Cybersecurity, Privacy, Data Protection, Internet Law and Policy.
Data Matters Privacy Blog Cybersecurity, Privacy, Data Protection, Internet Law and Policy
- White House Issues Executive Orders on Quantum Innovation and Securityby David Lashway, John Woods, Cole R. Rianda, Philip Robbins and James Atlas on July 1, 2026 at 4:18 pm
On June 22, 2026, the White House issued two Executive Orders:Ā Ushering in the Next Frontier of Quantum Innovation and Securing the Nation Against Advanced Cryptographic Attacks. By harnessing properties of quantum physics, advanced quantum computers are capable of solving certain classes of computational problems much faster than classical computers, opening new pathways for innovation and new threats to widely used cryptographic security systems. The post White House Issues Executive Orders on Quantum Innovation and Security appeared first on Data Matters Privacy Blog.
- EU AI Act Transparency Obligations: Preparing for Compliance by 2 August 2026by Francesca Blythe and Eleanor Dodding on June 24, 2026 at 6:17 pm
From 2 August 2026, organisations will become subject to the transparency obligations set out in Article 50 of the EU AI Act (Regulation (EU) 2024/1689). Article 50 introduces transparency requirements for providers and deployers in relation to certain AI system functionalities and use cases that may create transparency risks for individuals. Whilst much of the EU AI Act focusses on obligations on high-risk AI systems, Article 50 obligations may also apply to certain limited-risk systems. As a result, many organisations will need to implement governance, disclosure and content-labelling measures to ensure users are appropriately informed about the use of certain AI systems and AI-generated content. The post EU AI Act Transparency Obligations: Preparing for Compliance by 2 August 2026 appeared first on Data Matters Privacy Blog.
- EU Lawmakers Reach Provisional Agreement to Delay Key EU AI Act Obligationsby William RM Long, Elisabetta Righini and Francesca Blythe on June 22, 2026 at 4:19 pm
On 7 May 2026, following extensive negotiations, the European Council and European Parliament reached a provisional agreement on the EU Digital Omnibus on AI (AI Omnibus) which proposes targeted amendments to the EU Artificial Intelligence Act (AI Act). On 16 June 2026, the European Parliament voted to adopt the provisional agreement ā although, formal adoption remains subject to European Council approval. The post EU Lawmakers Reach Provisional Agreement to Delay Key EU AI Act Obligations appeared first on Data Matters Privacy Blog.
- Cyber Strategy at the AI Frontier: President Trump Releases Executive Order to Promote Advanced Artificial Intelligence Innovation and Securityby David Lashway, John Woods, Jennifer B. Seale, Michael C. Hochman, Cole R. Rianda and Philip Robbins on June 4, 2026 at 3:06 pm
On June 2, 2026, President Trump issued the Executive Order, Promoting Advanced Artificial Intelligence Innovation and Security. The Executive Order carries forward several priorities included in President Trumpās Cyber Strategy for America, released in March 2026.[1] The Executive Order declares, āIt is the policy of the United States to promote AI innovation and security by working collaboratively with the private sector to modernize government and private sector information systems and harden them against external threats; to protect American ingenuity and intellectual property from exploitation and theft by adversaries; and to cultivate Americaās advanced AI-enabled capabilities.ā The post Cyber Strategy at the AI Frontier: President Trump Releases Executive Order to Promote Advanced Artificial Intelligence Innovation and Security appeared first on Data Matters Privacy Blog.
- Risk Analysis in the Crosshairs: Four Recent Ransomware Resolutions Preview the HIPAA Security Rule Amendmentsby Michael C. Hochman, Sasha Hondagneu-Messner and Brad A. Carney on June 1, 2026 at 7:37 pm
On April 23, 2026, the U.S. Department of Health and Human Servicesā (HHS) Office for Civil Rights (OCR) announced resolution agreements and corrective action plans with four regulated entities following separate ransomware investigations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. The settlements are the culmination of OCR investigations into separate ransomware breaches collectively affecting more than 427,000 individuals and involving the exposure of unsecured electronic protected health information (ePHI) ā demographic data, Social Security numbers, financial information, lab results, medications, and diagnoses or conditions. Under the settlements, the regulated entities agreed to implement corrective action plans subject to OCR monitoring for two years and pay a total resolution amount of $1,165,000 to OCR. The post Risk Analysis in the Crosshairs: Four Recent Ransomware Resolutions Preview the HIPAA Security Rule Amendments appeared first on Data Matters Privacy Blog.
- New York Department of Financial Services Issues Coordinated Guidance on Frontier AI Cybersecurity Risksby David Lashway, Jennifer B. Seale and Sasha Hondagneu-Messner on May 28, 2026 at 5:27 pm
On May 21, 2026, the New York State Department of Financial Services (āDFSā) issued two coordinated Industry Letters: a letter on Heightened Cybersecurity Risks Associated with Frontier AI Models (the āAI Advisoryā) and accompanying Guidance on Measures Regulated Entities Should Consider in a Heightened Cybersecurity Threat Environment (the āGuidance,ā and together, the āMay 2026 Publicationsā). The AI Advisory builds on DFSās October 2024 guidance on cybersecurity risks arising from AI, but is narrower in focus. Specifically, it addresses frontier models that may materially increase the speed and effectiveness of vulnerability discovery and exploitation. The post New York Department of Financial Services Issues Coordinated Guidance on Frontier AI Cybersecurity Risks appeared first on Data Matters Privacy Blog.
- Chambers 2026 Global Practice Guide for Artificial Intelligenceby Colleen T. Brown, Michael C. Hochman, Brittany A. Bolen, Jack W. Pirozzolo, Sheri Porath Rockwell, Garrett Lance and Stephanie Y. Lim on May 27, 2026 at 5:47 pm
TheĀ Chambers 2026 Global Practice Guide for Artificial IntelligenceĀ provides the latest legal information on the rapidly evolving AI landscape, covering the commercial use of AI across key industries, AI-specific legislation and regulation, government and regulatory oversight, generative AI, agentic AI systems and autonomous decision-making, liability, procurement and supply chain accountability, employment, IP, data protection, antitrust, cybersecurity, ESG, and AI governance and compliance. The post Chambers 2026 Global Practice Guide for Artificial Intelligence appeared first on Data Matters Privacy Blog.
- Scientific Research and the GDPR: EDPB Issues Long-Awaited Guidelinesby Francesca Blythe and Eleanor Dodding on May 12, 2026 at 7:58 pm
On 15 April 2026, the European Data Protection Board (āEDPBā) published its long-awaited draft Guidelines 1/2026 on the processing of personal data for scientific research purposes (the āGuidelinesā), marking the most comprehensive regulatory statement to date on how the GDPR applies to scientific research activities. The post Scientific Research and the GDPR: EDPB Issues Long-Awaited Guidelines appeared first on Data Matters Privacy Blog.
- Preparing for the UKās New Data Protection Complaints Regime: Key Steps Before June 2026by Francesca Blythe, William RM Long and Eleanor Dodding on May 5, 2026 at 5:35 pm
The Data (Use and Access) Act 2025 (āDUAAā) has made a number of changes to the UKās data protection regime, many of which have already come into force. From 19 June 2026, organisations will need to implement or update their data protection complaints procedure to align with the new DUAA requirements which provide a mechanism for complaints made directly to a controller. This new requirement is supported by recent guidance from the UK Information Commissionerās Office (āICOā). This marks a shift towards a more formalised, controller-led complaints-handling framework, requiring organisations to treat certain expressions of dissatisfaction as regulated complaints with defined procedural obligations. The post Preparing for the UKās New Data Protection Complaints Regime: Key Steps Before June 2026 appeared first on Data Matters Privacy Blog.
- U.S. SEC Regulation S-P: Compliance Deadline Approaching for Smaller Entitiesby Ranah Esmaili, Jonathan M. Wilan and Victoria A. Anglin on April 30, 2026 at 4:31 pm
The U.S. Securities and Exchange Commission has issued amendments to Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information, which became effective on August 2, 2024 (the Final Amendments). For smaller entities, including registered investment advisers with less than $1.5 billion in assets under management, as well as certain broker-dealers and other SEC-regulated entities, the compliance deadline is June 3, 2026. The compliance deadline for larger entities was December 3, 2025. For a full list of entities required to comply, please see June 4, 2024Ā Sidley Update. The post U.S. SEC Regulation S-P: Compliance Deadline Approaching for Smaller Entities appeared first on Data Matters Privacy Blog.







