As companies manage or store increasing amounts of data, cybersecurity and data privacy issues and obligations transcend geographies to become huge assets or liabilities. The costs associated with a data breach or other cybersecurity event can be devastating, and thus protecting organizations from a breach has become the responsibility of senior executives and directors. Every company must implement appropriate safeguards and best practices to protect data, comply with the many regulations and statutes, and minimize risks. The failure to follow proper cybersecurity and data privacy protocols can expose an organization to significant liability.
–
| Date | Title |
|---|---|
| June 2026 | Defense Contractors Take Notice: The Cybersecurity Requirements of the CMMC are Now Effective Many defense contractors are already aware that the U.S. Department of Defense (DoD) has implemented robust cybersecurity requirements for defense contractors that handle controlled unclassified information (CUI) and federal contract information (FCI). However, they may not be aware of those specific requirements and the risks of noncompliance. This short article provides a basic overview. |
| April 2026 | ‘United States v. Heppner’: Generative AI and its Pitfalls for the Attorney Client Privilege and Work Product Doctrine In United States v. Heppner, a court held that communications with public AI tools are not automatically protected by attorney-client privilege or the work product doctrine. The decision highlights the importance of understanding AI privacy risks and seeking legal guidance when using AI for legal matters. |
| April 2026 | U.S. Privacy and AI Regulations: What International Companies Need to Know Although there is no comprehensive federal data privacy or AI law, states continue to expand regulation in these areas. The White House has proposed a national framework, but any federal legislation would require congressional approval. For now, businesses must navigate a patchwork of state laws while monitoring potential federal action. |
| August 2025 | The “Protecting Americans’ Data from Foreign Adversaries Act” and DOJ “Data Security Program” – Important Updates On April 11, 2025, the DOJ issued a Compliance Guide for the Data Security Program (DSP) to help organizations comply with PADFAA and related data security requirements. These rules are designed to prevent foreign adversaries from accessing sensitive U.S. government and personal data, and violations can result in significant penalties. Businesses with ties to certain foreign countries should ensure compliance, as the FTC has indicated that PADFAA enforcement will be a priority. |
| March 2025 | Right to Repair Tech Begins to Feel the Effect of Trump Policies and Tariffs Beginning early in 2025, several developments under the second Trump administration have affected the right to repair for digital electronic devices by both independent repair shops and individual consumers. These changes have already had an impact by offering consumers more choices regarding their digital electronic devices while simultaneously making repairs harder to access and afford. |
| March 2025 | Cybersecurity Risk Management Enforcement – Pendulum Swings The SEC recently created the Cyber and Emerging Technologies Unit (CETU) to address fraud involving cybersecurity, digital assets, and emerging technologies such as AI. For public companies, the unit will focus on cyber-related misconduct, including fraudulent cybersecurity disclosures. This emphasis on fraudulent disclosures may signal a shift in the SEC’s enforcement approach. |
| February 2025 | AI: The Murky Regulatory Outlook . . .and What’s Next Writing for The New York Law Journal, Matthew D. Dunn, Chair of Carter Ledyard’s Cybersecurity & Data Privacy practice, explores the evolving regulatory landscape surrounding artificial intelligence within the U.S. and the European Union. |
| February 2025 | Moves Toward Coherent Regulation of Crypto Products The Trump Administration has begun the process of determining how cryptocurrencies and other blockchain-based products can be regulated in an orderly manner. Previously (and currently) different regulatory bodies have asserted jurisdiction over various crypto products, sometimes inconsistently. |
| January 2025 | Trump, Tariffs And Tech: The Right To Repair In 2025 The “right-to-repair” movement has been responsible for various states’ laws aimed at making it easier for independent repair shops and individual consumers to repair digital devices, among other electronics and components, by requiring that manufacturers provide diagnostic and repair information, parts and tools to independent repair shops, third-party providers and consumers. |
| November 2024 | LatAm Linked Fall 2024 Issue Vol. II Welcome to the newest issue of our newsletter devoted to legal updates that affect clients throughout Latin America with operations or investments in the United States. In this issue we bring you thought leadership from practice areas such as intellectual property, AI and Cybersecurity, and Cannabis, Hemp & CBD. |
| October 2024 | Tech Terms: Exploring the Expanding Digital Frontier Understanding Tech Terms: Cybersecurity, Data Privacy, Cryptocurrency, and AI — Part VI This installment of the Tech Terms series breaks down emerging concepts in AI, cybersecurity, data privacy, and cryptocurrency, helping readers understand the technologies and risks shaping today’s digital landscape. |
| July 2024 | Employment Audits: Potential Liability for the Use of AEDTs Federal Court Decision Identifies Employer Liability for Use of Automated Employment Decision-Making Tools. A recent federal court decision highlights potential employer liability for the use of AI and automated tools in employment decisions. |
| July 2024 | Cybersecurity and the Growing Landscape of Data Privacy Laws Privacy Law Patchwork Expands: Two New State Laws Join the Data Protection Mosaic. Texas and Oregon enacted new consumer privacy laws effective July 1, 2024, expanding the growing patchwork of state data protection regulations. |
| May 2024 | SEC Adopts Cybersecurity-Related Amendments to Regulation S-P for Market Participants The SEC has now adopted proposed cybersecurity-related requirements for certain market intermediaries from fourtheen months ago, formally requiring such covered entities to adopt written policies and procedures to prepare for and address cybersecurity incidents. The mandate principally comes from amendments to Regulation S-P. |
| January 2024 | New Cybersecurity Disclosure Rules for Public Companies: Update As we previously reported in July 2023, the U.S. Securities and Exchange Commission (the “SEC”) adopted new cybersecurity disclosure rules for public companies. As the heavy annual reports season approaches, we wanted to provide this reminder and update and to point out some recent clarifications from the SEC on several matters that we had previously highlighted. |
| January 2024 | Digital Right to Repair Expands to Influential State of California New York pioneered right-to-repair legislation with the New York Digital Fair Repair Act (NY DFRA) in 2023, prompting similar acts in Minnesota and California. The California Right to Repair Act, effective from July 1, 2024, surpasses NY DFRA by imposing broader requirements on original equipment manufacturers (OEMs), mandating them to provide replacement parts, tools, and documentation to product owners and repair facilities for a specified period, irrespective of whether an authorized repair provider exists. |
| January 2024 | Understanding Tech Terms: AI, Cybersecurity, Crypto, and Data Privacy — Part V The fifth installment in a series of terms and definitions that will help non-techies navigate the terminology associated with this area. |
| December 2023 | New York DFS Finalizes Amendment to its Cybersecurity Regulations New York DFS adopted its long awaited Second Amendment to Cybersecurity Regulations, introducing a “Senior Governing Body,” stricter compliance for “Class A” companies, and additional reporting for Chief Information Security Officers, emphasizing the need for covered entities to promptly assess and implement measures to ensure compliance. |
| November 2023 | New York City Seeking to Expand its Biometric Data Collection Law New York City has proposed amendments to its Biometric Identifier Information Law, expanding coverage to all public places, regulating the use of biometric recognition technology with written consent requirements, and prohibiting landlords from using such technology to identify tenants or guests. |
| August 2023 | Latent Ambiguities in New York’s Digital Fair Repair Act as Finally Enacted New York has passed the Digital Fair Repair Act (DFRA), making it the first state to enact right-to-repair legislation for digital electronic devices, requiring manufacturers to provide replacement parts, tools, and documentation to independent repair shops and individuals on fair and reasonable terms, however questions remain about the interpretation of certain provisions, including a lookback period starting on July 1, 2023. |
| July 2023 | SEC Adopts New Cybersecurity Disclosure Rules for Public Issuers This article discusses the SEC’s new cybersecurity rules for public companies, necessitating prompt disclosure of material cybersecurity incidents, annual reporting on cybersecurity risk management, and the addition of specific disclosure items in Form 8-K and Form 10-K filings. |
| July 2023 | Understanding Tech Terms: Cybersecurity, Crypto, and Data Privacy — Part IV The fourth installment in a series of terms and definitions that will help non-techies navigate the terminology associated with this area. |
| June 2023 | The Growing Risks of Collecting and Using Biometric Data: Regulations in New York and Elsewhere This advisory is important to clients that are subject to NYS statutes that store or use data. A reported 79% of companies are employing biometric tech (bypassing passwords for things like payment security). |
| May 2023 | No Way Out: Antitrust Considerations Buttress Right To Repair Statutes The right to repair landscape is constantly changing, and a flurry of developments highlight a nationwide shift to require OEMs manufacturing products that depend on digital and electronic components to change how they provide diagnostic information, equipment, tools, and replacement parts in their relevant markets. |
| May 2023 | StableCoins Are (Not Just Similar To) Money Market Funds Our article discusses a correlation of the proposition that digital assets are investment contracts and therefore are securities, namely that pools of digital assets are investment companies, as defined in the Investment Company Act of 1940. |
| May 2023 | Understanding Tech Terms: Cybersecurity, Crypto, and Data Privacy — Part III The third installment in a series of terms and definitions that will help non-techies navigate the terminology associated with this area. |
| April 2023 | SEC Addresses Cybersecurity Market Risks, Controls and Disclosures for Market Participants Through Proposed New Rules and Amendments The SEC has proposed rigorous regime changes for a wide range of market participants that maintain data about investors. This flurry of rulemaking activity by the SEC is intended to address cybersecurity and technology risks and their implications for the markets. |
| April 2023 | Understanding Tech Terms: Cybersecurity, Crypto, and Data Privacy — Part II The second installment in a series of terms and definitions that will help non-techies navigate the terminology associated with this area. |
| January 2023 | Understanding Tech Terms: Cybersecurity, Crypto, and Data Privacy — Part I The first installment in a series of terms and definitions that will help non-techies navigate the terminology associated with this area. |
Watch our SHIELD Act Video Series: