Demian Ahn

Subscribe to Demian Ahn's Posts

In 2026, businesses will face an increasingly complex regulatory environment for Artificial Intelligence (AI). With new state laws and various federal action on the horizon, here’s our top 10 list of what businesses should watch out for in the AI regulatory space in 2026:Continue Reading 2026 Year in Preview: AI Regulatory Developments for Companies to Watch Out For

As we ring in the new year, we want to make you aware of key issues that we expect lawmakers and regulators to focus on this year. Below are the top U.S. data, privacy, and cybersecurity issues to watch out for in 2026:Continue Reading 2026 Year in Preview: U.S. Data, Privacy, and Cybersecurity Prediction

On November 6, 2025, the CaliforniaConnecticut, and New York Attorneys General (collectively, the “Attorneys General”) announced a settlement with Illuminate Education, Inc. to resolve allegations that the company violated state privacy laws following a student data breach. The settlement marks the first enforcement actions under the California K-12 Pupil Online Personal Information Protection Act (KOPIPA, formerly known as SOPIPA) and Connecticut’s Student Data Privacy Law, and also constitutes the second major enforcement action under New York Education Law § 2-d.Continue Reading EdTech Provider Agrees to $5.1 Million Settlement with Three State Attorneys General over Student Data Breach

On July 23, 2025, the White House announced its long-awaited comprehensive AI Action Plan titled “Winning the AI Race: America’s AI Action Plan” (the Plan). The Plan is aimed at positioning the U.S. as the global leader in AI and is a follow up to President Donald Trump’s January 23, 2025, Executive Order on “Removing Barriers to American Leadership in Artificial Intelligence,” which revoked the Biden Administration’s prior AI Executive Order (Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence). The AI Action Plan contains more than 90 policy actions related to three key pillars: 1) Accelerating AI Innovation, 2) Building American AI Infrastructure, and 3) Leading in International AI Diplomacy and Security. This alert touches on all three pillars with a focus on the first, which outlines the Trump Administration’s strategic vision and policy recommendations to drive innovation in the American AI sector.Continue Reading White House Releases America’s AI Action Plan

On January 14, 2025, the UK government unveiled a proposed framework aimed at combating the rise of ransomware attacks by implementing a payment prevention and reporting regime. This would require companies to not only report all ransomware incidents, but also to declare whether they intend to pay a ransom. The government also announced that it proposes to ban public bodies and infrastructure providers from making ransom payments to cyber attackers. A public consultation is open until April 8, 2025.Continue Reading Ransomware Attacks: UK Government Proposes Ransom Payment Ban and Mandatory Notification Requirements

Overview

The U.S. Department of Health and Human Services Office for Civil Rights (HHS-OCR) has announced proposed modifications to the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (the Proposed Rule). The Proposed Rule was published in the Federal Register for comment on January 6, 2025. It aims to strengthen the security and privacy of electronic protected health information (ePHI) in response to the evolving threat landscape and emerging technological challenges. If finalized as proposed, the Proposed Rule will have significant implications for healthcare organizations, their business associates, and other entities subject to HIPAA compliance requirements (the “regulated entities”). This alert represents the first in a multipart series outlining the most pertinent of the proposed rules and the potential implications for regulated entities.Continue Reading HHS-OCR Announces Proposed Modifications to the HIPAA Security Rule