Call 855-808-4530 or email Gro[email protected] to receive your discount on a new subscription.
In May, the California Privacy Protection Agency (CPPA or Agency) released the first draft of its much-anticipated proposed California Privacy Rights Act of 2020 (CPRA) Regulations (Regs), as well as the Agency’s Initial Statement of Reasons. Although useful for the purpose of indicating what the Agency’s priorities may be, the draft Regs are far from complete. Of note, the Regs purposely omit provisions on key topics, including automated decision-making and profiling, cybersecurity audits, and risk assessments; consequently, companies should expect the Regs to expand far beyond their current 66-page length.
Continue reading by getting
started with a subscription.
New U.S.-China Investment Dynamic Focuses On AI and Sensitive Technologies
By David A. Holley
An Executive Order released by the Biden Administration on Aug. 9 places increased importance on due diligence when investing in specific foreign countries. The Executive Order will regulate outbound investments in China with a focus on key technologies critical to safeguarding U.S. national security, including artificial intelligence.
New York’s Latest Cybersecurity Commitment
By Erik B. Weinick
On Aug. 9, 2023, Gov. Kathy Hochul introduced New York’s inaugural comprehensive cybersecurity strategy. In sum, the plan aims to update government networks, bolster county-level digital defenses, and regulate critical infrastructure.
Data Breach Defense: Mobilizing Against Weaponized Mass Arbitration
By Daniella Main and Brooke Bolender
Most companies have experienced or will experience a data breach. Increasingly, companies also face the risks associated with mass arbitration weaponized by the overwhelming volume of claims after a breach.
By Wim Nauwelaerts
Businesses and organizations that (regularly) transfer personal data from the EU to the U.S. should carefully assess, on a case-by-case basis, whether it makes sense to rely on the new EU-U.S. Data Privacy Framework or to use one of the other data transfer tools that are available under the GDPR.