Search results

[…] 2025 chatbot legislation. For example, chatbot legislation generally did not include requirements to undertake impact assessments or audits. An earlier draft of SB 243 included a third-party audit requirement for companion chatbot operators, but the provision was removed before enactment, suggesting that state lawmakers continue to favor disclosure and protocols over more prescriptive oversight […]

[…] the Single Resolution Board (SRB). The SRB launched a process to assess whether former shareholders and creditors were entitled to compensation. Deloitte was appointed as an independent auditor to evaluate whether they would have received a better valuation under regular insolvency proceedings. In August 2018, the SRB published its preliminary decision, opening a two-phase […]

The following is a guest post to the FPF blog authored by Christopher Kuner, Visiting Fellow at the European Centre on Privacy and Cybersecurity at Maastricht University and FPF Senior Fellow. The guest post reflects the opinion of the author only and does not necessarily reflect the position or views of FPF and our stakeholder […]

[…] are not transferred and are deleted with 24 hours of the processing activity; (11) Relevant internal actors and external parties contributing to the DPA; (12) Any internal/external audit conducted for the DPA, including details about the auditor or individuals involved; (13) Dates DPA was reviewed and approved; and names, positions, and signatures of those […]

[…] some of the most significant yet. Starting January 1, 2026, businesses will be subject to extensive new obligations concerning automated decisionmaking technology (ADMT), risk assessments, and cybersecurity audits. Today, the Future of Privacy Forum released an issue brief covering these extensive new regulations, providing stakeholders a comprehensive overview of these new legal requirements and […]

[…] risk assessment reports to the Attorney General or the CPPA upon demand; and (3)  Businesses whose processing of personal information presents significant risk to consumers’ security must (a) conduct an annual cybersecurity audit, and (b) a qualified member of the business’s executive management team must submit a written attestation that an audit has been conducted.

PRIVACY COMMUNITIES FPF Privacy Communitie s bring industry leaders together with FPF staff and experts to develop best practices, share insights, and promote pragmatic public policy solutions. Privacy Community members receive regular written updates on developments in their field. FPF members can access these privacy communities via the FPF Member Portal. For those without a […]

[…] the intersection of emerging technologies, digital rights, and ethics across the public and private sectors. She was the first Chief Privacy Officer of the U.S. Department of Homeland Security; served as President and CEO of the Center for Democracy and Technology; and held senior roles at Walmart, Amazon, GE, and DoubleClick. O’Connor is a […]

[…] open-source development; Imposing pre-training requirements, obligating developers to implement safety protocols, cybersecurity protections, and full shutdown capabilities before beginning initial training of a covered model; Requiring annual audits by independent third-party assessors; Strict 72-hour reporting window for safety incidents; and Steep penalties tied to compute cost, up to 10% for first violations and 30% […]