Alston & Bird Privacy, Cyber & Data Strategy Blog

CPPA Publishes Revised Cybersecurity Audit Regulations in Advance of Board Meeting

November 27, 2023 By Lance Taubin and Kristen Bartolotta

On December 8, 2023, the California Privacy Protection Agency (CPPA) will hold a board meeting seeking public comment on various privacy regulations. The meeting, which will take place on Zoom, will cover several topics listed in its published agenda. The New CPRA Rules Subcommittee will provide an update and present on the Draft Regulations on Automated Decision-making Technology, Risk Assessments, and Cybersecurity Audits. Other topics for discussion include proposed insurance regulations … [Read more] about CPPA Publishes Revised Cybersecurity Audit Regulations in Advance of Board Meeting

Colorado AG Publishes Shortlist of Universal Opt-Out Mechanisms

November 21, 2023 By Daniel Felz and Hyun Jai Oh

On November 21, 2023, the Colorado Attorney General (the “AG”) published a shortlist of potential universal opt-out mechanisms (“UOOMs”) that the AG is considering recognizing as binding under the Colorado Privacy Act (the “CPA”). Beginning on … [Read more] about Colorado AG Publishes Shortlist of Universal Opt-Out Mechanisms

Ransomware Group, in Midst of Extortion Attempt, Files Regulatory Notice with SEC

November 17, 2023 By Kim Peretti, Kate Hanniford, Alysa Austin and Lance Taubin

Just a month before the Security and Exchange Commission’s (“SEC’s”) Material Cybersecurity Incidents Rule is set to take effect, a ransomware group has apparently taken compliance with reporting requirements into its own hands. On November 15, … [Read more] about Ransomware Group, in Midst of Extortion Attempt, Files Regulatory Notice with SEC

FTC Approves New Data Breach Notification Requirement for Non-Banking Financial Institutions

October 31, 2023 By Kim Peretti, Kate Hanniford, Amy Mushahwar, Kathleen Benway and Lance Taubin

On October 27, 2023, the FTC approved an amendment to the Safeguards Rule (the “Amendment”) requiring that non-banking financial institutions notify the FTC in the event of a defined “Notification Event” where customer information of 500 or … [Read more] about FTC Approves New Data Breach Notification Requirement for Non-Banking Financial Institutions

China Releases Major Changes in its Draft Regulations on Cross-border Data Flows

October 24, 2023 By Kim Peretti, Lance Taubin and Kristen Bartolotta

At the end of September 2023, the Cyberspace Administration of China (CAC) released draft regulations (see the unofficial English translation) regulating the cross-border flow of personal information and important data out of the Peoples Republic of … [Read more] about China Releases Major Changes in its Draft Regulations on Cross-border Data Flows