When ChatGPT crossed 100 million users in early 2023, it became the fastest-growing consumer application in history. It also became one of the most consequential unresolved data privacy questions of the year. By default, conversations with ChatGPT are used to train future models. Users who paste in sensitive information — internal business documents, patient information, […]
In July 2023, the Securities and Exchange Commission adopted new rules requiring public companies to disclose material cybersecurity incidents within four business days of determining they are material. The rules also require annual disclosures describing a company’s cybersecurity risk management program, governance, and the board’s oversight of cyber risk. The four-day clock is aggressive. Many […]
In July 2023, the European Commission formally adopted the EU-US Data Privacy Framework, establishing a new legal mechanism for transferring personal data from the European Union to the United States. The Framework replaces the Privacy Shield arrangement that was invalidated by the Court of Justice of the European Union in 2020. Under the new agreement, […]
In late May 2023, a zero-day vulnerability in MOVEit Transfer — a widely used managed file transfer software — was exploited by a ransomware group known as Cl0p. Within weeks, the breach had cascaded across hundreds of organizations: federal agencies, state governments, universities, financial institutions, and healthcare providers. The scale was staggering. The breach eventually […]
The FTC Is Watching What Health Apps Do With Your Data The Federal Trade Commission made its position clear in early 2023: health apps that share sensitive user data without proper consent are violating the law. The agency issued warning letters to several digital health companies and followed up with enforcement action against GoodRx, which […]
In 2023, five comprehensive state privacy laws go live: California’s CPRA (the updated CCPA), Virginia’s CDPA, Colorado’s CPA, Connecticut’s CTDPA, and Utah’s UCPA. Each law gives consumers new rights — the right to access their data, correct it, delete it, and opt out of its sale or use in targeted advertising. The laws vary in […]