On October 7, 2022, President Biden signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities,1 which is intended to implement U.S. commitments under the Trans-Atlantic Data Privacy Framework (DPF) announced in March 2022. With the new executive order, the Biden administration aims to strengthen the legal foundation for trans-Atlantic data flows following the 2020 Schrems II decision.
Cyber and Data Privacy
Utah has become the fourth state to pass comprehensive consumer data privacy legislation. The Utah Consumer Privacy Act (“UCPA”) into law on March 24, 2022. This Legal Update discusses the UCPA’s scope; compares it with the other state privacy laws in the areas of exemptions, data subject rights and data controller obligations; and notes important dates related to the new law.
On November 18, 2021, the Board of Governors of the Federal Reserve, Office of the Comptroller of the Currency and Federal Deposit Insurance Corporation finalized new cyber incident notification requirements for institutions that they regulate and their service providers. The Notification Rule expands and clarifies existing notification obligations of financial institutions, which are primarily focused on consumer protection and suspicious activity reporting.
We are increasingly seeing a deal model that we call a “Cloud+ Strategic Partnership.” In that model, a cloud provider agrees to provide discounts to and collaborate with a company in the development of new software that will run on the provider’s cloud infrastructure or cloud platform. This article contains some initial considerations.
On October 22, 2021, the New York Department of Financial Services (“NYDFS”) issued an interpretive letter that provides guidance on how entities regulated by NYDFS (“Covered Entities”) may comply with the NYDFS Cybersecurity Regulation by adopting the cybersecurity program of an affiliate (“Affiliate Program Letter”).