12 Days of Data

Subscribe to 12 Days of Data via RSS
24_1742_12 Days of Data_Graphic_10292

The National Institute of Standards and Technology (NIST) has been a leading voice in cybersecurity standards since 2013, when President Obama’s Executive Order on Improving Critical Infrastructure Cybersecurity tasked NIST, which is embedded within the Department of Commerce, with developing and updating a cybersecurity framework for reducing cyber risks to critical infrastructure. The first iteration of that framework was released in 2014, and Versions 1.1 and 2.0 followed in 2018 and 2024. NIST guidance has also expanded to include a privacy framework, released in 2020, and an AI risk management framework, released in 2023. This year, NIST made updates to both its cybersecurity and AI risk management frameworks and created a holistic data governance model that aims to provide a comprehensive approach for entities to address issues like data quality, privacy, security, and compliance, leveraging the various NIST frameworks under a unified data governance structure to help framework users address broader organizational risks. A retrospective of these developments and predictions for 2025 are detailed in this post.Continue Reading A Very Merry NISTmas: 2024 Updates to the Cybersecurity and AI Framework

24_1742_12 Days of Data_Graphic_1029

Data breaches made headlines throughout 2024, affecting governments, health care groups, and telecoms. Follow-on litigation has kept pace. Nearly 4,000 class actions involving data privacy issues are estimated to be filed in federal courts by the end of this year.

Growth in litigation meant that 2024 saw legal developments in several areas including standing to sue and web video suits. Increased attention on cybersecurity and privacy incidents unsurprisingly corresponded with active SEC enforcement and derivative suits related to inadequate data security.Continue Reading Unwrapping 2024’s Key Trends in Data Privacy Litigation

24_1742_12 Days of Data_Graphic_102913

Over the next few weeks, Ropes & Gray’s data, privacy, and cybersecurity team will bring you unique blogs reviewing key trends and developments in data protection. This year, each daily blog will focus on a specific set of legal developments or a regulated sector. These blogs will track topics covered by 12 of the 30+

Looking back on 2023, the trend of privacy-based class actions has only increased, and it doesn’t seem poised to halt or even slow down in the new year. Businesses are feeling acutely the threat of future litigation. At the end of 2022, the hundreds of cross-industry respondents to the Annual Litigation Trends Survey cited cybersecurity, data protection, and data privacy as the second-highest ranked area of future concern for class actions, and their concerns turned out to be justified. From peeved Pixel plaintiffs to data breach defendants, class actions abounded this year.Continue Reading Dashing Through 2023’s Privacy Litigation Trends

While the Illinois Biometric Information Privacy Act (“BIPA”) is “of 2008,” only in the past few years has BIPA litigation exploded at a pace likely to continue.  BIPA generally requires companies that collect biometric information or identifiers in Illinois to adhere to certain practices, including providing a public privacy policy; obtaining written consent before collection; abstaining from the sale of, or other profiting from, biometric data; disclosing biometric data only with prior consent; and maintaining security measures to protect biometric data.  The growing wave of BIPA litigation has helped clarify certain aspects of the Act while bringing others into question, as amendments may further alter the legal landscape. Continue Reading Illinois’s Biometric Information Privacy Act: A Reflection on 2023

In a Law360 article, co-authored by data, privacy & cybersecurity partner Fran Faircloth and associate May Yang, the team reflect on 2023 Global AI highlights, noting “2023 stands out as a landmark year for artificial intelligence and for generative AI in particular.”

“The launch of OpenAI’s ChatGPT in late 2022 marked a turning point, igniting a global race among tech companies and investors to harness and evolve this burgeoning technology,” said Fran and May. This development brings a myriad of legal implications, touching on intellectual property challenges, data privacy and cybersecurity risks, and ethical considerations in AI Deployment.Continue Reading Reviewing 2023’s Global AI Landscape Across Practice Areas

2023 was the year of artificial intelligence — and 2024 is already shaping up to be more (much more) of the same.  The European Union’s legislative bodies passed the AI Act earlier this month, and although the text has yet to be finalised on the world’s first comprehensive AI law, the hype around it already feels unstoppable.  That hype will turn into hard work over the next 12 months, as organisations grapple with understanding their obligations under the Act and putting in a governance framework that meets those obligations.  Needless to say, it will not be an easy task.Continue Reading The Three European Union Laws That Need Your Attention in 2024

What has often been considered to be one of the most heavily litigated privacy laws over the last decade, the Telephone Consumer Protection Act’s (“TCPA”) applicability (or lack thereof) to many modern text message dialing technologies has been significantly curtailed as a result of the United States Supreme Court’s narrow definition of what constitutes an automatic telephone dialing system (“ATDS”) in Facebook v Duguid. However, this is still a very active area, and we expect 2024 to reshape the contours of TCPA litigation. In this post, we provide a summary of noteworthy developments in federal and state telemarketing privacy laws as well as our predictions on what may be around the corner in 2024.Continue Reading You Better Watch Out, You Better Not Cry…Telemarketing Changes Are Coming to Town in 2024

The past year has seen unprecedented growth and development of artificial intelligence (“AI”) tools, which have been significantly propelled by the rapid deployment of generative AI (“GenAI”) tools.  The health care and life sciences industries have increasingly sought the use of AI and GenAI tools to promote innovation, efficiency and precision in the delivery of treatment and care, as well as in the production of biologics and medical devices.  For example, AI tools may more accurately predict and analyze diagnostic test results and develop personalized treatments than traditional tools; may improve clinical trial design, eligibility screening and data analysis; may be used as a diagnostic tool in a clinical trial designed to assess the safety or efficacy of a medical device; and may be used to accelerate the drug development timeline.  While such uses raise inherent concerns regarding, among other things, the improper use and/or disclosure of personal information, the introduction and/or perpetuation of bias and discrimination, as well as data security, reliability, transparency and accuracy, there is currently no developed federal or cohesive state regulatory framework designed to minimize such risks.  Continue Reading The 2023 AI Boom Calls for Further Regulation of the Use of AI Tools in the Health Care and Life Sciences Industries

Decisions, decisions.  We are deluged by decisions.  What present should I buy?  Is the small cheese plate enough for my party guests, or should I go with the large?  How much of my bonus should I set aside for retirement this year, or should I up my charitable giving? 

Wouldn’t it be nice if we could all get a little technological assistance in making choices this holiday season?Continue Reading Jingle All the Algorithms: Automated Decisionmaking Amidst a Blizzard of State Privacy Laws