Posts

Showing posts with the label Clark Hill PLC

Long Saga of Colorado AI Act Appears to Have Come to Close With Revised Law

Ever since its initial passage into law in 2024, the Colorado AI Act has been a lightning rod for controversy and calls for change. Over the ensuing two years, multiple attempts to amend the law were floated and proposed by consumer and industry groups. The implementation of the law itself was delayed several times to allow for such changes, with Governor Jared Polis calling a special session of the legislature last August to specifically address potential changes. All of those attempts appear to have culminated in Senate Bill 189 having passed both the Colorado House (57-6) and Senate (34-1) this week. The bill next heads to the desk of Governor Jared Polis where it is expected to be signed into law and to take effect as of January of 2027. Now that the law has been amended to address concerns raised by both consumer advocacy and industry leaders, what does the revised Colorado AI Act look like and how does it compare to the original law passed two years ago? The “New” Colorado AI Ac...

Navigating the Where, When, and What of Data Privacy Risk Assessments

As noted in  last week’s post , privacy risk assessments are now required in several states. Of the 19 U.S. states with comprehensive consumer data privacy laws, all but two mandate that businesses conduct privacy risk assessments when processing of consumer personal information in ways that could pose a risk to consumers' privacy. These assessments are not simple checklists—they involve detailed analyses weighing the risks of collecting and processing information against the benefits to the business, considering the safeguards the business plans to implement. Performing these assessments carries significant regulatory implications and potential litigation risks.  These important topics will be discussed in next week’s post. Before we get there, this post discusses the key threshold questions— WHERE ,  WHEN  and  WHAT —to determine whether a privacy risk assessment is required So the question becomes, when do businesses need to conduct one of these risk assessm...

Federal Contractors Handling Sensitive Government Information

  On Oct. 21, the new Federal Acquisition Regulation (“FAR”) rule (the “CUI Rule”) aligning requirements for federal contractors to properly safeguard Controlled Unclassified Information (“CUI”) as outlined in Executive Order 13556 (the “Executive Order”) completed regulatory review. The CUI Rule’s language has not yet been released, but once it is published on the Federal Register, we expect it to introduce some manner of mandate directing compliance with NIST SP 800-171. The CUI Rule demonstrates the Federal Government’s commitment to aligning the government contracting space with the evolving national security climate. Current and interested federal contractors will need to update their cybersecurity practices, policies, and procedures to meet the NIST SP 800-171 and the Executive Order’s standards. This will require new training programs for their workforce and management, implementation of new audit processes and audit logging requirements, and implementation of continuous ne...