The UK Government has added two new duties to the proposed Online Safety Bill (the Bill) that are aimed at protecting people against anonymous online abuse. These measures would give users of “main social media firms” more control over
March 2022
The UK’s ICO issues a monetary penalty notice to professional services firm after ransomware attack
On 10 March 2022, the Information Commissioner’s Office (ICO) issued a monetary penalty notice to a professional services firm (the Firm) to the tune of £98,000 for a breach of Article 5(1)(f) of the General Data Protection…
SMO v TikTok: representative actions post Lloyd v Google
In SMO (A Child) v Tiktok Inc. & Ors [2022] EWHC 489, the High Court considered an alternative basis for bringing a representative claim for loss of control under the GDPR and the Data Protection Act 2018 (DPA 2018…
Congress Agrees – 72-Hour Cyber Incident Reporting Requirement to Take Effect
On March 15, 2022, President Biden signed an omnibus spending bill into law, which, in part, requires companies to report cyber incidents and ransom payments. The relevant portions of the law, titled the Cyber Incident Reporting for Critical Infrastructure Act…
The EU’s Data Act: Capstone of the EU Data Strategy
On 23 February 2022 the EU Commission published its long-awaited Data Act, the last major building block of the Commission’s February 2020 Data Strategy. The Data Act:
- Is an ambitious piece of legislation with implications for consumers and businesses across
…
Proposed cybersecurity rules for SEC registered advisers and funds
On February 9, 2022, the U.S. Securities and Exchange Commission (“SEC”) released a proposal aimed at enhancing cybersecurity risk management programs, including cybersecurity preparedness and response, for registered investment advisers (“advisers”), investment companies and business development companies (“funds”). Overall, the…