privacy Act (“CCPA”). Importantly, the proposed regulations set forth more detailed obligations for company cybersecurity programs, including routinely assessing and filing audits with the CPPA. Though these draft […]

NIST Cybersecurity Framework 2.0 Released for Public Comment

August 28, 2023 By Amy Mushahwar, Dorian Simmons and Alysa Austin

On August 8, 2023, the National Institute of Standards and Technology (NIST) released the initial draft of its Cybersecurity Framework 2.0 and draft Implementation Examples for public comment. This marks the first significant update to the NIST Cybersecurity Framework (“Framework”) since its initial release in 2014, which is intended to address current and future cybersecurity […]

FTC Launches Investigation into Creator of ChatGPT

July 25, 2023 By Kim Peretti, Kathleen Benway, Daniel Felz and Kristen Bartolotta

In mid-July, the Federal Trade Commission (FTC) reportedly opened an investigation into OpenAI, the maker of ChatGPT, sending the company an extensive Civil Investigative Demand (CID). While FTC investigations are normally non-public, the Washington Post published what appears to be part of the CID sent from the FTC to OpenAI. This investigation comes on the […]

Chinese Hackers Exploit Gap in Cloud Environment Used by U.S. Government

July 20, 2023 By Kellen Dwyer and Kristen Bartolotta

According to recent reports issued by Microsoft and U.S. government agencies, hackers recently exploited a gap in Microsoft’s cloud environment, enabling the malicious actors to access the email accounts of employees at the United States Commerce and State Departments. Including the U.S. government, around 10 organizations were victimized in the U.S. and about 25 were […]

NY DFS Releases Revised Proposed Second Amendment of its Cybersecurity Regulation

July 11, 2023 By Kim Peretti, Kate Hanniford, Ashley Miller and Lance Taubin

The New York Department of Financial Services (“NY DFS”) published an updated proposed Second Amendment to its Cybersecurity Regulation (23 NYCRR Part 500) in the New York State Register on June 28, 2023, updating its previous proposed Second Amendment, which was published November 9, 2022. While the language proposed is largely similar to the previous […]