The Department of Defense (“DoD”) recently announced it will be revamping the nascent Cybersecurity Maturity Model Certification (“CMMC”) program pending two separate rulemaking processes. As detailed below, the DoD will be updating “the program structure and the requirements to streamline and improve implementation of the CMMC program.” We will be monitoring the rulemaking process for […]
Belgian Supreme Court rules that Data Protection Authority may impose administrative fines even where a data subject’s personal data were not processed
The Belgian Supreme Court ruled in a judgment of Oct. 7, 2021 that a data subject has the right to lodge a complaint with the Data Protection Authority against a processing practice that violates the GDPR (in this case, the data minimization principle in Article 6 of the GDPR), even where the data subject’s personal […]
Department of Justice Announces New Civil Fraud Cybersecurity Enforcement Team
On October 6, 2021, Deputy Attorney General Lisa O. Monaco announced the launch of the Department of Justice’s Civil Cyber-Fraud Initiative. The Department plans to use civil enforcement tools to “pursue…those who are government contractors who receive federal funds, when they fail to follow required cybersecurity standards.” Stating the Department will pursue “very hefty fines,” […]
China’s First Comprehensive Personal Information Protection Law – Key Takeaways
On August 20, 2021, China’s first comprehensive Personal Information Protection Law (“PIPL”) was passed into law. The Cybersecurity Law, the Data Security Law, and the PIPL of China are the three pillars of China’s data protection framework, which govern cybersecurity, data security, and personal information protection respectively. The Cybersecurity Law largely governs cybersecurity requirements for […]
EDPB reports on EU Data Protection Authorities’ resources and enforcement actions
Earlier this month, the European Data Protection Board (EDPB) published a report on the resources that the EU Member States make available to their Data Protection Authorities (DPA) and on the enforcement actions initiated by those DPAs. Resources made available by the EU Member States to the DPAs The EDPB report releases statistics on both […]