Monthly Archives: April 2023

Fintech Companies Prepare for Forthcoming Updates to the NY Cybersecurity Regulation

Proposed Amendments to 23 NYCRR Part 500

If you are the chief information security officer (“CISO”) of a fintech company operating in New York, you may already be aware that, on November 9, 2022, the New York State Department of Financial Services (“DFS”) proposed a second amendment to 23 NYCRR Part 500 (the “DFS Cybersecurity Regulation”).… More

Chris Hart Discusses the US National Cybersecurity Strategy with SecurityWeek

Privacy & Data Security Practice co-chair Chris Hart spoke to SecurityWeek about the Biden administration’s National Cybersecurity Strategy and government intentions for the future of U.S. cybersecurity.

Read the full article here. More

Things We Learned at the 2023 IAPP Global Privacy Summit

The International Association of Privacy Professionals held its annual Global Privacy Summit on April 4-5 in Washington, D.C. Here are some things we learned.

Generative Artificial Intelligence (“AI”) is Ubiquitous in the Privacy Community.
- Organizations are scrambling to deploy generative AI tools. Given the huge volume of data needed to train the large language models (“LLMs”) powering these tools, chief privacy officers (“CPOs”) are being tapped to lead their organization’s efforts regarding AI governance and ethical uses of AI.…

HHS Office for Civil Rights Announces the Expiration of COVID-19 Public Health Emergency HIPAA Enforcement Discretion

Like many regulatory standards, enforcement of HIPAA was relaxed as part of the COVID-19 pandemic response. With the end of the public health emergency declaration on May 11, 2023, the broad relaxed HIPAA enforcement also will be coming to an end.

“OCR exercised HIPAA enforcement discretion throughout the COVID-19 public health emergency to support the health care sector and the public in responding to this pandemic,” said Melanie Fontes Rainer,… More

Colorado’s Newly Released Data Privacy Regulations Get Specific Regarding Design and Technical Specifications

We have written previously regarding Colorado’s adoption of the Colorado Privacy Act (CPA)—describing its provision of consumer data rights, how it may function within the context of the cannabis industry, and how business might consider the law as they renew their insurance coverage. And all this before the state released regulations accompanying the CPA.

On March 15, 2023, the Colorado Attorney General filed the final rules implementing the CPA to go into effect July 1,… More