Alston & Bird Privacy, Cyber & Data Strategy Blog

EU Standard Contractual Clauses (SCCs) Deadline is Looming

November 28, 2022 By Wim Nauwelaerts and Paul Greaves

Companies relying on the SCCs as a data transfer tool have less than a month to update their existing contracts (if they haven’t done so already). WHAT HAPPENED? The EU General Data Protection Regulation (GDPR) allows companies that want to transfer personal data protected by the GDPR to third countries outside the EU/EEA to do so using contractual clauses that ensure appropriate data protection safeguards. The most frequently-used clauses are the so-called Standard Contractual Clauses … [Read more] about EU Standard Contractual Clauses (SCCs) Deadline is Looming

NYDFS Releases Significant Enhancements to its Cybersecurity Regulation in the Proposed Second Amendment

November 18, 2022 By Kim Peretti, Kate Hanniford, Ashley Miller and Lance Taubin

The New York Department of Financial Services (“DFS”) released their proposed second amendment to the Cybersecurity Regulation, 23 NYCRR Part 500 (“Proposed Second Amendment”) on October 9, 2022. DFS issued a minor amendment on April 2, 2020, … [Read more] about NYDFS Releases Significant Enhancements to its Cybersecurity Regulation in the Proposed Second Amendment

FTC Delays Effective Date of Certain Changes to the Safeguard Rule

November 17, 2022 By Kathleen Benway and Hyun Jai Oh

On November 15, 2022, the Federal Trade Commission (FTC) announced that it is delaying the effective date of certain changes to the Gramm–Leach–Bliley Safeguards Rule. The Safeguards Rule, which first became operative in 2003, imposes certain … [Read more] about FTC Delays Effective Date of Certain Changes to the Safeguard Rule

European Parliament Adopts “NIS2” Cybersecurity Directive

November 13, 2022 By Paul Greaves

On November 10, 2022, the European Parliament adopted a new cybersecurity directive (the “NIS2 Directive”), which is designed to replace and repeal the existing EU Directive on the Security of Network and Information Systems (Directive 2016/1148/EC) … [Read more] about European Parliament Adopts “NIS2” Cybersecurity Directive

California Privacy Protection Agency Issues Notice of Modifications to Proposed CPRA Regulations

November 7, 2022 By Josh Fox

On November 3, 2022, the California Privacy Protection Agency (“CPPA”) issued a notice of modifications to the Proposed Regulations implementing the California Privacy Rights Act (“CPRA”). These proposed modifications come in response to public … [Read more] about California Privacy Protection Agency Issues Notice of Modifications to Proposed CPRA Regulations