This week on Cyber Matters, hosts Tanner and Katherine cover a wide range of topics in cybersecurity, privacy, and technology law. They begin by discussing the ELVIS Act, a new Tennessee law effective July 1, 2024. Katherine explains how this act expands protections for individuals' voices and likenesses, particularly regarding AI-generated deepfakes. While both hosts praise the act's intentions, they also point out several ambiguities in its language that could lead to implementation challenges.

Tanner then provides an update on the Department of Defense's Cybersecurity Maturity Model Certification (CMMC) program. He details the revised CMMC rules submitted to the Office of Information and Regulatory Affairs, incorporating changes based on public feedback. These revisions include a new 2.5-year rollout plan, allowances for self-attestation in some cases, and increased focus on third-party risk management.

In SEC news, Tanner discusses a recent 8-K filing by Affirm Holdings, noting how it aligns with new SEC guidance on cybersecurity incident disclosures. The hosts also delve into the Supreme Court's decision in Moody v. NetChoice, which vacates lower court rulings on social media platform regulation laws in Florida and Texas. They explore the nuances of the majority opinion, concurrences, and the implications for future as-applied challenges to these laws.

Katherine highlights international privacy enforcement actions, including the European Commission's preliminary findings that Meta's "pay or consent" model for Facebook and Instagram users in Europe may violate the Digital Markets Act. She also mentions an order for Meta to stop training its AI on Brazilian personal data.

In the healthcare sector, Tanner covers a $950,000 settlement between the Office for Civil Rights and Heritage Valley Health System for potential HIPAA violations. He emphasizes the importance of basic security measures like risk assessments and access policies, noting that this case took nearly seven years to resolve.

The hosts then turn their attention to emerging technologies and their privacy implications. They address concerns about OpenAI's ChatGPT application for Mac storing conversation history in plaintext, debating whether this constitutes a breach of trust. Tanner and Katherine also explore the potential risks and considerations surrounding Morgan Stanley's new AI-powered tool for recording and summarizing client calls.