Over the past few years, the rate of notable data breaches has risen considerably, and along with that rise has come an increase in class action litigation. In a world where any company can be the next victim of a breach, business leaders and their legal counsel should consider in advance how to protect privilege

The Security Innovation Network (SINET) hosted its 10th Annual SINET Risk Executive Workshop Jan. 29-30, bringing together CISOs and risk executives for an exclusive, invitation-only event. Over the course of two days, participants engaged in thought leadership sessions that explored the evolving role of modern CISOs and risk executives.

GT Shareholder Jena Valdetero, U.S.

Six months after the SEC’s Cybersecurity Incident Disclosure Rule (SEC Rule) came into force, an April 2024 GT Alert summarized disclosure trends. The GT Alert identified that the companies who filed a mandatory form 8-K disclosing a cybersecurity incident had erred on the side of caution, hedged on whether the materiality threshold had been met

On Jan. 16, 2025 the European Data Protection Board (EDPB) published guidelines on the pseudonymization of personal data for public consultation. The Berlin Data Protection Commissioner (BlnBDI) played a leading role in drafting these guidelines (see the German-language BlnBDI press release). The consultation is ongoing, and comments can be submitted until Feb. 28, 2025

On Jan. 15, 2025, the Department of Defense (DoD), General Services Administration, and NASA, all members of the FAR Council, published a proposed FAR CUI Rule under Title 48 of the CFR. This proposed rule amends the Federal Acquisition Regulation (FAR) to implement the third and final piece of the National Archives and Records Administration’s

GT Shareholder David A. Zetoony, co-chair of the firm’s U.S. Data Privacy and Cybersecurity Practice, will present the CLE webinar “The Ethical Issues Involved with Creating a Data Protection Impact Assessment (DPIA)” Jan. 21, 2025. While thousands of companies are required to create, maintain, and update DPIAs, few attorneys have experience creating

  1. Full Steam Ahead: The European Union’s (EU) Artificial Intelligence (AI) Act in Action — As the EU’s landmark AI Act officially takes effect, 2025 will be a year of implementation challenges and enforcement. Companies deploying AI across the EU will likely navigate strict rules on data usage, transparency, and risk management, especially for high-risk AI
  1. Even More States Join the Party — By the end of 2024, almost half of all U.S. states had enacted modern data privacy legislation. That trend will likely continue, particularly since a national data privacy statute may not be a top priority for the new administration.
  2. It’s Time for State Enforcement — Several states have