Alston & Bird Privacy, Cyber & Data Strategy Blog

CISA Revives CIRCIA Rulemaking

March 2, 2026 By Kim Peretti, Lance Taubin and Scott Hilsen

Almost two years after seeking stakeholder input about a final rule under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), the Cybersecurity and Infrastructure Security Agency (CISA) announced that it will hold virtual town hall meetings for certain industry sectors in March and April 2026 to solicit additional input on the Notice of Proposed Rulemaking (NPRM). Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Rulemaking; Town Hall Meetings. As noted … [Read more] about CISA Revives CIRCIA Rulemaking

Genetic Goldmine or Legal Landmine? Tempus AI Confronts GIPA Exposure

February 26, 2026 By Sara Pullen and John Lesko

On February 13, 2026, a putative class filed a Complaint in the U.S. District Court for the Northern District of Illinois alleging that Tempus AI, Inc. (“Tempus AI”) violated the Illinois Genetic Information Privacy Act (410 ILCS 513/1 et seq., … [Read more] about Genetic Goldmine or Legal Landmine? Tempus AI Confronts GIPA Exposure

FTC Sends Letters Reminding Data Brokers of their Obligations under PADFAA

February 25, 2026 By Jennifer Everett, Daniel Felz, Alex Brown and Santi Villar

On February 9, 2026, the Federal Trade Commission (“FTC”) sent letters to thirteen data brokers reminding them of their obligations to comply with the Protecting Americans’ Data from Foreign Adversaries Act of 2024 (“PADFAA”). We previously wrote an … [Read more] about FTC Sends Letters Reminding Data Brokers of their Obligations under PADFAA

Spanish DPA Releases Agentic AI Guidance

February 23, 2026 By Alice Portnoy and Wim Nauwelaerts

On 18 February 2026, the Spanish Data Protection Authority (Agencia Española de Protección de Datos or ‘AEPD’) published an 81‑page guidance document on the privacy aspects of AI systems operating as agents - commonly referred to as ‘agentic AI’. The … [Read more] about Spanish DPA Releases Agentic AI Guidance

Federal Court Rules using AI Tools can Waive Privilege, Even if Privileged Information is Input into Them

February 16, 2026 By Daniel Felz, Dorian Simmons and Christian Seremetis

On February 10, 2026, the U. S. District Court for the Southern District of New York held that a criminal defendant could not claim attorney-client privilege over documents he produced using a commercially available artificial intelligence (“AI”) … [Read more] about Federal Court Rules using AI Tools can Waive Privilege, Even if Privileged Information is Input into Them