Previously, we reported that the Connecticut Senate had unanimously voted to approve Senate Bill 6 (“S.B. No. 6”) on April 20, 2022.

On May 10, 2022, the Connecticut Governor signed into law a Substitute for S.B. No. 6 (“Bill”).

On June 30, 2022, the International Data Corporation (“IDC”) issued a press release announcing that in the first quarter (“Q122”) “spending on compute and storage infrastructure products for cloud deployments, including dedicated and shared environments, increased 17.2% year over year in the first quarter of 2022 (“1Q22”) to $18.3 billion.”

On June 10, 2022, the New York State Supreme Court’s Appellate Division issued a joint order adopting amendments to its continuing education requirements. Under these requirements, attorneys that are newly admitted to the New York State Bar must complete Continuing legal education (“CLE”) requirements, and some of these trainings must now include cybersecurity education.

Data governance is a common imperative for most if not all organizations, and that regulatory imperative has created an industry of tech and tools to assist with cataloging, storing and protecting personal data for organizations.

On August 2, 2022, Acting Comptroller of the Currency Michael J. Hsu made remarks before the Joint Meeting of the Financial and Banking Information Infrastructure Committee and the Financial Services Sector Coordinating Council relating to the use of multifactor authentication.

On July 21, the National Institute of Standards and Technology (NIST) announced that it had updated its cybersecurity guidance for the healthcare industry in order to “help health care organizations protect patients’ personal health information[.]”

On July 20, 2022, the House Committee on Energy and Commerce advanced to the House floor a new federal privacy bill, the American Data Privacy and Protection Act (“ADPPA”).

As we recently reported, the California legislature is currently in the process of implementing the California Privacy Rights Act of 2020 (“CPRA”), which is posed to take effect in January of 2023 and will issue several amendments to the California Consumer Privacy Act of 2018 (“CCPA”), which has been in effect since January 1, 2020. Both of these laws require organizations to train employees on security and data privacy.

On July 11, 2022, the Federal Trade Commission (“FTC” or “Commission”) released a business blog announcing that the Commission was “committed to fully enforcing” the law against illegal use and sharing of “highly sensitive” location, health, and other data.

On June 24, Florida’s governor signed HB 7055 into law, which will amend its State Cybersecurity Act. The Act requires that if a Florida state entity, county, or municipality experiences a ransomware incident, the entity must notify the Florida Department of Law Enforcement’s Cybersecurity Office and the Cybersecurity Operations Center (“CSOC”) within 12 hours. Importantly, the Act also prohibits the entity from paying or otherwise complying with a ransom demand.

On June 16, 2022, the Federal Trade Commission (“FTC”) issued a Report to Congress on Combatting Online Harms Through Innovation. In its report, the FTC warned companies not to “over-rely” on artificial intelligence (“AI”).

According to the SonicWall 2022 Cyber Threat Report, in 2021 the world experienced a 1,885 percent increase in ransomware attacks on governmental entities, and a 104 percent increase in ransomware attacks on North American entities. The increasing prevalence of these attacks certainly warrants a review of your organization’s cybersecurity program and structure.

Previously, Kennedy Sutherland LLP reported on the pre-rulemaking efforts for the Colorado Privacy Act (“CPA”). On June 21, 2022, the Colorado Attorney General (“AG”) announced that it was seeking informal public comment on the CPA prior to initiating its formal rulemaking process.

At the midpoint of 2022, Kennedy Sutherland has pulled together a summary of the regulatory efforts by federal regulators with regards to data privacy and cybersecurity and those we expect to see in the remaining months of 2022.

On June 21, 2022, President Biden signed the State and Local Government Cybersecurity Act of 2021 (“S. 2520” or the “Cybersecurity Act”) and the Federal Rotational Cyber Workforce Program Act (“S. 1097 or the “Cyber Workforce Program Act”) into law.

With the myriad of international and state privacy regulations, many organizations are turning to the use of artificial intelligence (“AI”) to achieve compliance with a myriad of state and national privacy laws.

Recently, Maryland passed two bills that will amend the Maryland Personal Information Protection Act (“PIPA”) breach notification requirements and the scope of businesses subject to these requirements.

Data classification is the process of automatically organizing data collected or generated by an organization into categories so that the data can be accessed and used, tracked, and managed more efficiently.

In this article, we provide you with several considerations an organization should make when properly classifying data.

On June 15, 2022, Senator Elizabeth Warren introduced the “Health and Location Data Protection Act of 2022” (“Act”), which, if passed, would “prohibit data brokers from selling and transferring” consumer location or health data.

On May 20, 2022, the Federal Trade Commission (“FTC”) released an article reminding organizations of “the importance of good incident response and breach disclosure as part of a reasonable information security program, both through cases and business guidance resources.”