It’s only April, but 2023 has already been a big year for new and evolving data privacy legislation. In January, the California Privacy Rights Act took effect, expanding and clarifying the rights and obligations within the California Consumer Privacy Act. In addition, exceptions for business-to-business and employee and applicant data expired, ushering in new requirements and broadening the reach of the California laws. At the same time, the second major state data privacy law – the Virginia Consumer Data Protection Act – took full effect.

By now, you have probably heard about OpenAI’s ChatGPT, an artificially intelligent chatbot, and similar chatbots that have launched in its wake. (Chris Deubert and I have previously written about it here.)

On March 2, the Biden Administration released a “National Cybersecurity Strategy,” which it says takes a comprehensive approach to securing cyberspace for all and ensuring the United States is in the best position to take advantage of all the benefits that our digital future holds. The Strategy consists of five “pillars”: Infrastructure, threat actors, the market, plans ...