Privacy Plus+ News
Stay informed with our latest insights on privacy and technology trends, along with key updates from our firm.
In the Dark: Understanding the Implications of “Shadow AI.”
This week, let’s consider the growing trend of “Shadow AI,” which refers to the unsanctioned use of AI tools or systems within an organization, often without the knowledge of the organization and outside of the organization’s governance framework.
SEC Adopts New Cybersecurity Disclosure Rules for Public Companies
This week, let’s address the SEC’s recently adopted rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incidents by public companies. We’ll look at the mechanics, summarize the changes, highlight effective dates, and offer some thoughts.
All the Talk About Chat-GPT
This week, let’s talk about Chat-GPT as Italy’s Data Protection Authority blocks it and Elon Musk and others call for freeze amidst warnings related to privacy and the existential risk posed by too-powerful AI.
Cybersecurity Whistleblowers
This week, let’s highlight the recent uptick in cybersecurity whistleblowers, including those from the Dallas Independent School District and Twitter, and consider how to deal with cybersecurity whistleblower complaints.
Managing AI Risk: NIST Framework and ISO Guidance Announced
This week, let’s highlight the new risk management framework and guidance respectively published by NIST and ISO.
“It’s Turtles All the Way Down” - FTC Focuses on AWS Security
This week, let’s look at a recent FTC Consent Order, then consider what lessons can be drawn about using AWS. We’ll also explain how IT infrastructure fits the turtle metaphor featured in the title of this post.
Cyber Liability for Directors and Officers
This week, let’s catch up on cyber liability issues — from Drizly to Uber to SolarWinds — officers and directors should be tuning in and turning their attention to cyber and privacy corporate governance and D&O insurance.
OCC Requires Board Oversight of Cyber Risk
This week, let’s consider OCC’s consent order against Capital One, and particularly its requirement for board management and oversight of cyber risk.
NY SHIELD Act: A Breach Notification Statute Reborn with Data Security Requirements
This week, we cover the basics of New York’s Stop Hacks and Improve Electronic Data Security (SHIELD) Act (S.5575B/A.5635), set to take effect on March 21, 2020.