Privacy & Cyber Regulatory Enforcement

CPPA Expected Not to Meet CPRA Rulemaking Deadline

February 17, 2022 By David Keating and Dorian Simmons

At a board meeting held by the California Privacy Protection Agency (CPPA) on February 17, 2022, Executive Director Ashkan Soltani announced that the CPPA does not expect to meet the July 1, 2022, statutory deadline for adopting final regulations under the California Privacy Rights Act. The CPPA plans to schedule meetings in March and April […]

Georgia Introduces Privacy Bill Stricter than CCPA – the Top 10 Issues

February 10, 2022 By Daniel Felz

On January 26, 2022, the Georgia General Assembly introduced a bill titled the Georgia Computer Data Privacy Act (GCDPA). Despite its title, the GCDPA is not a “computer”-focused bill. It is instead is an omnibus privacy statute modeled after California’s Consumer Privacy Act (CCPA). The GCDPA was introduced by the Republican leadership in Georgia’s state […]

SEC Proposed Rule Will Require Private Funds to Report Certain Cyber Events

January 31, 2022 By Kate Hanniford and Alysa Austin

On January 26, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new rules to enhance hedge fund and private fund disclosure requirements and increase regulators’ visibility into the private funds industry. The proposed rules would amend the SEC’s Form PF, the confidential reporting form by which private funds disclose regulatory assets to the SEC, […]

Belgian Data Protection Authority Fines Bank for DPO’s Conflicting Roles

January 31, 2022 By Wim Nauwelaerts and Privacy, Cyber & Data Strategy Team

In a decision of December 16, 2021, the Belgian Data Protection Authority (“DPA”) imposed a EUR 75,000 administrative fine on a bank located in Belgium for failure to comply with the requirement in Article 38.6 of the General Data Protection Regulation (“GDPR”) that the tasks and duties of the Data Protection Officer (“DPO”) must not […]

EDPB Issues Draft Guidelines on Data Subject Access Rights

January 30, 2022 By Paul Greaves, Wim Nauwelaerts and Privacy, Cyber & Data Strategy Team

On January 28, 2022, the European Data Protection Board (“EDPB”) published draft regulatory guidelines (“draft guidance”) on the right of data subjects to have access to their personal data under the EU General Data Protection Regulation (“GDPR”). In the draft guidance, the EDPB explains the aim and components of the right. This analysis is followed […]