On August 22, 2022, the Federal Trade Commission (FTC) published its advance notice of proposed rulemaking (ANPR) to request public comment on commercial surveillance and data security practices. The ANPR comes at the same time as Congress is considering the federal American Data Privacy and Protection Act (ADPPA). The FTC seeks public comment on a […]
Enforcement
CPPA Board Opposes American Data Privacy and Protection Act
On July 28, 2022, the California Privacy Protection Agency Board held a special public meeting to discuss state law preemption in the American Data Privacy and Protection Act (ADPPA). ADPPA, as currently drafted, preempts much of the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). The Board moved to […]
UK Information Commissioner’s Office Issues Warning on Ransomware Payments
On July 8, 2022, the UK Information Commissioner’s Office (UK ICO) together with the UK National Cyber Security Centre (NCSC), published a joint letter asking the Law Society of England & Wales to remind its members that they should not advise clients to pay ransomware demands should they fall victim to a cyber-attack. The Law […]
New Cybersecurity Rules In India Impose Strict Reporting Requirements and Steep Penalties
The Indian Computer Emergency Response Team (“CERT-In”) issued Directions on April 28, 2022 “to strengthen the cybersecurity in the country” and that has significant implications for the cybersecurity landscape. Effective June 27, 2022, the Directions, among other requirements, impose a strict 6-hour timeline for notice of a cybersecurity incident and expands the types of cybersecurity […]
EU and U.S. Reach Agreement In Principle on a Replacement for the EU-U.S. Privacy Shield
On March 25, 2022, the European Commission and the United States announced that they have reached an “agreement in principle” on a replacement for the EU-U.S. Privacy Shield, which was invalidated by the Court of Justice of the European Union in 2020. The new framework will be designed to allow personal data to flow freely […]