The privacy-cyber world seems preoccupied with issues related to the nexus between personal data and AI. Those issues, although important, are dwarfed by a more pressing and fundamental question: can we get AI to do useful things reliably and accurately
2024
New York hospitals have new cybersecurity requirements
On October 2, 2024, the New York State Department of Health (DOH) published a new cybersecurity regulation (10 NYCRR 405.46) for all general hospitals licensed pursuant to article 28 of the Public Health Law. Although most of the regulation will…
New York Department of Financial Services addresses cybersecurity risks from artificial intelligence




On October 16, 2024, the New York Department of Financial Services (“NYDFS” or “DFS”) issued guidance raising awareness about combatting cybersecurity risks arising from artificial intelligence (“AI”) used by DFS licensees, such as insurers and virtual currency businesses. Risks revolve…
California and artificial intelligence watermarking law
On September 19, 2024, California enacted another law relating to artificial intelligence, this time relating to watermarking. The new law (SB 942) requires making certain AI detection tools available at no cost to users. The new law does…
Announcing NT Analyzer 2.0: Combating Privacy Risks, Powered by AI


NT Analyzer Refresher: Why Network Traffic Analysis?
Keeping track of where all the data is going can be devilishly difficult for companies, given the increasingly data-centric economy, massive changes in browser/mobile platforms, and the necessary use of a variety of…
Department of Defense proposes requirements for assessing contractor cybersecurity


Background
On August 15, 2024, the Department of Defense (DoD) proposed amending the Defense Federal Acquisition Regulation Supplement (DFARS) to evaluate contractor cybersecurity (Cybersecurity Assessment Proposed Rule). Contractors already need documented, adequate security for handling sensitive information, but the proposed…

Lessons on international transfers to the US to organisations caught by the GDPR
The Dutch data protection authority, the Autoriteit Persoonsgegevens (AP) announced a fine of €290 million on Uber Technologies Inc. (UTI) and Uber B.V.,(UBV) (together Uber) with press releases in Dutch and English. The fine relates to the transfer of…
Security cameras, CAN-SPAM, and “reasonable or appropriate security”


On August 30, 2024, the Federal Trade Commission (FTC) announced a proposed settlement with security camera manufacturer Verkada Inc., claiming Verkada committed a variety of unfair or deceptive acts or practices in violation of § 5 of the Federal Trade…
Bill-72: New health data transfer legislation proposed in Canada
The Government of Canada recently introduced Bill-72, the Connected Care for Canadians Act (Act), to promote the secure transfer of health information and prevent data blocking. The Act is designed to support the government’s initiative to establish an interoperable healthcare…