On March 3, 2023, the California Privacy Protection Agency (“CPPA”) Board held a public meeting regarding the Agency’s priorities, budget, the status of the California Privacy Rights Act of 2020 (“CPRA”) rulemaking process and the activities of the CPPA subcommittees. The meeting focused on the following topics:
Continue Reading CPPA Board Discusses Agency’s Top Priorities and the Status of CPRA Rulemaking ProcessUK Introduces Data Protection and Digital Information (No. 2) Bill
On March 8, 2023, the UK Secretary of State for Science, Innovation and Technology, Michelle Donelan, introduced the Data Protection and Digital Information (No. 2) Bill to UK Parliament. The first version of the reform bill was originally proposed by the UK government in July 2022, but was put on pause during September 2022.
Continue Reading UK Introduces Data Protection and Digital Information (No. 2) BillCIPL Files Comments on Civil Rights Implications of Commercial Data Practices
On March 6, 2023 the Centre for Information Policy Leadership (CIPL) at Hunton Andrews Kurth filed a response to the National Telecommunications and Information Administration’s request for comment on issues at the intersection of privacy, equity and civil rights.
Continue Reading CIPL Files Comments on Civil Rights Implications of Commercial Data PracticesIrish Data Protection Commission Publishes Annual Report for 2022
On March 7, 2023, the Irish Data Protection Commission (“DPC”) published its Annual Report for 2022 (the “Report”). The Report contains details on several areas of the DPC’s work, including complaints from data subjects received by the DPC, personal data breach notifications received by the DPC and statutory inquiries conducted by the DPC.
Continue Reading Irish Data Protection Commission Publishes Annual Report for 2022NCUA Board Approves Cyber Incident Reporting Requirement for Credit Unions
On February 16, 2023, the National Credit Union Administration (“NCUA”) Board unanimously approved a final rule requiring federally insured credit unions (“FICUs”) to notify the NCUA as soon as possible, within 72 hours, after an FCIU “reasonably believes” that a reportable cyber incident has occurred.
Continue Reading NCUA Board Approves Cyber Incident Reporting Requirement for Credit UnionsFTC Announces Proposed Order against BetterHelp for Disclosing Sensitive Mental Health Information to Third Parties for Targeted Advertising Purposes
On March 2, 2023, the FTC announced a proposed order against BetterHelp, Inc., an online mental health counseling service, for sharing consumer data, including sensitive mental health information, with third parties for targeted advertising and other purposes. The FTC’s proposed order is notable, in that it is the first such order that would return funds to consumers whose health data was affected.
Continue Reading FTC Announces Proposed Order against BetterHelp for Disclosing Sensitive Mental Health Information to Third Parties for Targeted Advertising PurposesHouse Energy & Commerce Subcommittee Holds Hearing on U.S. Privacy Law
On March 1, 2023, the U.S. House of Representatives Innovation, Data and Commerce Subcommittee (“Subcommittee”) of the Energy and Commerce Committee (“Committee”) held a hearing to restart the discussion on comprehensive federal privacy legislation. Last year, the full Committee reached bipartisan consensus on H.R. 8152, the American Data Privacy and Protection Act (“ADPPA”), by a vote of 53-2. With many of the same players returning in the 118th Congress, House members are eager to advance bipartisan legislation again.
Continue Reading House Energy & Commerce Subcommittee Holds Hearing on U.S. Privacy LawBill to Amend the Gramm-Leach-Bliley Act Introduced to Congress
On February 24, 2023, Representative Patrick T. McHenry of North Carolina introduced a bill proposing the creation of the Data Privacy Act of 2023. The bill proposes to amend the Gramm-Leach-Bliley Act (“GLBA”) by making the following changes:
Continue Reading Bill to Amend the Gramm-Leach-Bliley Act Introduced to CongressWhite House Releases National Cybersecurity Strategy
On March 2, 2023, the Biden-Harris Administration announced the release of the National Cybersecurity Strategy.
Continue Reading White House Releases National Cybersecurity StrategyRevised Colorado Privacy Act Rules Adopted for Review by Colorado AG
On February 28, 2023, the Colorado Office of the Attorney General announced that revised draft Colorado Privacy Act (“CPA”) rules were adopted for review by the Colorado Attorney General prior to finalization and publication in the Colorado Register.
Continue Reading Revised Colorado Privacy Act Rules Adopted for Review by Colorado AG