This week on Cyber Matters, Tanner Wilburn and Katherine Kennelly cover a wide range of cybersecurity, privacy, and regulatory news. The episode begins with a discussion of the Department of Commerce's final determination prohibiting Kaspersky Lab from providing antivirus software and cybersecurity services in the United States.
Tanner then delves into the ongoing challenges with the SEC's cyber disclosure rules that went into effect in December 2023. Many companies have been using cautious language in their Form 8-K filings, often stating that they have not yet determined the materiality of cyber incidents. The SEC has issued further clarifications, including guidance on how companies should assess and disclose ransomware attacks.
Katherine discusses the American Privacy Rights Act, which was unexpectedly pulled from a congressional hearing. The pair then covers the Protecting Americans' Data from Foreign Adversaries Act (PADFA), which took effect on June 23. This act establishes new restrictions on data brokers transferring sensitive personal data to foreign adversary countries, enforced by the Federal Trade Commission (FTC).
Tanner and Katherine cover several significant court decisions. These include a ruling from the Northern District of Texas in American Hospital Association v. Becerra, which challenged the Department of Health and Human Services' definition of individually identifiable health information. The Supreme Court's decision in Murthy v. Missouri, addressing government involvement in social media content moderation, is also discussed. Additionally, they touch on the landmark Supreme Court decision overturning the Chevron deference doctrine and its potential effect on the administrative state. (More to come on future episodes).
State-level privacy legislation is a major focus of this episode, with Tanner highlighting three new state privacy laws taking effect on July 1: the Oregon Consumer Privacy Act, the Texas Data Privacy and Security Act, and the Florida Digital Bill of Rights Act. He discusses unique aspects of each law and notes Texas's aggressive approach to enforcement. The podcast also covers other state-level developments, including Florida Governor Ron DeSantis's veto of a cybersecurity safe harbor bill, Vermont's failure to pass a privacy bill, and Rhode Island's enactment of comprehensive privacy legislation.
Katherine examines New York's newly enacted child and teen online safety bills, the New York Child Data Protection Act and the Stop Addictive Feeds Exploitation (SAFE) for Kids Act. Tanner then discusses California's third CCPA settlement, involving Tilting Point Media and its mobile gaming app.
International cooperation in privacy regulation is touched upon, with Tanner noting the California Privacy Protection Agency (CPPA) signing a partnership agreement with France's data protection authority (CNIL) for joint research and information sharing.
The episode concludes with discussions on several other topics, including a lawsuit by the Arkansas Attorney General against Temu, Project Veritas challenging an Oregon privacy law before the Ninth Circuit Court of Appeals, Microsoft's blog post on "skeleton key" AI jailbreak techniques, and a brief mention of a Neiman Marcus hack.
__________________________
Questions, comments, and feedback can go to cybermatterspodcast@gmail.com, and dont forget to subscribe to the podcast and share with your network. Thanks for joining us, and we'll see you next week!
_______________________
Links Mentioned in the show: https://www.bakerlaw.com/insights/northern-district-of-texas-flashes-the-blue-lights-on-ocrs-pixel-guidance/