Privacy & Cyber Regulatory Enforcement

EU Standard Contractual Clauses (SCCs) Deadline is Looming

November 28, 2022 By Wim Nauwelaerts and Paul Greaves

Companies relying on the SCCs as a data transfer tool have less than a month to update their existing contracts (if they haven’t done so already). WHAT HAPPENED? The EU General Data Protection Regulation (GDPR) allows companies that want to transfer personal data protected by the GDPR to third countries outside the EU/EEA to do […]

NYDFS Releases Significant Enhancements to its Cybersecurity Regulation in the Proposed Second Amendment

November 18, 2022 By Kim Peretti, Kate Hanniford, Ashley Miller and Lance Taubin

The New York Department of Financial Services (“DFS”) released their proposed second amendment to the Cybersecurity Regulation, 23 NYCRR Part 500 (“Proposed Second Amendment”) on October 9, 2022. DFS issued a minor amendment on April 2, 2020, revising the certification of compliance date (from February to April). The Proposed Second Amendment follows DFS’s “pre-proposed” draft […]

European Parliament Adopts “NIS2” Cybersecurity Directive

November 13, 2022 By Paul Greaves

On November 10, 2022, the European Parliament adopted a new cybersecurity directive (the “NIS2 Directive”), which is designed to replace and repeal the existing EU Directive on the Security of Network and Information Systems (Directive 2016/1148/EC) (the “NIS Directive”). The objective of the NIS2 Directive is to achieve a higher level of cybersecurity within the EU […]

California Privacy Protection Agency Issues Notice of Modifications to Proposed CPRA Regulations

November 7, 2022 By Privacy, Cyber & Data Strategy Team

On November 3, 2022, the California Privacy Protection Agency (“CPPA”) issued a notice of modifications to the Proposed Regulations implementing the California Privacy Rights Act (“CPRA”). These proposed modifications come in response to public comments on, and are meant to clarify, previously issued modifications. The modifications, which are largely based on the Modified Proposed Regulations […]

Recent FTC Order Has Implications for Executive Liability and Corporate Data Minimization Practices

October 28, 2022 By Kim Peretti, Alysa Austin and Kristen Bartolotta

On October 24, 2022, the Federal Trade Commission (“FTC”) announced a proposed consent order against both Drizly LLC, an online marketplace for alcohol delivery, and its CEO over the company’s alleged security failures that led to a data breach in 2020, which exposed the personal information of approximately 2.5 million Drizly customers. Drizly and its […]