The Office of the National Cyber Director Releases 2024 Report on Cybersecurity Posture

By Trisha Sircar

On May 7, the Office of the National Cyber Director (ONCD) released the 2024 Report on the Cybersecurity Posture of the United States (the Report). The Report outlines the top trends of 2023, which include evolving risks to critical infrastructure, ransomware, supply chain exploitation and commercial spyware, as well as multiple actions taken by the federal government related to artificial intelligence during the reporting period. Read more about the government's actions last year and its approach to emergent challenges.

Canada's Privacy Regulator Launches New Tools for Data Breach Reporting

By Trisha Sircar

On May 24, the Office of the Information and Privacy Commissioner of Canada issued new guidance relating to data breach reporting for federal institutions and businesses, along with new and updated online breach reporting forms to streamline processes for efficiency. Read more about the new forms for federal institutions and businesses.

Minnesota Becomes the Next State to Enact a Comprehensive Data Protection Law

By Trisha Sircar

On May 24, Minnesota Governor Tim Walz signed the Minnesota Consumer Data Privacy Act (MCDPA), which will go into effect on July 31, 2025. The law applies to entities that, within a calendar year, control or process the personal data of at least 100,000 Minnesota residents or derive over 25 percent of their gross revenue from selling personal data. The law also applies to entities that process or control the personal data of at least 25,000 Minnesota residents within a calendar year. Read more about the rights provided to Minnesota residents under the same law, including access to personal data.

The European Data Protection Supervisor Issues Guidelines for Generative Artificial Intelligence

By Trisha Sircar

On June 3, the European Data Protection Supervisor (EDPS) published guidelines on generative artificial intelligence (AI) and personal data for EU institutions, bodies and agencies. The guidelines aim to help these organizations comply with the data protection obligations set out in Regulation (EU) 2018/1725 when using or developing generative AI tools. These guidelines are issued as part of the EDPS's data protection authority role and do not provide an interpretation of the AI Act. Read more about the data processing scenarios covered by the new guidelines.

Danette Edwards Talks SEC Cyber News and CISO Challenges With the Gula Tech Adventures Podcast

Partner and Securities Enforcement Defense Co-Chair Danette Edwards was a guest on the Gula Tech Adventures podcast, where she discussed new SEC regulations regarding cybersecurity requirements for public companies and regulated entities. Danette provided insights into the implications of these rules for Chief Information Security Officers (CISOs) and touched upon key SEC cases in the cyber arena, including the bellwether SolarWinds litigation and a settled case involving ICE and the New York Stock Exchange. Read more about important subjects for CISOs and listen to the full episode here.

