Just a few years ago, the legal landscape governing health-related personal information was relatively simple: Protected Health Information was regulated under Health Insurance Portability and Accountability Act, a discrete set of rules that applies to a specified set of healthcare plans, clearinghouses, and providers. 

Last week, the UK's Online Safety Bill received royal assent and became law. 

With this development, Ofcom, the regulator for the new Online Safety Act, has published a roadmap to explain how the act will be implemented over the next two years.

The White House recently issued its most extensive policy directive yet concerning the development and use of artificial intelligence through a 100-plus-page Executive Order titled "Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence" and accompanying "Fact Sheet" summary.

Under an amendment to the Safeguards Rule under the Gramm-Leach-Bliley Act announced on October 27, 2023, the Federal Trade Commission will require a broad range of nonbank financial institutions to notify the FTC of instances of the unauthorized acquisition of unencrypted, personally identifiable, nonpublic financial information of more than 500 customers.

California Governor Gavin Newsom recently signed AB 1394, a law that imposes new obligations on social media platforms to prevent and combat child sexual abuse and exploitation. 

Overview

Among the many open questions about large-language models (LLMs) and generative artificial intelligence (AI) are the legal risks that may result from AI-generated content. 

After a flurry of legislative activity across the United States related to kids' privacy and safety online, in recent weeks, federal courts in Arkansas and California have enjoined two notable state laws. 

The U.S. Department of Homeland Security announced new policies on September 14, 2023, regarding its use and acquisition of artificial intelligence technologies, including facial recognition and face capture technologies. DHS also appointed Eric Hysen as the department's first chief AI officer.

The Supreme Court of New Jersey unanimously held that a wiretap order, rather than a search warrant, is required to seek "prospective electronically stored information" from Meta Platforms, Inc., the provider of the Facebook and Instagram services. Facebook, Inc. v. State, 254 N.J. 329, 341 (2023). 

The Board of the California Privacy Protection Agency (the CPPA) held its first meeting since July on Friday, September 8, 2023, and discussed the first public draft of cybersecurity audit regulations and risk assessment regulations. 

The UK Online Safety Bill was passed by Parliament earlier this week and is expected to soon become law through royal assent. 

In the wake of the SEC's new rule requiring prompt disclosure of cybersecurity incidents, incident response (IR) teams have asked how they should modify IR plans to promote compliance with the new rule. 

The Global Online Safety Regulators Network (Network) issued a position statement on human rights and online safety regulation on September 13, 2023.

The U.S. Securities and Exchange Commission (SEC) adopted final rules relating to cybersecurity disclosure on July 26, 2023, which will take effect on December 18, 2023. 

The Federal Trade Commission recently announced an enforcement order against edtech company Edmodo for allegedly violating the Children's Online Privacy Protection Act.