Tag archives: United States

New commitments in principle regarding UK to USA data transfer mechanism

By Lara White (UK), Marcus Evans (UK) and Fiona Bundy-Clarke (UK) on June 13, 2023 Posted in Data Protection

On 8 June 2023, the UK Secretary of State for Science, Innovation, and Technology and the US Secretary of Commerce issued a joint Statement confirming that the UK and the USA have committed in principle to establishing a “data bridge” to allow for the free flow of data between organisations in the UK and participating … Continue reading

Privacy law is becoming more technically sophisticated. So should you.

By Steve Roosa (US), Daniel Rosenzweig (US) and Susan Ross (US) on March 22, 2023 Posted in Compliance and risk management, Privacy law

As privacy laws and requirements become more technically sophisticated, businesses may want to consider how they can follow suit.… Continue reading

US Senate considers mandating 24-hour reporting requirement for ransom payments

By David Kitchen (US) and Kate Nelson (US) on October 5, 2021 Posted in Cybercrime, Cybersecurity, General, Ransomware

Norton Rose Fulbright - Data Protection Report blog

On September 28, 2021, the US Senate Homeland Security and Governmental Affairs Committee released a draft bill that would, among other things, require nearly all entities that make a ransom payment as the result of a ransomware attack against the entity to report the payment to the Director of the Cybersecurity and Infrastructure Security Agency … Continue reading

US SEC announces three actions charging firms for cybersecurity deficiencies

By Kevin J. Harnisch (US), Chris Cwalina (US), Will Daugherty (US), Ashley Zatloukal (US) and Matthew Niss (US) on September 15, 2021 Posted in Cybersecurity, Enforcement

The SEC announced enforcement actions against three sets of advisers for alleged failures in cybersecurity policies that violate the Safeguards Rule.… Continue reading

US banking regulators propose a rule for 36-hour notice of breach

By David Kessler (US) and Susan Ross (US) on January 5, 2021 Posted in Data breach

On December 18, 2020, the US Department of the Treasury (Office of the Comptroller of the Currency), Federal Reserve and Federal Deposit Insurance Corporation (FDIC) jointly announced a 53-page proposed rule that would require banks to notify their regulators within 36 hours of a “computer-security incident” that rises to the level of a “notification incident.” … Continue reading