Key point: Beginning November 10, 2025, DoD contracting officers will begin adding Cybersecurity Maturity Model Certification (CMMC) requirements to solicitations, and contracting officers “shall not award a contract, task order, or delivery order to a [contractor] that does not have a current CMMC status at the CMMC level required by the solicitation.”
OIRA Completes its Review of the DFARS CMMC Proposed Rule: Is Your Company CMMC Certified, or Will It be Excluded from Future Awards?
Key point: CMMC took another step towards reality, with OIRA clearing for publication the DFARS proposed rule that will add CMMC requirements as a condition of award for new contracts.
Trump Administration’s AI Action Plan and New Executive Orders Offer Strategic Opportunities and Legal Risks for Private Businesses
Key point: “Winning the Race: America’s AI Action Plan,” the Trump Administration’s summary approach to federal artificial intelligence (AI) policy, and three new Executive Orders (EO) propose a wide-ranging federal strategy intended to solidify U.S. leadership in AI. For business leaders and public sector stakeholders, the Action Plan and EOs may be a double-edged sword: catalyzing AI innovation through deregulation, but in turn creating a complex, opaque compliance environment that demands careful navigation.
Proposed State Privacy Law Update: April 14, 2025
Keypoint: Last week, Montana’s legislature inched closer to significantly revising its consumer data privacy law, Oregon’s consumer data privacy amendment bills advanced, and there were numerous developments with Arkansas’ bills in advance of its upcoming adjournment.
Below is the fourteenth weekly update on the status of proposed state privacy legislation in 2025. As always, the contents provided below are time-sensitive and subject to change.
A Privacy Christmas Story
Keypoint: As we break for the holidays, we wanted to wish you and your families happiness and health, and leave you with an attempt at some privacy holiday humor. We look forward to bringing you more privacy news and analysis in 2022.
A Privacy Christmas Story
‘Twas the night before Christmas as I toiled away,
Counting the minutes until Christmas day,
When all of a sudden from out of the blue,
I received a meeting invite from Santa that’s who,
You see Santa’s been watching as all over the globe,
Countries (except the US) have enacted privacy codes,
Santa, he said, would like to comply,
So he asked if I could give it a try,
[After clearing conflicts, receiving a retainer and entering into an engagement letter …..]
SB260 Passes Nevada Senate; Would Broaden Right to Opt Out of Sales
Keypoint: If passed, the bill would, among other changes, broaden Nevada’s existing right to opt out of sales of covered information.
In late March, we first reported that the Nevada legislature is considering a bill that would amend Nevada’s online privacy notice statutes, NRS 603A.300-360, to provide for a broader right to opt out of sales. On April 20, the Nevada Senate unanimously passed an amended version of SB260. The bill is now with the Assembly Committee on Commerce and Labor.
Comment Deadline for Proposed Rule on HIPAA Privacy Extended to May 6, 2021
As an update to our previous post, HHS announced that the deadline to submit comments on their proposed rule to revise HIPAA regulations was extended until May 6, 2021. Changes contemplated by the proposed rule involve relaxing certain privacy standards, strengthening individuals’ rights to access their protected health information (PHI) and other initiatives that