On March 26, 2024, the CNIL published the 2024 edition of its Practice Guide for the Security of Personal Data, which is intended to support organizations in their efforts to implement adequate security measures in compliance with their security obligations under the GDPR.
Privacy & Information Security Law Blog
Global Privacy and Cybersecurity Law Updates and Analysis
Latest from Privacy & Information Security Law Blog
OFAC Settlement Illustrates Sanctions Compliance Risks for Foreign Asset Managers Trading U.S. Securities
On March 14, 2024, the U.S. Department of the Treasury’s Office of Foreign Assets Control announced a settlement with EFG International AG regarding violations of OFAC rules alleged to have occurred as a result of the firm’s buying, selling and holding U.S. securities on behalf of persons sanctioned by OFAC. This blog entry provides a…
New Era of Regulation for Cross-Border Transfers in China
On March 22, 2024, the Cyberspace Administration of China issued the Provisions on Facilitation and Regulation of Cross-Border Data Flows, which were effective the same day. The CAC also held a press conference to introduce and explain the Provisions. This blog entry provides a summary of the Provisions.…
House Passes the Protecting Americans’ Data from Foreign Adversaries Act
On March 20, 2024, the U.S. House of Representatives passed legislation that will prohibit data brokers from transferring U.S. residents’ sensitive personal data to foreign adversaries, including China and Russia. The Protecting Americans’ Data from Foreign Adversaries Act of 2024 marks a significant development in executive and legislative action related to foreign access to U.S.…
Virginia Legislature Passes Children’s Privacy Bill
Earlier this month, the Virginia legislature passed S.B. 361, which amends the Virginia Consumer Data Protection Act to introduce new protections for children’s privacy. If signed by the Virginia Governor, the new children’s privacy protections will go into effect on January 1, 2025.…
Utah Enacts Amendments to State Breach Notification Law
Utah Governor Spencer J. Cox signed another data-related bill into law, Senate Bill (SB) 98, Online Data Security and Privacy Amendments.…
FTC Proposes $26 Million Penalty for Deceptive Marketing
After potential warning signs spanning several years, the Federal Trade Commission brought a proposed $26 million enforcement action against two entities selling virus protection software to consumers via online and telemarketing sales.…
CIPL Files Response to FTC’s Notice of Proposed Rulemaking on the COPPA Rule
The Centre for Information Policy Leadership at Hunton Andrews Kurth recently filed its response to the Federal Trade Commission’s notice of proposed rulemaking, which addresses amendments to the Children’s Online Privacy Protection Rule.…
Utah Governor Signs Spate of Privacy Bills into Law
Last week, Utah Governor Spencer J. Cox signed three privacy-related bills into law. The bills are focused on, respectively, protection of motor vehicle consumer data, regulations on social media companies with respect to minors, and access to protected health information by third parties.…
UK ICO Publishes New Guidance on Fines
On March 18, 2024, the UK Information Commissioner’s Office published new data protection fining guidance on how the ICO decides to determine penalties and calculate fines.…