Cyber and Data Privacy Read

President Biden Signs Executive Order on U.S. Intelligence Activities to Implement EU-U.S. Data Privacy Framework

On October 7, 2022, President Biden signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities,1 which is intended to implement U.S. commitments under the Trans-Atlantic Data Privacy Framework (DPF) announced in March 2022. With the new executive order, the Biden administration aims to strengthen the legal foundation for trans-Atlantic data flows following the 2020 Schrems II decision.

Utah Passes Comprehensive Privacy Law: How the UCPA Compares to Other State Privacy Laws

Utah has become the fourth state to pass comprehensive consumer data privacy legislation. The Utah Consumer Privacy Act (“UCPA”) into law on March 24, 2022. This Legal Update discusses the UCPA’s scope; compares it with the other state privacy laws in the areas of exemptions, data subject rights and data controller obligations; and notes important dates related to the new law.

Breach Notification Requirement Finalized by US Banking Regulators

On November 18, 2021, the Board of Governors of the Federal Reserve, Office of the Comptroller of the Currency and Federal Deposit Insurance Corporation finalized new cyber incident notification requirements for institutions that they regulate and their service providers. The Notification Rule expands and clarifies existing notification obligations of financial institutions, which are primarily focused on consumer protection and suspicious activity reporting.

NYDFS Clarifies Application of Cybersecurity Regulation to Covered Entities Adopting an Affiliate’s Cybersecurity Program

On October 22, 2021, the New York Department of Financial Services (“NYDFS”) issued an interpretive letter that provides guidance on how entities regulated by NYDFS (“Covered Entities”) may comply with the NYDFS Cybersecurity Regulation by adopting the cybersecurity program of an affiliate (“Affiliate Program Letter”).