• |

    Jan. 15, 2025

Five Steps for Effective Board Oversight on Cybersecurity Breach Response

New cybersecurity regulations, along with an uptick in post-breach regulatory enforcement actions and civil litigation, continue to push corporate boards toward more active oversight of their organizations’ cybersecurity risks and programs. This increasing pressure leaves some boards questioning how and to what extent they should be involved in responding to significant cybersecurity incidents. In this guest article, Alston & Bird partners Kim Peretti and Cara Peterman, and senior associate Lance Taubin, address the evolving regulatory and litigation landscape impacting the board’s cyber-risk governance and the role of boards in overseeing breach response and related disclosures. They also offer five steps for effective board oversight of cybersecurity incident response. See “Twelve Steps for Engaging the Board of Directors and Implementing a Long-Term Cybersecurity Plan” (Sep. 16, 2020).

Children’s Privacy Grows Up: Examining New Laws That Now Protect Older Teens

Children’s online privacy is not just for tweens and half-pints anymore. Several state laws, both general and youth-specific, have strengthened data protection for minors up to age 18. This first article in a two-part series discusses the key pacesetter laws that emerged in 2024 to regulate minors’ online activities and examines the most significant trends shaping this increasingly difficult compliance area, with insights from experts at BakerHostetler, Entertainment Software Rating Board, Loeb & Loeb and SuperAwesome. Part two will provide practical advice on how companies can navigate the new and multi-layered legal constraints on teen privacy and safety. See our two-part series on the FTC’s NGL Labs settlement: “Key Violations and Settlement Terms” (Sep. 18, 2024), and “Compliance Lessons” (Sep. 25, 2024).

Navigating Ever-Increasing State AI Laws and Regulations

Recognizing individuals’ concerns about the potential for AI systems to yield erroneous or discriminatory outcomes or decisions, U.S. states have rushed to adopt applicable laws and regulations, relevant especially to systems deemed to involve certain high-risk functions like financial or employment-related decision-making. This article, distilling insights offered during a Husch Blackwell presentation, surveys the huge volume of AI-related legislation introduced and adopted, and regulations and guidance issued, in 2024. It also offers an outlook on AI legal and regulatory efforts expected in 2025, including proposed California regulations pertaining to automated decision-making technology and a Texas AI law focused on high-risk systems. See our two-part series on how to manage AI procurement: “Leadership and Preparation” (Sep. 18, 2024), and “Five Steps” (Oct. 2, 2024); as well as “AI Governance Strategies for Privacy Pros” (Apr. 17, 2024).

ZwillGen Launches AI Division in Washington, D.C.

ZwillGen has welcomed Brenda Leong and Jey Kumarasamy to its newly created AI division in Washington, D.C. Leong, the division’s director, and Kumarasamy, its legal director, arrive from Luminos.Law LLP as part of a group acquisition including lawyers, data scientists, proprietary processes and technology. For commentary from Leong, see “Deciphering California’s Pioneering Mandate for an AI Nutrition Label” (Oct. 16, 2024). For commentary from Kumarasamy, see our two-part series on New York City’s law requiring AI bias audits: “What Five Companies Published – and How Others Avoid It” (Sep. 13, 2023), and “A Best Practice Guide, From Choosing an Auditor to Avoiding Enforcement” (Sep. 20, 2023). For insights from ZwillGen, see our two-part series on the FTC’s NGL Labs settlement: “Key Violations and Settlement Terms” (Sep. 18, 2024), and “Compliance Lessons” (Sep. 25, 2024).

Most-Read Articles

Cybersecurity Awareness Month

Read the full brief here.

We Celebrate Data Privacy Day 2024

Read the full brief here.