Privacy & Cyber Regulatory Enforcement

International Data Transfers: European Commission Gives Green Light to EU-U.S. Data Privacy Framework

July 12, 2023 By Wim Nauwelaerts, Alice Portnoy and Paul Greaves

What Happened? On July 10, 2023, the European Commission (‘EC’) adopted its long-awaited adequacy decision approving the EU-U.S. Data Privacy Framework (‘DPF’). By doing so, the EC is confirming that personal data transferred to the U.S. under the DPF is adequately protected in line with the EU GDPR’s international data transfer rules. Transfers of personal […]

NY DFS Releases Revised Proposed Second Amendment of its Cybersecurity Regulation

July 11, 2023 By Kim Peretti, Kate Hanniford, Ashley Miller and Lance Taubin

The New York Department of Financial Services (“NY DFS”) published an updated proposed Second Amendment to its Cybersecurity Regulation (23 NYCRR Part 500) in the New York State Register on June 28, 2023, updating its previous proposed Second Amendment, which was published November 9, 2022. While the language proposed is largely similar to the previous […]

SEC’s Proposed Cybersecurity Rules Delayed Yet Again

July 6, 2023 By Kim Peretti and Lance Taubin

On June 13, 2023, the Securities and Exchange Commission (“SEC”) published its Spring 2023 rulemaking agenda that delayed finalizing the proposed Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule for public companies and proposed rule on Cyber Risk Management for Investment Advisers, Registered Investment Companies and Business Development Companies until at least October 2023. […]

NYDFS Penalizes bitFlyer $1.2 Million for Violations to Cybersecurity Regulation

May 13, 2023 By Kim Peretti, Kate Hanniford, Lance Taubin and Ashley Miller

On May 1, 2023, bitFlyer USA, Inc. (“bitFlyer”) entered into a Consent Order with the New York Department of Financial Services (“DFS”) for multiple deficiencies in bitFlyer’s cybersecurity program, most notably for failure to conduct periodic risk assessments to sufficiently inform the design of bitFlyer’s cybersecurity program (as required by 23 NYCRR § 500.09(a)). BitFlyer […]

China’s Standard Contractual Clauses for Cross-Border Transfers of Personal Information

April 3, 2023 By Kim Peretti and Lance Taubin

On February 24, 2023, the Cyberspace Administration of China (“CAC”) released its final version of the Standard Contract Measures for Exporting Personal Information (“Standard Contract Measures”), accompanied by a template contract outlining the standard contractual clauses (the “PIPL SCCs”). The Standard Contract Measures are effective June 1, 2023, however, organizations transferring personal information outside of […]