Privacy, Cybersecurity & Technology Law Perspectives

On November 30, 2020, the U.S. Department of Defense (“DoD”) will begin to roll out the new Cybersecurity Maturity Model Certification (“CMMC”) framework that eventually will require all DoD contractors, subcontractors, and suppliers to receive cybersecurity assessments from third-party assessment organizations. Existing Cybersecurity Requirements for DoD Contractors DoD currently imposes cybersecurity requirements on contractors through Defense Federal Acquisition Regulation Supplement (“DFARS”) clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting, which requires that the…
Foley is thrilled to partner with the California Technology Council on the Artificial Intelligence Podcast Series as part of our combined efforts to help foster high-tech innovation, collaboration, and growth across the state and beyond. The series dives deep into areas of data science, machine learning, and artificial intelligence, and features Foley attorneys, clients, and other industry contacts as thought leaders on trending topics in AI. Episode 1 opens with Antoinette Konski, Managing Partner…
“Because that’s where the money is,” was the famous quote fictitiously attributed to Willie Sutton when asked why he robbed banks. Given the trillions of dollars held by employee benefit plans, these plans are prime targets for cybercriminals. Plan participants also are increasingly accessing their plan information business online, but are not always reviewing their account history for accuracy. Plan participants, administrators, and service providers are also prime targets for cybercrime, especially as a result…
As of November 30, 2020, certain U.S. Department of Defense (“DoD”) prime contractors and subcontractors will need to complete a cybersecurity self-assessment prior to receiving new DoD contracts and prior to the exercise of new options under existing DoD contracts. Additionally, DoD contractors will need to ensure that any subcontractors that receive Controlled Unclassified Information (“CUI”) have also completed the cybersecurity self-assessment. Existing Cybersecurity Requirements for DoD Contractors DoD currently requires that all contracts, except…
On August 14, 2018, the Brazilian government approved the Brazilian General Data Protection Law, known as the Lei Geral de Proteção de Dados Pessoais (“LGPD”). Enforcement was set to begin on August 15, 2020 but then, due to COVID-19 was delayed until May 2021. Later, the delay was shortened to December 31, 2020, but eventually overturned by the Brazilian Senate, reverting to the original enforcement date resulting in the LGPD coming into effect very soon.…
Technology assisted contact tracing (“TACT”), including contact tracing apps, have quickly become a component in many organizations’ and communities’ plans to combat COVID-19. Just as quickly as TACT entered the conversation, so did privacy concerns. In the haste to implement TACT solutions, there are concerns that TACT systems are not being narrowly tailored to achieve the goals of contact tracing, and that broader TACT operations may create unnecessary vulnerabilities to users’ privacy. The Country of…
Still grappling with the aftershocks of the Schrems II decision from the CJEU on July 16 (we previously discussed the Schrems II decision here), the European Data Protection Board (“EDPB”) has issued a Frequently Asked Questions (“FAQ”) discussing the EDPB’s interpretation of the decision. At the same time, EU regulators continue to issue new guidance with their own interpretation of the decision and their views on the viability of the Standard Contractual Clauses (“SCCs”).…
What Businesses Need to Know At-a-Glance CJEU Decision Privacy Shield is invalid because U.S. surveillance programs permit unrestricted processing of EU data subjects and U.S. law provides little recourse for EU data subjects. Standard Contractual Clauses are still valid, but exporting data controllers and supervisory authorities must determine if the law in the data importer’s country can provide adequate privacy protections, possibly with additional safeguards, and if not, must stop the transfer of data. What…
This article outlines a framework for creating valuable patents for protecting AI technologies, as part of a series that covers topics including why to invest in patents for AIhow to overcome the biggest challenges in patenting AI, and business factors to consider in building your patent portfolio. The framework highlights several complementary approaches for claiming the inventions underlying any particular AI technology, and answers the following questions that characterize useful patent…
This is the third article in a series focused on creating a valuable patent portfolio for AI technologies, building on earlier discussions of why to invest in patents for AI and how to overcome the biggest challenges in patenting AI.  This article will focus on how to match up your patent portfolio with the most valuable aspects of your business, setting the stage for future articles on frameworks for how to prepare AI patent…