On November 10, 2022, the European Parliament adopted a new cybersecurity directive (the “NIS2 Directive”), which is designed to replace and repeal the existing EU Directive on the Security of Network and Information Systems (Directive 2016/1148/EC) (the “NIS Directive”). The objective of the NIS2 Directive is to achieve a higher level of cybersecurity within the EU […]
Legislation
CISA Issues Request for Information Prior to Required CIRCIA Rulemaking
On September 12, 2022, the Cybersecurity and Infrastructure Security Agency (CISA) issued a request for information (RFI) seeking input from stakeholders on the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Signed by President Biden in March, CIRCIA requires CISA to develop and implement regulations requiring covered entities to report information about covered […]
CPPA Board Opposes American Data Privacy and Protection Act
On July 28, 2022, the California Privacy Protection Agency Board held a special public meeting to discuss state law preemption in the American Data Privacy and Protection Act (ADPPA). ADPPA, as currently drafted, preempts much of the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). The Board moved to […]
Colorado Issues Pre-Rulemaking Considerations for the Colorado Privacy Act
On April 12, 2022, the Colorado Department of Law (the “Department”) released its Pre-Rulemaking Considerations for the Colorado Privacy Act (the “CPA”), following state Attorney General Phil Weiser’s remarks at the International Association of Privacy Professionals’ (IAPP) Global Privacy Summit in Washington, D.C. The Department seeks informal input on several topics in addition to general […]
Senate Passes Significant Cyber Bill Requiring Cyber Incident Reporting
The Strengthening American Cybersecurity Act of 2022, a bill that narrowly failed to become law last year, was passed in the Senate on Tuesday, March 1 as a package of cybersecurity measures that would require operators of critical infrastructure and federal civilian agencies to report cyber incidents to the Department of Homeland Security’s Cybersecurity and […]