Posts

Showing posts with the label Cybersecurity

Proposed State Laws For Breach Notification Could Reshape Incident Response Plans

State breach-notification laws continue to evolve, and legislatures are using 2026 sessions to tighten consumer protections and shift the civil liability landscape that often follows a cyber event. For businesses, the practical takeaway is that incident response planning increasingly needs to account not only for “whether notice is required,” but also for hard timelines, regulator-facing deliverables, and the cost of consumer support services. Several state laws have died without passing out of the legislature, including bills in Connecticut, Hawaii, and Oklahoma. However, we continue to watch two pending state laws on the East Coast. New Jersey – Assembly Bill 1852 New Jersey’s pending proposal is more about standardizing notice practices and ensuring ongoing consumer access to credit reporting. As introduced, the bill narrows permissible notice methods to written notice or electronic notice. It removes the existing substitute-notice pathway that many companies rely on when notice cos...

The AI Didn’t Go Rogue. Guardrails Were Never There.

The lesson from the PocketOS database deletion is not that agentic AI is dangerous. It’s about governance and controls. You have probably seen some version of the headline by now: “AI Agent Deletes Company’s Entire Database in 9 Seconds.” It is a compelling story. But the headline, while technically accurate, obscures the far more important lesson buried in the details. So what actually happened? PocketOS, a small SaaS company that makes software for car rental businesses, was using a popular AI-powered code editor running on Anthropic’s Claude Opus 4.6 model. The AI agent was tasked with resolving a routine issue in a staging environment. When it hit a credential mismatch, the agent decided on its own initiative to “ fix” the problem by deleting a volume on Railway, the company’s cloud hosting provider . The agent found a password in an unrelated file and used it to execute a deletion command. Because of permissions made available to the agent and the way access to the infrastructure...

New Federal Cybersecurity Reporting Rules are on Their Way: FAQs for Businesses About CIRCIA Regulations

A sweeping new federal cybersecurity mandate is on its way, and now is the time for businesses to build the infrastructure you’ll need to comply. The Cybersecurity and Infrastructure Security Agency (CISA) is finalizing draft rules that will require a massive swath of American businesses to report certain cyber incidents, putting more structure and teeth behind the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). While the agency has been targeting May 2026 for the release of the final rule, recent federal appropriations disruptions could alter that timeline. But the core obligations are not expected to change from the draft rule, and businesses that wait for the ink to dry before preparing will be starting from behind. Here’s a set of FAQs to help you understand what’s about to happen and what you should do. What is CIRCIA, and why should my business care? CIRCIA was passed in 2022 as the federal government’s first comprehensive, cross-sector approach to mandatory cy...

Quantum Computing is Coming: The Threat to Today’s Encryption

About eight years ago, toward the end of a panel I was moderating on cybersecurity, I turned to the panelists and asked them to tell me what to expect when quantum computing would come online. I got blank stares. Quantum computing, and its implications for national security and cybersecurity, had not yet made its way into the consciousness of most experts. Today, that has changed and lawyers, particularly those advising on system and data security issues, need to get ahead of the upheaval that is coming. For those unfamiliar, quantum computing is based on the principles of quantum physics, which govern matter and energy at atomic and subatomic levels, where classical physics ceases to apply . Quantum tech has already begun to influence areas like  medical imaging . Once they become commercially viable, quantum computers will launch a sea change in many additional areas of technology. Quantum computers’ use of qubits that can hold multiple values simultaneously will inaugurate an e...

New Federal Cybersecurity Reporting Rules are on Their Way: FAQs for Businesses About CIRCIA Regulations

A sweeping new federal cybersecurity mandate is on its way, and now is the time for businesses to build the infrastructure you’ll need to comply. T he Cybersecurity and Infrastructure Security Agency (CISA) is finalizing draft rules that will require a massive swath of American businesses to report certain cyber incidents, putting more structure and teeth behind the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) . While the agency has been targeting May 2026 for the release of the final rule, recent federal appropriations disruptions could alter that timeline. But the core obligations are not expected to change from the draft rule, and businesses that wait for the ink to dry before preparing will be starting from behind. Here’s a set of FAQs to help you understand what’s about to happen and what you should do. What is CIRCIA, and why should my business care? CIRCIA was passed in 2022 as the federal government’s first comprehensive, cross-sector approach to mandatory ...

Government Contracting in 2026- Key Legal & Compliance Risks

  As federal agencies continue to navigate budget constraints, geopolitical uncertainty, workforce shortages, and rapid technological change, government contractors entering 2026 face an increasingly complex legal and enforcement environment. Recent case law, agency guidance, and enforcement activity reflect a clear trend: Contractors are being held to higher standards of documentation, transparency, and internal controls across the procurement lifecycle. Below are six legal issues government contractors should be actively monitoring — and preparing for — in 2026. 1.  Heightened Scrutiny of Responsibility Determinations and Contractor Integrity Agencies are paying closer attention to contractor “responsibility,” particularly with respect to ethics, compliance systems, financial viability, and past performance. Responsibility determinations — long considered largely discretionary — are increasingly shaped by issues that extend well beyond the instant procurement. Recent litiga...