NIST

NIST Publishes Draft Security Criteria for Consumer Software

Consumer software providers will soon have the option to label their software as compliant with National Institute of Standards and Technology (NIST) standards for software security. On November 1, 2021, NIST published its initial draft of this standard in a white paper titled “DRAFT Baseline Criteria for Consumer Software Cybersecurity Labeling” (the White Paper). The…
Read More
Disposition

Developing a Defensible Disposition Process

Starting in January of 2023, businesses subject to California Privacy Rights Act (CPRA) may be required to publish the retention periods for all categories of personal and sensitive information they collect, manage, store, share, or sell. CPRA Section 1798.100. Given the complexity of the upcoming CPRA requirements, we are publishing a series of articles on this topic.…
Read More
PDPL

Updates to Saudi Arabia’s Data Protection Law

Whilst European and North American businesses are well accustomed to dealing with complex data protection legislation, businesses in the MENA region have by and large not had to consider the same in their local markets. From a Saudi standpoint, the recently published Personal Data Protection Law (published on 24 September 2021 and effective as of…
Read More
Cybersecurity

New York DFS Issues New Cybersecurity Guidance

Under New York’s Cybersecurity Regulation, issued in 2017, any entity (a “Covered Entity”) regulated by the New York State Department of Financial Services (DFS) must maintain a risk-based cybersecurity program that protects its information systems and nonpublic data. For years, DFS has allowed Covered Entities to adopt the cybersecurity program of an affiliate. This has…
Read More
Data Protection

Opinion: How the U.S. Government’s Efforts Can Improve Data Privacy and Protection in 2021

This year, cybersecurity incidents, such as data breaches, have led to the proliferation of identity theft and fraud, facilitated by a lack of digital identity verification credentials. Additionally, data privacy legislation has gained momentum at the state level and become a key area of concern for lawmakers and citizens alike. Meanwhile, artificial intelligence and blockchain…
Read More
Rights

Lessons Learned from Implementing Privacy Rights Request Processes

Over the last three years, several data privacy regulations have been adopted around the world which include requirements related to the collection, processing, and use of personal information. The list includes the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and the Lei Geral de Proteção de Dados Pessoais (LGPD) for Brazil,…
Read More
California

California Passes Suite of New Privacy Laws

California continues to be at the vanguard of privacy protection.  On October 11, 2021, California’s Governor Newsom signed several bills addressing privacy and data security. These new laws go into effect January 1, 2022 and include: AB 335, which adds an exemption to the California Consumer Privacy Act (CCPA) consumer personal information sales opt-out right.…
Read More
Cybersecurity

DOJ Will Use False Claims Act to Target Cybersecurity Fraud

On October 6, Deputy Attorney General Lisa Monaco announced the launch of the US Department of Justice’s (DOJ) Civil Cyber-Fraud Initiative. The DOJ will utilize the False Claims Act (FCA) to pursue cybersecurity related fraud by government contractors and grant recipients.  The False Claims Act was enacted during the Civil War to stamp out fraud…
Read More
Privacy

Senate Hearings Call for Creation of New Data Privacy Bureau

On Wednesday, September 29, the Senate Committee on Commerce, Science and Transportation held a hearing on data privacy titled, “Protecting Consumer Privacy.” The issue of data privacy is of particular interest to Sen. Maria Cantwell (D-WA), the Committee Chair, who introduced the Consumer Online Privacy Rights Act (COPRA) in 2019. Much of the testimony revolved…
Read More
DelBene

The Information Transparency and Personal Data Control Act

On March 11, 2021, Rep. Suzan DelBene (D-WA) introduced the House of Representatives’ first major privacy bill in the 117th Congress. Rep. DelBene recently joined an episode of the Association for Data and Cyber Governance’s U.S. National Privacy and Cybersecurity Podcast to discuss The Information Transparency and Personal Data Control Act ( H.R. 1816 ).…
Read More
Back To Top