The new Swiss Federal Act on Data Protection, known by the acronym “nFADP,” took effect on September 1. The law was enacted by the Swiss parliament in 2020.
The law introduces new rights for Swiss citizens, but also corresponding obligations for businesses that process personal data subject to the law. The law is intended to be more closely aligned to the European Union’s General Data Protection Regulation and allows for a free flow of information between EU and Swiss companies.
In early August, the National Institute of Standards and Technology released the initial public draft of its Cybersecurity Framework 2.0. The draft is a long-awaited update to a framework that’s been in place for almost 10 years: The Framework for Improving Critical Infrastructure Cybersecurity, first released in 2014 and updated in 2018.
Boards of Directors for public companies across the country are likely to be taking stock of their companys’ cybersecurity practices and strategies after the Securities and Exchange Commission’s adoption of the Cybersecurity Incident Disclosure Rule on July 26. Although the SEC removed the requirement for corporate boards to include members with cybersecurity expertise, it still intends for the Rule to result in greater transparency of companies’ cybersecurity governance and to aid in investor understanding. The Rule presents additional reasons for companies to determine who, if anyone, on their Boards can help with oversight of cybersecurity governance.
As a former Special Agent for the Federal Bureau of Investigation who investigated cybercrimes involving children, I know from experience that the topic of increasing online protections for minors provoked intense debates among law enforcement, social services, parents, and the civil rights communities.
Often the discussions focused on how to preserve the positive impact of the internet while addressing the negative aspects, such as the facilitation of cyber bullying, narcotics trafficking, and various forms of exploitation. While others continue the discussion, Texas has stepped beyond the debate and enacted a new regulatory regime intended to shield certain materials from being viewed by minors, and to limit the collection and usage of their data.
This year has proven to be active in terms of state privacy legislation. In addition to Montana’s Consumer Data Privacy Act, the state has now passed a Genetic Information Privacy Act.
EDITOR’S NOTE: This is part two of “Cyber AI Chronicles” – written by lawyers and named by ChatGPT. This series will highlight key legal, privacy, and technical issues associated with the continued development, regulation, and application of artificial intelligence.
Recent developments in Artificial Intelligence have opened the door to exciting possibilities for innovation. From helping doctors communicate better with their patients to drafting a travel itinerary as you explore new locales (best to verify that all the recommendations are still open!), AI is beginning to demonstrate that it can positively affect our lives.
However, these exciting possibilities also allow malicious actors to abuse the systems and introduce new or “improved” cyber threats.
On July 10, 2023, the European Commission (“EC”) adopted its adequacy decision for the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”).
EDITOR’S NOTE: This is part one of “Cyber AI Chronicles” – written by lawyers and named by ChatGPT. This series will highlight key legal, privacy, and technical issues associated with the continued development, regulation, and application of artificial intelligence.
Artificial Intelligence is not a new concept or endeavor. In October 1950, Alan Turing published “Computing Machinery and Intelligence,” proposing the question: Can machines think? Since then, the concept has been studied at length, with an immediately recognizable example being IBM Watson, which memorably defeated Jeopardy! champions Ken Jennings and Brad Rutter in 2011. AI has been captured and fictionalized in movies, video games, and books. Even if we are not aware of it, AI underlies many technical tools that we use every day.
On Friday, the Sacramento Superior Court issued a ruling delaying the enforcement of recently enacted California Privacy Rights Act regulations until March 2024. The CPRA, which amended the California Consumer Privacy Act, directs the California Privacy Protection Agency to promulgate regulations that further explain and detail the requirements of the CPRA. The agency was supposed to issue regulations by July 1, 2022, with an enforcement date of July 1, 2023. However, the agency did not issue those regulations until March 24, 2023.
Oregon will soon join Iowa, Indiana, Florida, Montana, Texas, and Tennessee in passing a comprehensive data privacy law. On June 25, the Oregon legislature passed the Oregon Consumer Privacy Act. The OCPA has moved to the desk of Gov. Tina Kotek (D), who is expected to sign it into law. Assuming she does, the law will take effect on July 1, 2024.
The Constangy Cyber Advisor posts regular updates on legislative developments, data privacy, and information security trends. Our blog posts are informed through the Constangy Cyber Team's experience managing thousands of data breaches, providing robust compliance advisory services, and consultation on complex data privacy and security litigation.
Subscribe
Contributors
- Suzie Allen
- John Babione
- Bert Bender
- Jason Cherry
- Christopher R. Deubert
- Maria Efaplomatidis
- Sebastian Fischer
- Laura Funk
- Lauren Godfrey
- Taren N. Greenidge
- Chasity Henry
- Julie Hess
- Sean Hoar
- Donna Maddux
- David McMillan
- Ashley L. Orler
- Todd Rowe
- Melissa J. Sachs
- Allen Sattler
- Matthew Toldero
- Alyssa Watzman
- Aubrey Weaver
- Xuan Zhou