Photo of James Koenig

With a background that combines business experience, legal expertise, and technology, Jim takes a unique, integrated approach to meet his clients’ needs relating to global privacy compliance, innovative data uses, cybersecurity, breach response, regulatory enforcements, and class actions.

On July 26, the Securities and Exchange Commission (SEC) adopted, by a 3-2 margin, a final rule to require more immediate disclosure of material cybersecurity incidents by public companies. In addition, the final rule requires annual disclosure of material information regarding a public company’s cybersecurity risk management strategy and cybersecurity governance.

CPRA Regulations Delayed. On June 29, 2023, two days before enforcement of the California Consumer Privacy Act (CCPA) was to begin, a Sacramento Superior Court issued a temporary injunction, enjoining enforcement of newly promulgated regulations under the California Privacy Rights Act (CPRA), which amended the CCPA earlier this year. The new regulations were promulgated and purportedly went into effect on March 29, 2023. Specifically, the court enjoined enforcement of these final CPRA regulations, which will be stayed for a period of 12 months from the date that individual regulation becomes final. The court declined to mandate any specific date to finalize the remaining regulations.

Editor’s Note: Texas, Oregon, and Delaware became the latest states to pass a comprehensive privacy bill, while the CPRA, Connecticut, and Colorado’s privacy laws came into force. In the litigation world, the FTC filed an amended complaint against Kochava, and the HHS settled with a psychiatric center that disclosed patient information in an online review. This month, international efforts focused on AI, as European Parliament members approved the AI Act, and the Japanese privacy watchdog warned OpenAI about collecting sensitive user data.

Click here to register.

Thursday, July 20 • 2:00 – 3:15 p.m. ET

With the recent explosion of AI awareness and exploration, many companies are trying to decipher the AI Trifecta – Privacy, IP, and Data Management Practices. In the last several months, there has been a wave of developments relating to internal AI procedures, acceptable use guidelines, and training for employees. Privacy, IP, and other company lawyers are struggling with how to empower business and IT while also trying to balance risk, reward, and legal obligations.

Join the first webinar in our new series – AI Risk, Reward, and Regulation – to hear from our Troutman Pepper lawyers and industry experts as they discuss the following critical issues facing companies and the legal profession today:

Editor’s Note: Montana became the latest state to pass a comprehensive privacy bill, joining California, Virginia, Colorado, Connecticut, Utah, and Tennessee. Florida, too, passed a privacy bill, but with a much narrower scope. Meanwhile, at the federal level, the House Energy and Commerce Committee continued to work on the federal analog: the American Data Privacy and Protection Act. In U.S. litigation, courts continued to see litigation under the Video Privacy Protection Act, including a new suit against Hearst Television. At the international level, European Parliament members adopted a nonbinding opinion to vote against the EU-U.S. Transfer Agreement, and the French CNIL leveraged a fine against Clearview AI for noncompliance.