Alston & Bird Privacy, Cyber & Data Strategy Blog

Federal Bank Regulatory Agencies Release Final Rule to Require Notification of Cyber Incidents

November 22, 2021 By Kate Hanniford

On November 18, 2021, the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, and the Federal Deposit Insurance Corporation jointly announced the approval of a final rule to improve the sharing of information about cyber incidents that may affect the U.S. banking system. The rule applies to banking organizations, including national banks, U.S. bank holding companies, and insured state savings associations, as well as bank service providers. Banking … [Read more] about Federal Bank Regulatory Agencies Release Final Rule to Require Notification of Cyber Incidents

EDPB issues draft guidelines on the interplay between the GDPR’s provisions on territorial scope and international data transfers

November 22, 2021 By Yung Shin Van Der Sype and Wim Nauwelaerts

On November 18, the European Data Protection Board (“EDPB”) released draft guidelines on the interplay between Article 3 GDPR – which sets out the GDPR’s territorial scope – and the provisions in Chapter V of the GDPR, which impose restrictions on … [Read more] about EDPB issues draft guidelines on the interplay between the GDPR’s provisions on territorial scope and international data transfers

Department of Defense Suspends the CMMC Pilot Program And CMMC Requirements In DoD Solicitations Pending Major Changes For CMMC 2.0.

November 5, 2021 By Amy Mushahwar and Jon Knight

The Department of Defense (“DoD”) recently announced it will be revamping the nascent Cybersecurity Maturity Model Certification (“CMMC”) program pending two separate rulemaking processes. As detailed below, the DoD will be updating “the program … [Read more] about Department of Defense Suspends the CMMC Pilot Program And CMMC Requirements In DoD Solicitations Pending Major Changes For CMMC 2.0.

Belgian Supreme Court rules that Data Protection Authority may impose administrative fines even where a data subject’s personal data were not processed

November 2, 2021 By Yung Shin Van Der Sype, Paul Greaves and Wim Nauwelaerts

The Belgian Supreme Court ruled in a judgment of Oct. 7, 2021 that a data subject has the right to lodge a complaint with the Data Protection Authority against a processing practice that violates the GDPR (in this case, the data minimization … [Read more] about Belgian Supreme Court rules that Data Protection Authority may impose administrative fines even where a data subject’s personal data were not processed

FTC Revises the Safeguards Rule and Proposes Mandatory Reporting of Cybersecurity Events

November 1, 2021 By Kathleen Benway, Kim Peretti and Kate Hanniford

On October 27, 2021, the FTC released its much-anticipated final revisions to the Gramm-Leach-Bliley Safeguards Rule (Safeguards Rule or Final Rule), following a 3-2 vote along party lines and also released a notice of proposed rulemaking that would … [Read more] about FTC Revises the Safeguards Rule and Proposes Mandatory Reporting of Cybersecurity Events