General

Executive Order on access to Americans’ bulk sensitive data – Part 1

By Susan Ross (US) & David Kessler (US) on March 7, 2024

On February 28, 2024, the White House issued an Executive Order on Preventing Access to Americans’ Bulk Sensitive Data and United States Government-Related Data by Countries of Concern. The 17-page Executive Order pointed out that “countries of concern” could use…

Biden administration issues Executive Order and takes action to enhance maritime cybersecurity

By Will Daugherty (US) & Remi Gambino (US) on February 23, 2024

On February 21, 2024, President Biden signed an Executive Order and issued several federal rules aimed at improving the cybersecurity of U.S. ports and maritime supply chains. The measures introduce new cybersecurity requirements and standards for stakeholders of the U.S.

The right of access to personal data: a more extensive view?

By Christoph Ritzer (DE), Nadège Martin (FR), Lara White (UK), Natalia Filkina (DE), Jurriaan Jansen, Naomi Schuitema, Rosie Nance, Tilly Berkhout & Eloïse Patocki-Tomas on February 16, 2024

This article first appeared in PLC Magazine in the January / February 2024 issue of PLC Magazine.

The right of access to personal data looks set to be a key focus area for data protection regulators for 2024 in…

CNIL publishes a draft TIA guide

By Marcus Evans (UK), Geoffroy Coulouvrat (FR) & Rosie Nance on February 6, 2024

The Court of Justice of the European Union (CJEU)’s Schrems II decision[1] clarified strict rules for personal data transfers outside of the European Union. The European Data Protection Board (EDPB) followed up with recommendations [2]…

Thailand – The Regulation with respect to Cross-border Transfer of Personal Data

By Teerin Vanikieti, Thanthiti Seneewong Na Ayudhaya & Patcharapol Sudsakorn on January 16, 2024

On 25 December 2023, the Personal Data Protection Committee (PDPC) published two notifications detailing regulations for cross-border transfers of personal data under Sections 28 and 29 (Notifications) of the Personal Data Protection Act B.E. 2562 (2019)…

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

By Dan Pepper (US) on November 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. These revisions represent the most significant modifications since the enactment of the rules in March 2017. Noticeably…

NYDFS finalizes cybersecurity rule amendments

By David Kessler (US) & Susan Ross (US) on November 2, 2023

On November 1, 2023, the New York Department of Financial Services (NYDFS) finalized the second amendment to its cybersecurity regulations, which are available here. The rules contain the provisions we had described in the original NYDFS proposal a year…

FTC amendment to Safeguards Rule

By Dan Pepper (US) & Elyssa Diamond (US) on November 1, 2023

Under the Federal Trade Commission’s (“FTC”) new amendment to the Safeguards Rule (the “Amended Rule”), non-banking financial institutions will have to report certain data breaches and other security events to the agency.

Requirements

Approved on October 27, 2023 by a…

Queensland Government introduces mandatory data breach notification regime

By Peter Mulligan (AU) & Jim Lennon (AU) on October 31, 2023

On 12 October 2023, the Government introduced the Information Privacy and Other Legislation Amendment Bill 2023 (Bill) to Queensland Parliament which, amongst other things, establishes a mandatory data breach notification scheme (MDBN Scheme) in Queensland. The…

An overview of the European digital strategy

By Lara White (UK), Miranda Cole & Polina Maloshchinskaia on October 2, 2023

We have published an article, EU: An overview of the European digital strategy, explaining the aims and key components of the EU digital strategy, outlining at a high-level key legislation that has been published in this space in the past…

Data Protection Report