On February 26, 2024, the National Institute of Standards and Technology (“NIST”) released version 2.0 of its Cybersecurity Framework (“CSF 2.0”)—the first significant update to the cybersecurity guidance since its initial publication a decade ago.[1] While the original guidance was tailored to critical infrastructure entities, the new version has a broader scope and applies
On March 13, 2024, the European Parliament (EP) approved the latest draft of the European Union’s (EU) Artificial Intelligence Act (AI Act). Following this vote, the text will be sent to the Council of the EU (Council) for formal approval, after which the AI Act will officially become law. Once the AI Act starts to
The PDPL has broad extraterritorial scope and substantial penalties for non-compliance, with full enforcement expected to start in September.
By Brian A. Meenagh and Lucy Tucker
The Personal Data Protection Law (PDPL) is the first comprehensive data protection law in Saudi Arabia. The Saudi Data and Artificial Intelligence Authority (SDAIA) is expected to start full
The Biden administration recently issued Executive Order 14117 (the “Order”) on “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern.” Building upon earlier Executive Orders[1], the Order was motivated by growing fears that “countries of concern” may use artificial intelligence and other advanced technologies to
On January 23, 2024, the Japan Agency for Cultural Affairs (ACA) released its draft “Approach to AI and Copyright” for public comment, to clarify how ingestion and output of copyrighted materials in Japan should be considered. On February 29, 2024, after considering nearly 25,000 comments, additional changes were made. This document, created by an ACA
Employee monitoring isn’t new, but its extent and how it has been conducted has seen significant changes in the last few decades; we have come a long way from the punch cards of the 1900s to the current use of video surveillance, e-comms monitoring and AI, among other monitoring tools.
Part of this comes from
On February 21, 2024, Senator Bill Cassidy (R-LA), the Ranking Member of the U.S. Senate Health, Education, Labor, and Pensions (“HELP”) Committee, issued a white paper, “Strengthening Health Data Privacy for Americans: Addressing the Challenges of the Modern Era,” which proposes several updates to the privacy protections for health data. This follows Senator Cassidy’s
On February 28, 2024, the White House issued an Executive Order on Preventing Access to Americans’ Bulk Sensitive Data and United States Government-Related Data by Countries of Concern. The 17-page Executive Order pointed out that “countries of concern” could use bulk sensitive data in a variety of ways that could adversely affect U.S. national security,
On February 28, 2024, President Biden issued an Executive Order (EO) seeking to protect the sensitive personal data of Americans from potential exploitation by particular countries. The EO acknowledges that access to Americans’ “bulk sensitive personal data” and United States Government-related data by countries of concern can, among other things:
…fuel the creation and refinement
On February 28, 2024, the UK’s Information Commissioner (commissioner) confirmed that the regulator’s focus areas in 2024 will include artificial intelligence (AI), cookies, biometrics, and children’s privacy.