Demian Ahn

Subscribe to Demian Ahn's Posts

With Inauguration Day just around the corner, we are likely to see a host of new legislative and enforcement initiatives at the federal level. The Federal Trade Commission (FTC) will shift certain priorities under incoming Chairman Andrew Ferguson’s direction. And at the state level, legislatures and state attorneys general (state AGs) will continue to be active, enacting and enforcing a slate of new laws. As we ring in the new year, companies should be mindful of the new laws, regulations, and enforcement priorities that will likely impact them. Below are the top 10 U.S. privacy, cybersecurity, and consumer protection developments to watch out for in 2025:Continue Reading New Year, New Developments: 2025 U.S. Privacy, Cybersecurity, and Consumer Protection Predictions

As cyberattacks become more sophisticated, cybersecurity remains a top concern for regulators, consumers, business partners, and investors. Weak security can cause substantial harm to a company and lead to litigation, reputational damage, and hefty fines. Against that background, the EU is introducing stricter regulations that require robust cyber resilience, mandate board oversight on cybersecurity strategy, and hold board members personally liable for weak security practices.Continue Reading Cybersecurity: A Critical Element in Your 2025 Business Forecast

On May 16, 2024, the U.S. Securities and Exchange Commission (SEC) announced that it had adopted final amendments to its Regulation S-P (the Rule or Amended Rule), which governs “covered financial institutions’” treatment of consumers’ nonpublic personal information, to ensure that these entities implement incident response programs and notify consumers when their information has been compromised. Brokers, dealers, investment companies, investment advisers, crowdfunding portals, and transfer agents registered with the SEC or another appropriate regulatory agency are all considered covered institutions (CIs) under the Amended Rule.Continue Reading SEC Expands Security and Breach Notification Requirements for Investment Firms

Despite national efforts over the past decades, child sexual abuse material (CSAM) and online child sexual exploitation are still unfortunately prevalent. In 2023, the National Center for Missing and Exploited Children (NCMEC) received over 35.9 million reports of suspected CSAM.[1] This is more than a 20 percent increase over the previous three years. Notably, NCMEC’s 2023 report highlighted concern about the significant increase in reports involving generative artificial intelligence, noting that the Center received 4,700 reports of CSAM or other sexually exploitative content related to these technologies.Continue Reading New Minor Safety Obligations for Online Services: REPORT Act Expands Child Sexual Exploitation Reporting Requirements

On February 28, 2024, President Biden signed Executive Order 14117 (the Order) aimed at protecting Americans’ sensitive personal data and U.S. Government-related data from exploitation by “countries of concern.” This move constitutes a transformative overhaul in the U.S. approach to data regulation and creates the foundation for a comprehensive regulatory structure governing U.S. data.Continue Reading New Executive Order Restricts Certain Cross-Border Transactions Involving Sensitive Personal Data of U.S. Citizens

In 2024, businesses will continue to face an evolving landscape of cyber threats, along with an increasingly complex regulatory environment. With heightened scrutiny from regulators, consumers, and investors, the need to bolster security measures and improve incident response capabilities has become even more important. Here’s our top 10 list of what to watch for from cybersecurity regulators in 2024:Continue Reading Cybersecurity: What to Watch for in 2024