Today, the California Attorney General’s office provided “Notice of Fourth Set of Modifications” to regulations under the California Consumer Privacy Act. The new proposed regulatory text would modify the current regulations which took effect in August. The latest proposal responds to comments on a prior draft and primarily addresses the presentation of the right to […]
Data Protection
European Commission Publishes Draft ‘Article 28’ Standard Contractual Clauses
In addition to issuing new (draft) standard contractual clauses for transferring personal data outside of the EEA, on November 12, the European Commission published a draft decision on standard contractual clauses between controllers and processors (‘Clauses’) for the matters referred to in Article 28(3) and (4) of Regulation (EU) 2016/679 (“GDPR”). Article 28(3) and (4) […]
Alston & Bird Analyzes New California Privacy Rights Act in Client Alert
Yesterday, California voters approved a ballot initiative containing the California Privacy Rights Act of 2020. The ballot initiative significantly revises the existing California Consumer Privacy Act to create arguably the most comprehensive state privacy law in the United States. Alston & Bird has now issued a client alert explaining key impacts of this law. The […]
State Financial Regulators Issue Ransomware Mitigation Tool
On October 13, 2020, state financial regulators in partnership with the Bankers Electronic Crimes Taskforce and the U.S. Secret Service, released the Ransomware Self-Assessment Tool (R-SAT) to help financial institutions mitigate the risks of ransomware. The R-SAT is a detailed questionnaire designed to evaluate the effectiveness of an institution’s general security controls as well as […]
FinCEN Alerts Financial Institutions on Role in Facilitating Ransomware Attacks
With an increase in the frequency, sophistication, and cost of ransomware attacks, the Financial Crimes Enforcement Network (FinCEN) issued an advisory on October 1, 2020 alerting financial institutions to ransomware trends and typologies, and related financial red flags, that may result in a regulatory obligation to report and share information related to ransomware attacks. Based […]