On January 28, 2021, international Data Privacy Day, the newly formed Brazilian data protection authority published its regulatory strategy for 2021-2023 and work plan for 2021-2022 (in Portuguese). This post includes an overview of both strategies, as well as details about the newly formed authority.
Continue Reading Brazilian Data Protection Authority Publishes Regulatory Strategy for 2021 – 2023

On January 19, 2021, the UK Information Commissioner’s Office published its analysis of the application of the UK General Data Protection Regulation to transfers from UK-based firms or branches that are registered, required to be registered or otherwise regulated by the U.S. Securities and Exchange Commission.
Continue Reading ICO Confirms UK Firms May Rely on Public Interest Derogation for SEC Transfers

On January 26, 2021, BBB National Programs announced that it has been endorsed as an Accountability Agent for the APEC Cross-Border Privacy Rules and Privacy Recognition for Processors systems. This makes BBB National Programs the seventh CBPR and PRP Accountability Agent worldwide and the first ever U.S. non-profit to be approved by APEC.
Continue Reading APEC Endorses the First U.S. Non-Profit Accountability Agent

The increasing development and use of AI technology is raising several compliance questions, particularly in the context of the EU General Data Protection Regulation (“GDPR”). The European Commission has already begun working on future AI legislation. Join us on October 14, 2020, for a webinar on Artificial Intelligence: Key Considerations for GDPR Compliance Today and Tomorrow.

Continue Reading Webinar on Artificial Intelligence: Key Considerations for GDPR Compliance Today and Tomorrow

On April 3, 2020, the Brazilian Senate approved Bill of Law, which includes a number of emergency measures intended to address the COVID-19 pandemic. Importantly, one provision delays the effective date of the Brazilian Data Protection Law until January 2021.
Continue Reading House to Vote on Senate’s Proposed Delay of Brazil’s Data Protection Law

The Securities and Exchange Commission’s Office of Compliance Inspections and Examinations recently announced the publication of a report entitled “Cybersecurity and Resiliency Observations” that summarizes the observations gleaned from OCIE’s cybersecurity examinations of broker-dealers, investment advisers, clearing agencies, national securities exchanges and other SEC registrants.
Continue Reading SEC Publishes Cybersecurity and Resiliency Observations

On January 6, 2020, the Federal Trade Commission announced that it granted final approval to a settlement with InfoTrax Systems, L.C. and its former CEO, Mark Rawlins, related to allegations that InfoTrax failed to implement reasonable, low-cost and readily available security safeguards to protect the personal information the company maintained on behalf of its business clients.

Continue Reading FTC Finalizes Settlement with InfoTrax for Failure to Safeguard Consumer Data