Adam Hickey

India Passes Privacy Law

By Arsen Kourinian, Dominique Shelton Leipzig, Ana Hadnes Bruder, Oliver Yaros & Adam Hickey on August 30, 2023

Posted in APAC, Privacy / Data Protection

India—the fifth largest economy in the world—just passed a comprehensive privacy law. On August 11, 2023, the Digital Personal Data Protection Act, 2023 (the “DPDP”) was approved by the president of India, adding India to the list of global powers with a comprehensive privacy law. The law is expected to come into force in June…

NIST Releases Cybersecurity Framework Version 2.0

By Rajesh De, Laura D. Richman, Stephen Lilley, Adam Hickey, Sasha Keck, Evan Williams & Lauren Williams on August 16, 2023

Posted in Cybersecurity, Regulation, United States

On August 8, 2023, the National Institute of Standards and Technology (“NIST”) released a draft of The NIST Cybersecurity Framework (CSF) 2.0,¹ (the “CSF” or “Framework”) along with a Discussion Draft of the Implementation Examples.² This draft makes the most significant changes to the Framework since its initial release in 2014.…

Oregon Passes Privacy Law With Narrow Financial Institution Exemption

By Arsen Kourinian, Dominique Shelton Leipzig, Howard W. Waltzman, Adam Hickey, Jeffrey P. Taft, Marcus A. Christian, Daniel Pearson & Joshua Cohen on August 1, 2023

Posted in Financial Services, Privacy / Data Protection, Regulation, United States, US State Laws

Oregon has joined 10 other states in enacting a comprehensive data privacy law.¹ On July 18, 2023, Governor Tina Kotek signed the Oregon Consumer Privacy Act (the “Oregon Privacy Law”) into law. The law imposes a range of new data privacy requirements on non-exempt controllers and processors of Oregon consumer personal data. The Oregon…

Biden-Harris Administration Announces IoT Cybersecurity Labeling Program

By Rajesh De, Stephen Lilley, Howard W. Waltzman, Adam Hickey & Sasha Keck on July 25, 2023

Posted in Cybersecurity, Regulation, United States

On July 18, 2023, the Biden-Harris Administration announced its “U.S. Cyber Trust Mark” initiative.¹ Under this program, the Federal Communications Commission (FCC) will establish a voluntary certification and labeling program to guide and inform consumers purchasing Internet of Things (IoT) devices such as “smart refrigerators, smart microwaves, smart televisions, smart climate control systems, smart…

Biden Administration Invites Public Comment on Harmonizing Cybersecurity Regulations

By Rajesh De, Adam Hickey, Stephen Lilley, Howard W. Waltzman & Amber C. Thomson on July 24, 2023

Posted in Cybersecurity, Regulation, United States

On July 19, 2023, the Office of the National Cyber Director (ONCD) issued a request for information (RFI) on cybersecurity regulatory harmonization.¹ The RFI is intended to be a step toward the Biden Administration’s goal, as stated in the National Cybersecurity Strategy, to “harmonize not only regulations and rules, but also assessments and audits…

EU Commission Adopts Adequacy Decision for EU-US Data Privacy Framework

By Ana Hadnes Bruder, Adam Hickey, Livia Crepaldi Wolf, Joshua Cohen, Rajesh De, Dominique Shelton Leipzig, Arsen Kourinian, Oliver Yaros & Dr. Ulrich Worm on July 11, 2023

Posted in Data Transfers, EU / EEA, Privacy / Data Protection, United States

On July 10, 2023, the European Commission (“Commission”) adopted an adequacy decision for the EU-US Data Privacy Framework (“DPF”). The DPF is the successor to the EU-US Privacy Shield, which the Court of Justice of the European Union (“CJEU”) declared invalid in 2020.

This adequacy decision reflects agreement by the Commission that the DPF offers…