On March 15, 2023, the Securities and Exchange Commission (“SEC”) proposed three rules related to cybersecurity and the protection of consumer information.
Continue Reading SEC Advances Three New Cybersecurity Rule ProposalsBrazilian DPA Enacts Regulation on the Setting and Application of Administrative Penalties Under the Brazilian General Data Protection Law
Posted on
Posted in Enforcement, International
The Brazilian law firm BMA Advogados reports that the Brazilian National Data Protection Authority (“ANPD”) adopted a landmark and long-awaited regulation for the enforcement of the Brazilian General Data Protection Law (“LGPD”).
Continue Reading Brazilian DPA Enacts Regulation on the Setting and Application of Administrative Penalties Under the Brazilian General Data Protection LawCIPL Publishes Key Takeaways from Age Assurance and Age Verification Tools Roundtable
Posted on
On February 16, 2023, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP held a virtual roundtable to discuss the role of age assurance and age verification tools as part of its Children’s Data Privacy Project. Representatives from CIPL member companies, data protection authorities, civil society and experts exchanged views on the effectiveness of different methodologies and emerging best practices to shield minors from harmful or inappropriate content.
Continue Reading CIPL Publishes Key Takeaways from Age Assurance and Age Verification Tools RoundtableFTC Announces Orders to Address Deceptive Advertising on Social Media and Video Streaming Platforms
Posted on
Posted in Enforcement, Information Security
On March 16, 2023, the Federal Trade Commission announced it issued orders to eight social media and video streaming platforms seeking Special Reports on how the platforms review and monitor commercial advertising to detect, prevent and reduce deceptive advertisements, including those related to fraudulent healthcare products, financial scams and the sale of fake goods. The FTC sent the orders pursuant to its resolution directing the FTC to use all available compulsory process to inquire into this topic, and using the FTC’s Section 6(b) authority, which authorizes the FTC to conduct studies that do not have a specific law enforcement purpose.
Continue Reading FTC Announces Orders to Address Deceptive Advertising on Social Media and Video Streaming PlatformsDOJ Publishes New Corporate Compliance Guidance Related to Communications Platforms and Messaging Applications
Posted on
On March 3, 2023, the U.S. Department of Justice (“DOJ”) released an update to its Evaluation of Corporate Compliance Programs guidance (“ECCP Guidance”). The ECCP Guidance serves as a guidance document for prosecutors when evaluating a corporate compliance program. Among other updates, the ECCP Guidance now includes new guidance for assessing how companies govern employees’ use of personal devices, communication platforms and messaging applications.
Continue Reading DOJ Publishes New Corporate Compliance Guidance Related to Communications Platforms and Messaging ApplicationsColorado Finalizes Rules Implementing the Colorado Privacy Act
Posted on
Posted in U.S. State Law
On March 15, 2023, the Colorado Attorney General’s Office finalized rules implementing the Colorado Privacy Act (“CPA”). The finalized rules were released with an official redline that reflects prior revisions of the rules dated December 21, 2022, January 27, 2023, and February 23, 2023. The rules will be published in the Colorado Register later this month and will go into effect on July 1, 2023, when the CPA takes effect.
Continue Reading Colorado Finalizes Rules Implementing the Colorado Privacy ActIowa House and Senate Unanimously Vote to Approve Comprehensive Privacy Legislation
Posted on
On March 6 and 15, 2023, both chambers of the Iowa Legislature unanimously voted to approve Senate File 262, which could make Iowa the sixth U.S. state to enact comprehensive privacy legislation. The bill is most similar to Utah’s comprehensive privacy law.
Continue Reading Iowa House and Senate Unanimously Vote to Approve Comprehensive Privacy LegislationUK ICO Issues Updated Guidance on AI and Data Protection
Posted on
Posted in Information Security, International
On March 15, 2023, the UK Information Commissioner’s Office (“ICO”) published an updated version of its guidance on AI and data protection (the “updated guidance”), following requests from UK industry to clarify requirements for fairness in AI.
Continue Reading UK ICO Issues Updated Guidance on AI and Data ProtectionInternational Data Transfers: Time to Rethink Binding Corporate Rules
Posted on
This is an excerpt from Centre for Information Policy Leadership (“CIPL”) President Bojana Bellamy’s recently published piece in the IAPP “Privacy Perspectives” blog, and are the views of the author.
Continue Reading International Data Transfers: Time to Rethink Binding Corporate RulesSEC Brings Cyber Disclosure Enforcement Action
Posted on
On March 9, 2023, the U.S. Securities and Exchange Commission (SEC) announced settled administrative charges against Blackbaud Inc. The case stems from disclosures Blackbaud made to investors regarding a 2020 ransomware attack that targeted donor data management software the company provides to non-profit organizations.
Continue Reading SEC Brings Cyber Disclosure Enforcement Action