Cyber and Data Privacy

On October 7, 2022, President Biden signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities,1 which is intended to implement U.S. commitments under the Trans-Atlantic Data Privacy Framework (DPF) announced in March 2022. With the new executive order, the Biden administration aims to strengthen the legal foundation for trans-Atlantic data flows following the 2020 Schrems II decision.

Utah has become the fourth state to pass comprehensive consumer data privacy legislation. The Utah Consumer Privacy Act (“UCPA”) into law on March 24, 2022. This Legal Update discusses the UCPA’s scope; compares it with the other state privacy laws in the areas of exemptions, data subject rights and data controller obligations; and notes important dates related to the new law.

A short-list of legislative, policy and regulatory developments to watch for in 2022; from GDPR damages, to the Artificial Intelligence Act. the UK Online Safety Bill, Children’s Code and more.

The General Data Protection Regulation (“GDPR”) might apply to operators of overseas websites that have even a minimal commercial activity in the UK following the judgment of the Court of Appeal of England and Wales in Soriano v Forensic News LLC and Others [2021] EWCA Civ 1952.

The rapid advancement of AI technologies in recent years means that regulators are engaged in a game of catch up.

On November 18, 2021, the Board of Governors of the Federal Reserve, Office of the Comptroller of the Currency and Federal Deposit Insurance Corporation finalized new cyber incident notification requirements for institutions that they regulate and their service providers. The Notification Rule expands and clarifies existing notification obligations of financial institutions, which are primarily focused on consumer protection and suspicious activity reporting.

We are increasingly seeing a deal model that we call a “Cloud+ Strategic Partnership.” In that model, a cloud provider agrees to provide discounts to and collaborate with a company in the development of new software that will run on the provider’s cloud infrastructure or cloud platform. This article contains some initial considerations.

On October 27, 2021, the Federal Trade Commission issued a final rule (“Final Rule”) implementing most of the revisions it proposed in 2019, with some important modifications, to its Gramm-Leach-Bliley Act safeguards rule.

On October 22, 2021, the New York Department of Financial Services (“NYDFS”) issued an interpretive letter that provides guidance on how entities regulated by NYDFS (“Covered Entities”) may comply with the NYDFS Cybersecurity Regulation by adopting the cybersecurity program of an affiliate (“Affiliate Program Letter”).