Six months after the SEC’s Cybersecurity Incident Disclosure Rule (SEC Rule) came into force, an April 2024 GT Alert summarized disclosure trends. The GT Alert identified that the companies who filed a mandatory form 8-K disclosing a cybersecurity incident had erred on the side of caution, hedged on whether the materiality threshold had been met

On Jan. 16, 2025 the European Data Protection Board (EDPB) published guidelines on the pseudonymization of personal data for public consultation. The Berlin Data Protection Commissioner (BlnBDI) played a leading role in drafting these guidelines (see the German-language BlnBDI press release). The consultation is ongoing, and comments can be submitted until Feb. 28, 2025

On Jan. 15, 2025, the Department of Defense (DoD), General Services Administration, and NASA, all members of the FAR Council, published a proposed FAR CUI Rule under Title 48 of the CFR. This proposed rule amends the Federal Acquisition Regulation (FAR) to implement the third and final piece of the National Archives and Records Administration’s

Cyber criminals constantly develop new ways to steal money from businesses. One common scam targeting law firms and corporate legal departments involves “imposters” pretending to be clients or other parties who are owed payment, then tricking the attorney into paying the imposters. This deception has led to a rise in lawsuits where parties are battling

The European Data Protection Board (EDPB) has recently (re)positioned itself on several controversial topics and published three new guidelines and opinions. Although not legally binding, they do have a significant influence on proceedings before the supervisory authorities and courts. This GT Alert discusses the EDPB’s new guidelines and their implications for companies dealing with personal

On Nov. 12, 2024, the Consumer Financial Protection Bureau (CFPB) released a report examining federal and state privacy protections for consumers’ financial data. In the report, the CFPB “critiques” the privacy protections available under the Gramm-Leach-Bliley Act (GLBA) and the Fair Credit Reporting Act (FCRA), asserting that the federal framework has “limitations.” The CFPB then

On Oct. 22, 2024, the CFPB issued a final rule that will require covered financial institutions to provide consumers and authorized third parties with access and portability options for their financial data. The CFPB’s final rule, called the “Personal Financial Data Rights Rule,” implements Section 1033 of Title X of the Dodd-Frank Act, a to-date

On Aug. 1, 2024, the EU Artificial Intelligence Act (AI Act) entered into force and will gradually take effect over the next 36 months. This marks not only the end of yet another legislative saga within the European Union but also the beginning of a new era in AI regulation. The AI Act creates an

On Oct. 21, 2024, the OMB Office of Information and Regulatory Affairs (OIRA) concluded its regulatory review of the long-awaited Federal Acquisition Regulation Controlled Unclassified Information Rule (FAR CUI Rule), clearing the proposed rule’s path for publication in the Federal Register in 2024.

The FAR CUI Rule is being issued pursuant to Executive Order 13556