What Happened? On July 10, 2023, the European Commission (‘EC’) adopted its long-awaited adequacy decision approving the EU-U.S. Data Privacy Framework (‘DPF’). By doing so, the EC is confirming that personal data transferred to the U.S. under … [Read more] about International Data Transfers: European Commission Gives Green Light to EU-U.S. Data Privacy Framework
The New York Department of Financial Services (“NY DFS”) published an updated proposed Second Amendment to its Cybersecurity Regulation (23 NYCRR Part 500) in the New York State Register on June 28, 2023, updating its previous proposed Second … [Read more] about NY DFS Releases Revised Proposed Second Amendment of its Cybersecurity Regulation
On June 13, 2023, the Securities and Exchange Commission (“SEC”) published its Spring 2023 rulemaking agenda that delayed finalizing the proposed Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule for public companies … [Read more] about SEC’s Proposed Cybersecurity Rules Delayed Yet Again
On June 16, 2023, the Council of Europe’s Committee of Convention 108+ (i.e., the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data) adopted Model Contractual Clauses for cross-border data flows … [Read more] about Council of Europe Launches Model Contractual Clauses for Transfers of Personal Data
On June 7, 2023, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Joint Cybersecurity Advisory in connection with a recent zero-day (or previously undetected) vulnerability in … [Read more] about CL0P Ransomware Gang’s Exploitation of MOVEit Vulnerability: What It Means for Companies