Alston & Bird Privacy, Cyber & Data Strategy Blog

Privacy

Heavier Breach Notification Obligations for U.S. Companies Subject to the EU GDPR According to Proposed Regulatory Guidance from the EDPB

By

On October 18, 2022, the European Data Protection Board (“EDPB”) published a proposed updated version of its regulatory guidance on personal data breaches under the EU GDPR (the “Proposed Updated Guidance”). The Proposed Updated Guidance seeks to place heavier personal data breach notification obligations on controllers established in the U.S. (and other non-EU countries) but […]

California Privacy Protection Agency Publishes Updated CPRA Regulations

By

Today, October 17, 2022, the California Privacy Protection Agency (“CPPA”) published its first set of Modified Proposed Regulations under the California Privacy Rights Act (“CPRA”).  The Modified Regulations have been published in preparation for a scheduled meeting of the CPPA Board on October 21 and 22 to discuss possible actions regarding the proposed regulations. Along […]

The White House Introduces new Blueprint for an AI Bill of Rights

By

On October 4, 2022, the White House Office of Science and Technology released the Blueprint for an AI Bill of Rights (the Bill) to guide the development and use of artificial intelligence (AI) in the United States. The White House recognized that while AI is a powerful driver of innovation, the technology can also be […]

SEC Sends a Message to Investment Advisers: Take Secure Data Disposal Seriously

By

  On September 20, 2022, the Securities and Exchange Commission (SEC) settled an enforcement action with a large, registered investment adviser (the Firm) for alleged violations of the Safeguards Rule and the Disposal Rule of Regulation S-P that arose in the context of a data disposal process, imposing a $35 million penalty. Specifically, the SEC […]

Sephora Ordered to “Make-Up” for CCPA Violations

By

On August 24, 2022, California Attorney General Rob Bonta announced a $1.2 million dollar settlement with Sephora to account for alleged violations of the California Consumer Privacy Act (CCPA).  This is the first CCPA enforcement action taken by the California AG that has resulted in a fine and settlement. The Attorney General’s Complaint alleged Sephora […]