The General Services Administration Federal Acquisition Service has released draft contract terms and conditions related to AI-related procurements through a new proposed GSAR clause 552.239-7001, “Basic Safeguarding of Artificial Intelligence Systems” (February 2026), that would impose material new requirements on contractors and service providers supplying AI capabilities to the federal government. If adopted, the clause
Latest from Password Protected
Protecting Employee Information From Tax Season Phishing Schemes
Overview
As we enter the 2026 tax filing season, organizations face a heightened risk of cyberattacks targeting employee information. Tax season is a busy time for cybercriminals, who ramp up efforts to trick businesses and individuals into sharing personal information. Bad actors can use stolen personally identifying information (“PII”) in a variety of harmful ways,
When AI Isn’t Privileged, Confirmed: SDNY’s Written Opinion Elaborates on Confidentiality, Work Product, and Waiver
On Feb. 10, 2026, U.S. District Judge Jed Rakoff of the Southern District of New York issued a bench ruling holding that a defendant’s use of generative AI to analyze legal exposure is not protected under attorney-client privilege or the work product doctrine. See When AI Isn’t Privileged: SDNY Rules Generative AI Documents Not Protected.
When AI Isn’t Privileged: SDNY Rules Generative AI Documents Not Protected
On Feb. 10, 2026, the U.S. District Court for the Southern District of New York held that a defendant’s use of generative AI to analyze legal exposure is not protected under attorney-client privilege or the work product doctrine. The decision has important implications as clients and nonlawyers increasingly use generative AI tools to assess legal
Data Privacy Day 2026: What Changed on Jan. 1 — And What to Watch Next
Data Privacy Day offers a natural checkpoint to take stock of a fast‑moving legal landscape. As of January 1, 2026, several significant U.S. state privacy laws and regulatory updates are now live, with additional U.S. and global milestones queued up throughout 2026. Below we summarize important changes already in effect and highlight issues to monitor
NYDFS Issues Guidance on Third-Party Cybersecurity Risk Management: What Regulated Entities Need to Know
Overview
On October 21, 2025, the New York State Department of Financial Services (NYDFS) released comprehensive guidance for registrants regarding management of cybersecurity risks associated with third-party service providers (TPSPs) including cloud computing, file transfer system, AI and fintech solutions.[1] As reliance on external vendors for critical technology services grows, so too do the
Halloween Reminder – Don’t Get Haunted by Hacks
With Halloween lurking around the corner and as National Cybersecurity Awareness Month comes to a close, the McGuireWoods Data Privacy & Cybersecurity Practice Group reminds you to not wait to be spooked by a cybersecurity incident or haunted by the task of maintaining your cybersecurity program.
Today’s threat landscape is rapidly changing and accelerated evermore
New CCPA Rules Are Here: Is Your Business Ready for What’s Next?
In a significant step toward strengthening consumer privacy protections, the California Privacy Protection Agency (CPPA) board has officially adopted a comprehensive set of updates to the California Consumer Privacy Act (CCPA) regulations. These long-anticipated regulations—covering cybersecurity audits, risk assessments, and automated decision-making technology (ADMT)—mark a pivotal shift in the state’s data privacy enforcement landscape.
The New Frontier: Data Centers, AI & Insurance Implications
Amazon’s recent announcement to invest at least $20 billion in cloud computing and AI data center campuses across Pennsylvania — a record‑breaking private investment in the state — marks a turning point in digital infrastructure build-out. Spanning sites in Luzerne and Bucks counties, the project promises 1,250 full‑time roles and thousands more in construction, while pairing
HHS Proposed Rule May Enhance HIPAA Security but Leaves AI Questions Open
In response to increased cybersecurity threats and significant regulatory enforcement actions, on Dec. 27, 2024, the Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking seeking to enhance cybersecurity protections under the Security Rule implemented pursuant to the Health Insurance Portability and Accountability Act of 1996. While the proposed rule is