On June 16, 2023, the Council of Europe’s Committee of Convention 108+ (i.e., the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data) adopted Model Contractual Clauses for cross-border data flows (“MCCs”). The MCCs are intended to cover the transfers of personal data to countries that are not parties to […]
Uncategorized
CL0P Ransomware Gang’s Exploitation of MOVEit Vulnerability: What It Means for Companies
On June 7, 2023, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Joint Cybersecurity Advisory in connection with a recent zero-day (or previously undetected) vulnerability in Progress Software’s managed file transfer software (MOVEit Transfer), exploited by the CL0P ransomware group. CL0P publicly claimed responsibility for exploiting the […]
California Privacy Protection Agency Approves CCPA Regulations
The California Privacy Protection Agency (CPPA) voted unanimously Friday to approve the newest version of the draft California Consumer Privacy Act (CCPA) regulations. These regulations are substantively the same as those considered by the CPPA Board during its October 2022 meeting. This vote marks the conclusion of a chapter that began in May 2022, when […]
California Attorney General Initiates New Investigative Sweep under the CCPA
The California Attorney General on Friday announced a new investigative sweep under the California Consumer Privacy Act (CCPA). The announcement marks the third year in a row in which the Attorney General’s office has initiated a significant enforcement or regulatory initiative on Data Privacy Day[1]. This year, Attorney General Bonta’s team is focusing on B2C […]
FTC Delays Effective Date of Certain Changes to the Safeguard Rule
On November 15, 2022, the Federal Trade Commission (FTC) announced that it is delaying the effective date of certain changes to the Gramm–Leach–Bliley Safeguards Rule. The Safeguards Rule, which first became operative in 2003, imposes certain security requirements on non-banking financial institutions. The FTC amended the Rule in December 2021, and several provisions under the […]