Privacy, Cyber, & Data Strategy Blog

On March 15, 2023, the European Data Protection Board (“EDPB”) – the body through which the EU Member States’ Supervisory Authorities cooperate – along with 26 EU Supervisory Authorities officially launched a “coordinated enforcement action”, focusing on the designation of Data Protection Officers (“DPOs”) under the EU GDPR, and the position that DPOs hold in

The National Association of Insurance Commissioners (NAIC) Privacy Protections Working Group (the “Working Group”) released Insurance Consumer Privacy Protection Model Law #674 (“Model 674”) for comment on February 1, 2023. Model 674 is intended to modernize and replace the Insurance Information and Privacy Protection Model Act #670 (“Model 670”) and the Privacy of Consumer Financial

The California Privacy Protection Agency (CPPA) issued an Invitation for Preliminary Comments on Proposed Rulemaking (Invitation) Friday as it considers new rules regarding Risk Assessments, Cybersecurity Audits, and Automated Decisionmaking. The proposed rulemaking is pursuant to California Civil Code § 1798.185(a)(15)-(16), which directs the CPPA to draft regulations on these topics. Although the Invitation enumerates

The California Attorney General on Friday announced a new investigative sweep under the California Consumer Privacy Act (CCPA).  The announcement marks the third year in a row in which the Attorney General’s office has initiated a significant enforcement or regulatory initiative on Data Privacy Day[1].  This year, Attorney General Bonta’s team is focusing on B2C

On January 31, 2023, at 12:30 – 1:30 pm ET, join Peter Swire, Wim Nauwelaerts, David Keating, Karen Sanzaro, and Dorian Simmons in an engaging discussion focusing on trends and anticipated developments in privacy and cyber law in 2023. We will discuss recent regulatory and industry developments in the U.S. and E.U., where things appear

On January 6, 2023, the FCC released a Notice of Proposed Rulemaking (the “Notice”) proposing to “modernize the Commission’s data breach rules,” and thereby launching a formal effort to gather information from the industry on the issue of data breach reporting. The Notice, adopted on December 28, 2022, seeks to strengthen its rules with the

What Happened? On December 13, 2022, the European Commission (the “Commission”) took a significant step towards the adoption of the EU-U.S. Data Privacy Framework (“DPF”). The DPF is a new framework designed to replace the EU-U.S. Privacy Shield (“Privacy Shield”), which was struck down by Court of Justice of the European Union in the Schrems