Data Security

Green Light for the Enforcement of NIS 2 in Limited EU Countries Only

October 17, 2024 By Wim Nauwelaerts, Kelly Hagedorn and Alice Portnoy

EU Member States had until today, October 17, 2024, to transpose the Network and Information Security (NIS) 2 Directive into their national laws. As Directives are not directly applicable in EU Member States, the EU legislator required all 27 Member States to incorporate into their local laws the requirements of NIS 2 and to make […]

Department of Justice Intervenes in Cybersecurity Qui Tam Action Against Georgia Tech

August 30, 2024 By Kim Peretti, Andrew Liebler, Kellen Dwyer and Andrew Rice

On Thursday, August 22, 2024, the United States Department of Justice (“DOJ”) filed a Complaint-In-Intervention in the case of United States of America ex rel. Christopher Craig and Kyle Koza, v. Georgia Tech Research Corp. and Board of Regents of the University System of Georgia (d/b/a the Georgia Institute of Technology) (United States v. Georgia […]

New York AG Seeks Comments on Rulemaking for Minors’ Online Protection Laws

August 12, 2024 By Maki DePalo, Dorian Simmons and Hyun Jai Oh

On August 1, 2024, New York Attorney General (“AG”) Letitia James issued two advanced notices of proposed rulemaking (“ANPRs”) for the Stop Addictive Feeds Exploitation (SAFE) for Kids Act (the “SAFE Act”) and the Child Data Protection Act (the “CDPA”), both of which New York Governor Kathy Hochul signed into law on June 20, 2024. […]

6th Circuit Upholds 20-year Sentence of Chinese Spy, Convicted of Espionage Crimes, Attempting to Steal Trade Secrets

August 12, 2024 By Kellen Dwyer and Grace Hochstatter

On August 7, 2024, the 6th Circuit upheld a Chinese spy’s twenty-year prison sentence for attempting to steal aviation trade secrets from General Electric (GE). Yanjun Xu, a deputy director in China’s Ministry of State Security, was responsible for trying to steal aviation-related proprietary information. He spent years inviting Western aviation experts to China, attempting […]

Dutch Data Protection Authority Warns that Using AI Chatbots Can Lead to Personal Data Breaches

August 9, 2024 By Wim Nauwelaerts

On August 6th, the Dutch Data Protection Authority (DPA) issued guidance cautioning companies about the potential data protection risks associated with the use of Artificial Intelligence (AI)-powered chatbots. In its guidance, the DPA reports that it has recently received several notifications of personal data breaches caused by employees sharing personal data with a chatbot that […]