Privacy & Cyber Regulatory Enforcement

Financial Regulatory Agencies Announce Proposed Rule Requiring Notice of Computer Security Incidents

January 12, 2021 By Kim Peretti

On December 18, 2020, federal financial regulatory agencies jointly announced a proposed rule that would impose new and expanded reporting requirements on supervised banking organizations that experience a “computer-security incident,” requiring notice within 36 hours of any computer-security incident that rises to the level of a “notification incident.” In a significant departure from current reporting […]

Brexit Trade Agreement Provides a Temporary Solution for Companies Transferring Personal Data from the EEA to the UK

January 6, 2021 By Paul Greaves and Wim Nauwelaerts

On December 24, 2020, the EU and the UK reached an agreement on the terms of their future cooperation following the end of the Brexit Transition Period (i.e., following 31 December 2020). The EU-UK Trade and Cooperation Agreement (the ‘Agreement’) contains a temporary solution for companies transferring personal data from the EEA to the UK, […]

California AG Proposes Regulatory Changes to CCPA

December 10, 2020 By Privacy, Cyber & Data Strategy Team

Today, the California Attorney General’s office provided “Notice of Fourth Set of Modifications” to regulations under the California Consumer Privacy Act. The new proposed regulatory text would modify the current regulations which took effect in August. The latest proposal responds to comments on a prior draft and primarily addresses the presentation of the right to […]

Alston & Bird Attorneys Propose Assessing Data Portability in Antitrust Context

December 1, 2020 By Privacy, Cyber & Data Strategy Team

In the November 2020 edition of the Competition Policy International Antitrust Chronicle, Georgia Tech professor and Alston & Bird senior counsel Peter Swire and partner John Snyder discuss ways to utilize the Portability and Other Required Transfers Impact Assessment (“PORT-IA”) in the context of antitrust law. The PORT-IA is a structured set of questions based […]

European Commission Publishes Draft ‘Article 28’ Standard Contractual Clauses

November 18, 2020 By Paul Greaves, Wim Nauwelaerts and Privacy, Cyber & Data Strategy Team

In addition to issuing new (draft) standard contractual clauses for transferring personal data outside of the EEA, on November 12, the European Commission published a draft decision on standard contractual clauses between controllers and processors (‘Clauses’) for the matters referred to in Article 28(3) and (4) of Regulation (EU) 2016/679 (“GDPR”). Article 28(3) and (4) […]