Tag

Data Privacy & Security

Browsing

In Brief On May 1, 2023, Governor Eric Holcomb’s signed Indiana’s Consumer Data Protection Act into law, making Indiana the seventh US state to pass comprehensive consumer data privacy law — joining California, Iowa, Utah, Connecticut, Virginia, and Colorado (Tennessee has since enacted a consumer privacy statute; and Montana and Texas have passed laws that are currently awaiting their respective governors’ signatures). The Consumer Data Protection Act closely tracks prevailing trends in US state privacy…

After a slowdown in 2022–US states are back at the drawing board of consumer privacy laws with four passing in the last month alone. Here, we break down what you need to know about the Montana and Tennessee bills. In brief The early months of 2023 have brought a bumper crop of new state privacy legislation, with Tennessee and Montana legislatures poised to become the eighth and ninth states to enact comprehensive privacy laws. The…

In brief Companies that export personal data out of China have roughly one month to adopt China’s Standard Contractual Clauses (“SCCs”) to comply with the Cyberspace Administration of China’s (“CAC”) deadline of June 1, 2023. As outlined in previous client alerts, the SCCs are one of three mechanisms in place for cross-border data transfers from mainland China to other jurisdictions. Many multinationals will be impacted by these requirements because Chinese employment data, which is…

In brief The European Data Protection Board (EDPB) has begun the 2023 iteration of its annual coordinated enforcement action under the General Data Protection Regulation (GDPR). In coordination with twenty-six EDPB Supervisory Authorities (SAs), the EDPB will analyze the roles, tasks, resources, and positions of Data Protection Officers (DPOs) in public and private sector organizations. DPOs should expect to receive requests soon from Supervisory Authorities to respond to questionnaires intended to aid that analysis, describing…

In Brief On Thursday March 23, Utah Governor Spencer Cox signed two bills — S.B. 152 and H.B. 311 (collectively, the “Utah Social Media Regulation Act”) —that impose new requirements and limitations on children’s use of social media platforms. Background Together, both S.B. 152 and H.B. 311 enact the Utah Social Media Regulation Act, which is set to go into effect on March 1, 2024. Once in effect, S.B. 152 will require social media platforms…

In Brief On March 15, 2023, the US Securities Exchange Commission (“SEC”) proposed amendments to Regulation S-P (“Reg S-P”). If adopted, the amendments would introduce new data security and governance requirements for broker-dealers, investment companies, and investment advisers registered with the SEC. Background When the SEC first promulgated Regulation S-P in 2000, the goal was to ensure that covered entities establish adequate safeguards to protect customer information. The existing version consists essentially of two cornerstone…

In Brief On March 7, 2023, China’s State Council unveiled plans to consolidate the country’s data protection functions into a single National Data Bureau to address the inconsistencies around the administration of China’s data and security laws. Background The privacy and security legal landscape in China has quickly evolved in recent years. The Cybersecurity Law (CSL) was adopted in 2017, and modified in 2022. The Personal Information Protection Law (PIPL) and the Data Security Law…

In brief On February 28, 2023, the European Data Protection Board (“EDPB”) published its non-binding opinion on the European Commission’s draft adequacy decision for the EU-U.S. Data Privacy Framework (“DPF”). As we have previously written, the DPF is intended to re-establish one of the legal mechanisms for transfers of personal data from the European Union (“EU”) to the U.S. The DPF replaces the EU-U.S. Privacy Shield (“Privacy Shield”), which the EU Court of Justice (“CJEU”)…

In Brief Global regulations to govern the development and use of artificial intelligence (“AI”) are being reviewed and implemented in rapid pace. While the U.S. does not have a comprehensive regulatory framework for AI, there are initiatives underway at the federal and state level, including the framework recently released by the National Institute of Standards and Technology (“NIST”), the AI Risk Management Framework (“RMF”). Background AI technology has a wide range of benefits, including increased…

In this episode, Brian Hengesbaugh, Global Chair of Privacy & Security, is joined by Ben Slinn, senior associate in London, as they discuss data privacy predictions across the globe for the year ahead. Listen in to hear about: The data protection regime in the UK post Brexit and what lies ahead Trends and issues that we are seeing from an EU perspective Key developments and significant changes on the horizon outside of the EU For…