• Skip to content
  • Skip to primary sidebar

Carter Ledyard & Milburn LLP

  • Professionals
  • Practices
  • Industries
  • News & Events
  • Thought Leadership
  • Looking Ahead
  • Insights and Multimedia
  • Our Firm
Stay Connected
Stay Connected

Cyber

Print Email

As companies manage or store increasing amounts of data, cybersecurity and data privacy issues and obligations transcend geographies to become huge assets or liabilities. The costs associated with a data breach or other cybersecurity event can be devastating, and thus protecting organizations from a breach has become the responsibility of senior executives and directors. Every company must implement appropriate safeguards and best practices to protect data, comply with the many regulations and statutes, and minimize risks. The failure to follow proper cybersecurity and data privacy protocols can expose an organization to significant liability.

–

DateTitle
June 2026Defense Contractors Take Notice: The Cybersecurity Requirements of the CMMC are Now Effective
Many defense contractors are already aware that the U.S. Department of Defense (DoD) has implemented robust cybersecurity requirements for defense contractors that handle controlled unclassified information (CUI) and federal contract information (FCI). However, they may not be aware of those specific requirements and the risks of noncompliance. This short article provides a basic overview.
April 2026‘United States v. Heppner’: Generative AI and its Pitfalls for the Attorney Client Privilege and Work Product Doctrine
In United States v. Heppner, a court held that communications with public AI tools are not automatically protected by attorney-client privilege or the work product doctrine. The decision highlights the importance of understanding AI privacy risks and seeking legal guidance when using AI for legal matters.
April 2026U.S. Privacy and AI Regulations: What International Companies Need to Know
Although there is no comprehensive federal data privacy or AI law, states continue to expand regulation in these areas. The White House has proposed a national framework, but any federal legislation would require congressional approval. For now, businesses must navigate a patchwork of state laws while monitoring potential federal action.
August 2025The “Protecting Americans’ Data from Foreign Adversaries Act” and DOJ “Data Security Program” – Important Updates
On April 11, 2025, the DOJ issued a Compliance Guide for the Data Security Program (DSP) to help organizations comply with PADFAA and related data security requirements. These rules are designed to prevent foreign adversaries from accessing sensitive U.S. government and personal data, and violations can result in significant penalties. Businesses with ties to certain foreign countries should ensure compliance, as the FTC has indicated that PADFAA enforcement will be a priority.
March 2025Right to Repair Tech Begins to Feel the Effect of Trump Policies and Tariffs
Beginning early in 2025, several developments under the second Trump administration have affected the right to repair for digital electronic devices by both independent repair shops and individual consumers. These changes have already had an impact by offering consumers more choices regarding their digital electronic devices while simultaneously making repairs harder to access and afford.
March 2025Cybersecurity Risk Management Enforcement – Pendulum Swings
The SEC recently created the Cyber and Emerging Technologies Unit (CETU) to address fraud involving cybersecurity, digital assets, and emerging technologies such as AI. For public companies, the unit will focus on cyber-related misconduct, including fraudulent cybersecurity disclosures. This emphasis on fraudulent disclosures may signal a shift in the SEC’s enforcement approach.
February 2025AI: The Murky Regulatory Outlook . . .and What’s Next
Writing for The New York Law Journal, Matthew D. Dunn, Chair of Carter Ledyard’s Cybersecurity & Data Privacy practice, explores the evolving regulatory landscape surrounding artificial intelligence within the U.S. and the European Union.
February 2025Moves Toward Coherent Regulation of Crypto Products
The Trump Administration has begun the process of determining how cryptocurrencies and other blockchain-based products can be regulated in an orderly manner. Previously (and currently) different regulatory bodies have asserted jurisdiction over various crypto products, sometimes inconsistently.
January 2025Trump, Tariffs And Tech: The Right To Repair In 2025
The “right-to-repair” movement has been responsible for various states’ laws aimed at making it easier for independent repair shops and individual consumers to repair digital devices, among other electronics and components, by requiring that manufacturers provide diagnostic and repair information, parts and tools to independent repair shops, third-party providers and consumers.
November 2024LatAm Linked Fall 2024 Issue Vol. II
Welcome to the newest issue of our newsletter devoted to legal updates that affect clients throughout Latin America with operations or investments in the United States. In this issue we bring you thought leadership from practice areas such as intellectual property, AI and Cybersecurity, and Cannabis, Hemp & CBD.
October 2024Tech Terms: Exploring the Expanding Digital Frontier
Understanding Tech Terms: Cybersecurity, Data Privacy, Cryptocurrency, and AI — Part VI
This installment of the Tech Terms series breaks down emerging concepts in AI, cybersecurity, data privacy, and cryptocurrency, helping readers understand the technologies and risks shaping today’s digital landscape.
July 2024Employment Audits: Potential Liability for the Use of AEDTs
Federal Court Decision Identifies Employer Liability for Use of Automated Employment Decision-Making Tools. A recent federal court decision highlights potential employer liability for the use of AI and automated tools in employment decisions.
July 2024Cybersecurity and the Growing Landscape of Data Privacy Laws
Privacy Law Patchwork Expands: Two New State Laws Join the Data Protection Mosaic. Texas and Oregon enacted new consumer privacy laws effective July 1, 2024, expanding the growing patchwork of state data protection regulations.
May 2024SEC Adopts Cybersecurity-Related Amendments to Regulation S-P for Market Participants
The SEC has now adopted proposed cybersecurity-related requirements for certain market intermediaries from fourtheen months ago, formally requiring such covered entities to adopt written policies and procedures to prepare for and address cybersecurity incidents. The mandate principally comes from amendments to Regulation S-P.
January 2024New Cybersecurity Disclosure Rules for Public Companies: Update
As we previously reported in July 2023, the U.S. Securities and Exchange Commission (the “SEC”) adopted new cybersecurity disclosure rules for public companies. As the heavy annual reports season approaches, we wanted to provide this reminder and update and to point out some recent clarifications from the SEC on several matters that we had previously highlighted.
January
2024
Digital Right to Repair Expands to Influential State of California
New York pioneered right-to-repair legislation with the New York Digital Fair Repair Act (NY DFRA) in 2023, prompting similar acts in Minnesota and California. The California Right to Repair Act, effective from July 1, 2024, surpasses NY DFRA by imposing broader requirements on original equipment manufacturers (OEMs), mandating them to provide replacement parts, tools, and documentation to product owners and repair facilities for a specified period, irrespective of whether an authorized repair provider exists.
January
2024
Understanding Tech Terms: AI, Cybersecurity, Crypto, and Data Privacy — Part V
The fifth installment in a series of terms and definitions that will help non-techies navigate the terminology associated with this area.
December
2023
New York DFS Finalizes Amendment to its Cybersecurity Regulations
New York DFS adopted its long awaited Second Amendment to Cybersecurity Regulations, introducing a “Senior Governing Body,” stricter compliance for “Class A” companies, and additional reporting for Chief Information Security Officers, emphasizing the need for covered entities to promptly assess and implement measures to ensure compliance.
November
2023
New York City Seeking to Expand its Biometric Data Collection Law
New York City has proposed amendments to its Biometric Identifier Information Law, expanding coverage to all public places, regulating the use of biometric recognition technology with written consent requirements, and prohibiting landlords from using such technology to identify tenants or guests.
August
2023
Latent Ambiguities in New York’s Digital Fair Repair Act as Finally Enacted
New York has passed the Digital Fair Repair Act (DFRA), making it the first state to enact right-to-repair legislation for digital electronic devices, requiring manufacturers to provide replacement parts, tools, and documentation to independent repair shops and individuals on fair and reasonable terms, however questions remain about the interpretation of certain provisions, including a lookback period starting on July 1, 2023.
July
2023
SEC Adopts New Cybersecurity Disclosure Rules for Public Issuers
This article discusses the SEC’s new cybersecurity rules for public companies, necessitating prompt disclosure of material cybersecurity incidents, annual reporting on cybersecurity risk management, and the addition of specific disclosure items in Form 8-K and Form 10-K filings.
July
2023
Understanding Tech Terms: Cybersecurity, Crypto, and Data Privacy — Part IV
The fourth installment in a series of terms and definitions that will help non-techies navigate the terminology associated with this area.
June 2023The Growing Risks of Collecting and Using Biometric Data: Regulations in New York and Elsewhere
This advisory is important to clients that are subject to NYS statutes that store or use data. A reported 79% of companies are employing biometric tech (bypassing passwords for things like payment security).
May 2023
No Way Out: Antitrust Considerations Buttress Right To Repair Statutes
The right to repair landscape is constantly changing, and a flurry of developments highlight a nationwide shift to require OEMs manufacturing products that depend on digital and electronic components to change how they provide diagnostic information, equipment, tools, and replacement parts in their relevant markets.
May 2023
StableCoins Are (Not Just Similar To) Money Market Funds
Our article discusses a correlation of the proposition that digital assets are investment contracts and therefore are securities, namely that pools of digital assets are investment companies, as defined in the Investment Company Act of 1940.
May 2023Understanding Tech Terms: Cybersecurity, Crypto, and Data Privacy — Part III
The third installment in a series of terms and definitions that will help non-techies navigate the terminology associated with this area.
April 2023SEC Addresses Cybersecurity Market Risks, Controls and Disclosures for Market Participants Through Proposed New Rules and Amendments
The SEC has proposed rigorous regime changes for a wide range of market participants that maintain data about investors. This flurry of rulemaking activity by the SEC is intended to address cybersecurity and technology risks and their implications for the markets.
April 2023Understanding Tech Terms: Cybersecurity, Crypto, and Data Privacy — Part II
The second installment in a series of terms and definitions that will help non-techies navigate the terminology associated with this area.
January 2023Understanding Tech Terms: Cybersecurity, Crypto, and Data Privacy — Part I
The first installment in a series of terms and definitions that will help non-techies navigate the terminology associated with this area.

Watch our SHIELD Act Video Series:

sidebar

Contacts

  • Matthew D. Dunn

    D/212-238-8706
    mdunn@clm.com
  • John M. Griem, Jr.

    D/212-238-8659
    griem@clm.com
  • Practical Drafting
  • Nonprofit Boards & Bylaws
  • All Things Cannabis
  • Local Law 97
  • Tax Tête-à-tête Podcast
  • Cyber
  • M&A Talk
  • Leveraging Artificial Intelligence
  • Virtual Asset Regulation
  • CLM/Women
  • Securities Law Resource Center
  • Navigating Non-Competes
Copyright © 2026 Carter Ledyard & Milburn LLPPowered by Content Pilot
  • Sitemap
  • Disclaimer
  • Cookie Policy
  • Privacy Policy
  • Subscribe
  • Contact

Meritas

Meritas.org Logo

Legal Link

Legal link dot org logo
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you agree.
You can revoke your consent any time using the Revoke consent button.