The Italian Garante per la Protezione dei dati Personali (‘Italian SA’) published a decision of February 10, 2022 in which it imposes a 20 million EUR fine on a company outside of Europe for violation of the EU General Data Protection Regulation (‘GDPR’). Clearview AI is a U.S.-based company that provides search engine services involving […]
Data Protection
Senate Passes Significant Cyber Bill Requiring Cyber Incident Reporting
The Strengthening American Cybersecurity Act of 2022, a bill that narrowly failed to become law last year, was passed in the Senate on Tuesday, March 1 as a package of cybersecurity measures that would require operators of critical infrastructure and federal civilian agencies to report cyber incidents to the Department of Homeland Security’s Cybersecurity and […]
Georgia Introduces Privacy Bill Stricter than CCPA – the Top 10 Issues
On January 26, 2022, the Georgia General Assembly introduced a bill titled the Georgia Computer Data Privacy Act (GCDPA). Despite its title, the GCDPA is not a “computer”-focused bill. It is instead is an omnibus privacy statute modeled after California’s Consumer Privacy Act (CCPA). The GCDPA was introduced by the Republican leadership in Georgia’s state […]
Incomplete Cybersecurity Compliance Disclosures May Support Fraud Claim Under the False Claims Act, Federal Court Holds
At the heels of a recent Civil Cyber-Fraud Initiative related to cybersecurity practices and the False Claims Act (FCA), a cybersecurity-related FCA case has survived a motion for summary judgment, teeing up a trial to determine if the defendants’ cybersecurity compliance disclosures were materially incomplete and if any misstatements were knowingly made. On February 1, […]
Belgian Data Protection Authority Fines Bank for DPO’s Conflicting Roles
In a decision of December 16, 2021, the Belgian Data Protection Authority (“DPA”) imposed a EUR 75,000 administrative fine on a bank located in Belgium for failure to comply with the requirement in Article 38.6 of the General Data Protection Regulation (“GDPR”) that the tasks and duties of the Data Protection Officer (“DPO”) must not […]