International Data Protection Week 2025

International Data Protection Week – Webinar Series

Join Clark Hill’s Cybersecurity, Data Privacy and Technology team for three webinars in recognition of International Data Protection Week. It is a week to raise awareness of the importance of data privacy and to promote data protection practices. Topics include:

• A review of the evolving AI landscape, including key enacted laws, emerging legal challenges, and actionable strategies for businesses deploying AI technologies.
• An in-depth discussion on how the Digital Operational Resilience Act (DORA) will transform digital and operational resilience requirements in the financial sector and the obligations related to incident response and the adjustments businesses need to make to their existing programs achieve compliance.
• Latest privacy litigation trends and challenges, including developments in Pixel litigation, BIPA, GIPA, CIPA, VPPA, standing issues, and critical defense strategies to help businesses navigate complex and evolving legal environments.

Click the links to learn more and register today!

• January 21 at 1:00 p.m. EST – AI Year in Review: From State AI Laws and Automated Decision-Making Regulations to the Rise of AI Liability
• January 23 at 1:00 p.m. EST – Digital Operational Resilience Act (DORA): A Cross-Border Discussion on Incident Response
• January 28 at 1:00 p.m. EST – Stay Ahead in Privacy and Data Breach Litigation

Cybersecurity and Data Protection 2024 Review

2024 Legislation and Regulations

1. Expansion of State Privacy Laws – Privacy laws in states like Indiana, Montana, Tennessee, and Oregon were implemented, further harmonizing with or diverging from existing frameworks like the California Consumer Privacy Act (CCPA) and Virginia’s Consumer Data Protection Act (CDPA).
2. U.S. National Cybersecurity Strategy Implementation – Key initiatives from the Biden administration’s National Cybersecurity Strategy became enforceable, including requirements for critical infrastructure owners to adopt zero-trust frameworks and enhanced supply chain security obligations.
3. EU Digital Operational Resilience Act (DORA) – The Act took full effect, imposing strict cybersecurity, incident reporting, and operational resilience standards on financial entities operating in the EU.
4. Updates to FTC Safeguards Rule – Full compliance deadlines arrived, emphasizing stricter requirements for financial institutions, including risk assessments, encryption, and incident response planning.
5. AI and Data Protection – Multiple states passed laws regulating automated decision-making (e.g., Colorado and Washington), including disclosure requirements and restrictions on discriminatory AI use.
6. Federal Focus on Quantum Cybersecurity – The Quantum Computing Cybersecurity Preparedness Act was passed to ensure the federal government transitions to post-quantum cryptography.
7. Incident Reporting Mandates – The SEC finalized rules for public companies to disclose material cybersecurity incidents within four business days, pushing transparency in corporate cybersecurity practices.

2024 Litigation

1. Changes in Biometric Privacy Litigation – Lawsuits under the Illinois Biometric Information Privacy Act (BIPA) surged following landmark judgments that clarified statutory damages and obligations, followed by passage of amending legislation designed to curb exponential awards.
2. Rise in Data Breach Class Actions – High-profile settlements, such as those related to healthcare breaches, as well as litigation over incidents affecting smaller populations, highlighted increased scrutiny of cybersecurity practices and data breach response timelines.
3. Focus on AI Liability – Lawsuits were filed seeking to address harms caused by generative AI products, especially in cases of biased decision-making or misuse of personal data.
4. “Pixel” Litigation –Litigation over the use of pixel and similar tracking technologies under privacy law, wiretapping law, and related theories continued to rise.

Cybersecurity and Data Protection Trends to Watch in 2025

2025 Legislation and Regulations Trends

1. Federal Privacy Legislation – Renewed efforts for a federal privacy law may gain traction as businesses push for uniformity amidst the growing patchwork of state regulations.
2. AI-Specific Regulatory Frameworks – Expect comprehensive federal or international guidelines on AI use, liability, and governance, particularly for automated decision-making and high-risk applications.
3. Global Alignment on Cybersecurity Standards – Watch for a rise in international collaboration on cybersecurity, including harmonization between GDPR, DORA, and U.S. regulatory approaches.
4. Cyber Incident Reporting for Critical Infrastructure – Final rules under the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), requiring rapid reporting of significant incidents to CISA, are expected to be fully implemented.
5. Continued Expansion of State Privacy Laws – More state-specific privacy laws will, or have already, become effective this year, including Delaware, Iowa, Nebraska, New Hampshire and New Jersey. Expect to see additional states implement new privacy laws or expand existing laws.

2025 Litigation Trends

1. Growth in Privacy-Enforcement Penalties – Regulators, such as the FTC and state Attorneys General, are expected to impose significant fines for non-compliance with privacy laws and data breaches.
2. Cyber Insurance Litigation – Disputes over cyber insurance coverage, particularly exclusions for acts of war or systemic risks, are expected to increase.
3. AI Liability and Data Breach Litigation Expansion – Expect increased filings of novel cases exploring AI misuse, intellectual property rights in AI-generated works, and high-stakes breaches involving sensitive personal data.

2025 Technological and Industry Trends

1. Post-Quantum Cryptography Implementation – Organizations will begin adopting quantum-resistant encryption technologies to prepare for advances in quantum computing.
2. Increased Focus on IoT Security – As IoT devices proliferate, regulations like the U.S. IoT Cybersecurity Improvement Act may gain stricter enforcement.
3. Focus on Operational Resilience – Financial services and other critical sectors are expected to prioritize resilience against cyberattacks and system disruptions, driven by regulations like DORA and global threats.
4. Rise of AI Governance Programs – Companies will begin to establish internal AI governance frameworks to comply with evolving regulations and manage reputational risks.