Privacy / Data Protection

The UK Information Commissioner’s Office (the “ICO”) published new guidance on transfer risk assessments (“TRAs”) and a template for carrying out a TRA.

All businesses are required to carry out TRAs, also known as local law assessments or transfer impact assessments, when transferring personal data subject to the UK GDPR outside the United Kingdom using

The European Commission’s proposal to establish a European Health Data Space (“EHDS”) aims to improve access by individuals to their health data (primary use) and facilitate the re-use of health data for societal good across the European Union (secondary use).

While the draft EHDS regulation might easily get lost in an alphabet of

Technical Note No. 33/2022, published by the Brazilian Data Protection Authority (ANPD), proposes a template for a Record of Personal Data Processing Activities (ROPA) for small processing agents, whether controllers or processors.

The proposed template is under public consultation until December 4, 2022, with a definitive version expected to be published in 2023.

With the cybersecurity landscape evolving ever more rapidly, and the threats to businesses’ critical information and assets—as well as to their bottom lines—are only increasing. Breaches continue to grow in scale and sophistication, regulators are crowding the field with an expanding and shifting array of requirements and de facto standards, and litigation remains perilous. Now,

The California Privacy Protection Agency (“the Agency”) announced October 17, 2022, proposed modifications to the draft regulations for the California Privacy Rights Act (CPRA) that were published on July 8, 2022. The draft regulations expanded on the text of the CPRA setting out a number of additional requirements regarding obtaining consumer consent, supporting the exercise

Software security is a critical issue for multinational businesses. Highlighted as a top priority by the Biden administration and other governments worldwide, software security is a central pillar of effective cybersecurity—and managing associated legal risk. But developing and maintaining secure software is challenging, including to the extent that companies manage complex software development lifecycles, face

An omnibus federal privacy bill with significant bipartisan support is currently under congressional review and, if enacted, could dramatically increase oversight of how companies use artificial intelligence (“AI”) in their businesses.

This article discusses the bill, which, even if not enacted, provides valuable insights as to potential future regulation of AI.

Continue reading.

There has been a whirlwind of activity over the past year as states enact and implement comprehensive consumer privacy laws. Starting with the passage of the California Consumer Privacy Act (CCPA) in 2018, which became effective in 2020, the US state privacy legal landscape has continued to develop rapidly. New comprehensive privacy frameworks are set

An organization’s board of directors assumes ultimate accountability for governing cybersecurity risk. Chief information security officers (CISOs) play an increasingly indispensable role in enabling board members and senior executives to engage in appropriate cyber risk management, communicate using cyber metrics with business objectives in mind, and facilitate proper oversight of the company’s cyber program. Among

Ransomware attacks continue to cause serious disruption to organizations and show no signs of slow-down.  What starts as a security failure quickly becomes a serious business risk, requiring decision-making at the board level. Our speakers will touch on various legal and technical factors impacting a company’s response to a ransomware attack and provide practical advice