Privacy

Subscribe to Privacy

Determined to maintain its position as a pioneer for consumer privacy rights, California is again among the first to take action to tackle issues of children’s safety and privacy online with the enactment of the California Age-Appropriate Design Code (the “Code”), which was signed into law by Governor Gavin Newsom on September 15, 2022.  Once effective on July 1, 2024, the Code would, among other things, prescribe rules that require  businesses to design their online products and services with children’s privacy in mind and identify and mitigate any risks of material detriment to children that arise from businesses’ online data practices.
Continue Reading California Refuses to “Kid Around” on Children’s Privacy With Enactment of the California Age Appropriate Design Code

On September 5, 2022, following the election of the new UK Prime Minister, the UK Government decided not to proceed with the second reading and other motions relating to the Data Protection and Digital Information Bill (the “Bill”), which was due to have taken place on the same day.  According to the Leader of the House of Commons, this Bill was pulled as “to allow Ministers to consider the legislation further”.
Continue Reading UK’s Data Protection and Digital Information Bill: An Uncertain Direction

After a failed attempt in 2021, Connecticut has become the fifth U.S. state to enact comprehensive data privacy legislation with the passing of “An Act Concerning Personal Data Privacy and Online Monitoring” or the Connecticut Data Privacy Act (the “CDPA” or the “Act”). The Act will take effect July 1, 2023 giving covered organizations about 14 months to become compliant.
Continue Reading New England’s New Privacy Act: Connecticut Becomes the Fifth State To Enact Comprehensive Data Privacy Act

The SEC published in March 2022 a dauntingly complex proposal to require public companies to provide climate-related disclosures.[1]  The period for public comment on the proposal is very short, and it seems clear that a majority of the Commission is determined to proceed quickly.
Continue Reading The SEC’s Climate Proposal – Top Points for Comment

Last month, the U.S. Securities and Exchange Commission issued a proposal to enhance and standardize disclosure requirements related to cybersecurity incident reporting and cybersecurity risk management, strategy, and governance. Among other changes, the SEC’s proposal would require disclosure about material cybersecurity incidents within four business days and require annual disclosure regarding a registrant’s policies and

After nearly two years of detailed negotiations, on March 25, 2022, U.S. President Joe Biden and European Commission President Ursula von der Leyen announced an “agreement in principle” on a new Trans-Atlantic Data Privacy Framework (the “Framework”) to re-establish an important legal mechanism to effectuate cross-border transfers of personal data from the EU to the U.S. The Framework is hoped to address concerns raised by the decision of the Court of Justice of the European Union (the “CJEU”) in Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (2020) (“Schrems II”).
Continue Reading Schrems III? The European Commission and U.S. Government Announce New Trans-Atlantic Data Privacy Framework

Following the lead of California, Virginia and Colorado (as previously discussed here, here and here respectively), on March 24, 2022, Utah became the fourth state to enact an omnibus privacy law, creating compliance obligations for businesses that collect and process personal data of Utah residents and providing such residents more control over their data.

Continue Reading Businesses Buzzing With News of Utah’s New Comprehensive Privacy Law

On March 15, 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022, which imposes federal reporting requirements for cyber incidents and ransomware attack payments.  The legislation will require covered critical infrastructure entities to report to the Cybersecurity and Infrastructure Security Agency within 72 hours of forming a

In October 2021, the U.S. Department of Justice announced the launch of its new Civil Cyber-Fraud Initiative, which aims to hold government contractors and grant recipients accountable for cyber-related fraud under the False Claims Act.

Two recent developments provide insight into how the Justice Department will pursue cases under this new initiative, and reveal the

On March 9, 2022, President Biden signed a wide-ranging Executive Order on Ensuring Responsible Development of Digital Assets (the “Order”).  While the Order does not mandate any particular regulatory prescriptions, it lays out key policy goals for a whole-of-government approach to digital asset regulation and directs the U.S. Government to assess the potential for a