Data Security

CISA Releases Findings from its AI Pilot Program on Detecting Critical Vulnerabilities

August 8, 2024 By Seol Namgoong and Kim Peretti

On July 28, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) announced that they piloted an Artificial Intelligence (AI)-enabled vulnerability program to help detect and remediate vulnerabilities in the U.S. government’s critical networks, systems, and software, as required by Executive Order (EO) 14110. From late 2023 to early 2024, CISA performed the pilot program to […]

Senate Passes Bill for Kids Online Safety and Privacy Act

August 7, 2024 By Maki DePalo, Jennifer Everett and Hyun Jai Oh

On July 30, 2024, in a 91-3 vote, the U.S. Senate passed the bill for the Kids Online Safety and Privacy Act (the “Bill”). The Bill, which combines the bills for the Kids Online Safety Act (“KOSA”) and the Children and Teens’ Online Privacy Protection Act (“CTOPPA”), aims to expand online safety and privacy protections […]

DOJ Announces $11.3 Million in Settlements for FCA Violations

June 25, 2024 By Kellen Dwyer and Kristen Bartolotta

On Monday, June 17, 2024, the Department of Justice (DOJ) announced a settlement in which two U.S. based consulting companies agreed to pay a combined total of $11.3 million to resolve allegations that they violated the False Claims Act (FCA) by failing to comply with cybersecurity requirements in government contracts. According to the DOJ, the […]

Data Breach Notification Requirements under the Safeguards Rule Now in Effect

June 11, 2024 By Daniel Felz and Dorian Simmons

For years, the Gramm-Leach-Bliley Act (GLBA) has required financial institutions to maintain reasonable safeguards for consumer data, but has only had limited breach-reporting requirements. To the extent financial institutions were subject to breach-reporting obligations, these were set by non-GLBA legislation, such as state law, or by relatively narrow incident-reporting rules under Interagency Guidelines overseen by […]

CISA Posts Notice of Proposed Rulemaking Under CIRCIA

April 7, 2024 By Kim Peretti, Kellen Dwyer and Kristen Bartolotta

On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) published a notice of proposed rulemaking (NPRM) implementing the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). For additional background on CIRCIA, see our prior advisory. CISA is required to issue a final rule by October 4, 2025. Who is required to report covered […]