Legislation

Oregon Becomes the Fourth State to Enact a Data Broker Law

August 11, 2023 By Maki DePalo and Hyun Jai Oh

Oregon Governor Tina Kotek signed into law the Bill Relating to Registration of Business Entities that Qualify as Data Brokers (HB 2052) (the “Act”) on July 27, 2023. Effective January 1, 2024, the Act will require data brokers to annually register with the Oregon Department of Consumer and Business Services (the “Department”). The Act makes […]

Texas Becomes Tenth State to Enact a Comprehensive State Privacy Law

July 13, 2023 By Kim Peretti and Dorian Simmons

On June 18, 2023, Texas Governor Greg Abbott signed the Texas Data Privacy and Security Act (HB 4) (“TDPSA”) into law, making Texas the latest contributor to the growing patchwork of comprehensive U.S. state privacy laws. TDPSA takes effect July 1, 2024, except for provisions that enable consumers to designate authorized agents to exercise on […]

European Parliament Adopts “NIS2” Cybersecurity Directive

November 13, 2022 By Paul Greaves

On November 10, 2022, the European Parliament adopted a new cybersecurity directive (the “NIS2 Directive”), which is designed to replace and repeal the existing EU Directive on the Security of Network and Information Systems (Directive 2016/1148/EC) (the “NIS Directive”). The objective of the NIS2 Directive is to achieve a higher level of cybersecurity within the EU […]

CISA Issues Request for Information Prior to Required CIRCIA Rulemaking

September 13, 2022 By Kim Peretti and Kristen Bartolotta

On September 12, 2022, the Cybersecurity and Infrastructure Security Agency (CISA) issued a request for information (RFI) seeking input from stakeholders on the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Signed by President Biden in March, CIRCIA requires CISA to develop and implement regulations requiring covered entities to report information about covered […]

CPPA Board Opposes American Data Privacy and Protection Act

August 1, 2022 By Dorian Simmons

On July 28, 2022, the California Privacy Protection Agency Board held a special public meeting to discuss state law preemption in the American Data Privacy and Protection Act (ADPPA). ADPPA, as currently drafted, preempts much of the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). The Board moved to […]