Cyber Security, Data Governance, & Privacy
All Posts
Federal Agencies to Institute New Vendor Verification Process
On March 15, 2023, the Securities and Exchange Commission (SEC) announced proposed amendments (“Proposed Amendments”) to enhance Regulation S-P. Regulation S-P Requires registered broker-dealers, investment companies, and investment advisers to "adopt written policies and procedures that address administrative, technical, and physical safeguards for the protection of customer records and information."
Explainer: Delaware Privacy Bill Signed Into Law
On September 12, 2023 Delaware governor, Govenor John Carney, signed into law the Delaware Personal Data Privacy Act (DPDPA).
Nevada Data Privacy Bill
On June 16, 2023, the Nevada Governor, Joe Lombardo signed into law the amended version of Senate Bill 370, a health data privacy bill which imposes requirements on the collection, use, and sale of consumer health data. Here’s how to navigate the law:
Texas Legislature Sends Data Privacy Act to Governor
On May 10, 2023, the Texas Senate approved the Texas Data Privacy and Security Act (HB 4) by a vote of 30-0. The bill was amended by the Senate and will not be sent to the Texas House of Representatives for review, after it passed the earlier version of the bill in April by a vote of 146-0.
Oregon Enacts Comprehensive Privacy Law
On July 18, 2023, Governor Tina Kotek, the governor of Oregon signed Senate Bill 619 (SB 619), also known as the Oregon Consumer Privacy Act (OCPA or Act), into law. The enactment of SB 619 makes Oregon the 12th state in the United States (US) to enact a comprehensive privacy law.
Washington State’s New Data Privacy Law
On April 27, 2023, the Washington Governor Jay Inslee signed into law the My Health My Data Act (MHMDA), a privacy framework for handling consumer health data in Washington state, which will take effect on March 31, 2024. A document released by the Office of the Washington Attorney General, notes that MHMDA’s purpose is to “close the gap on health data privacy protections and provide Washingtonians concerned about their reproductive freedom more control of their data.”
NTT Launches New Cryptography Tool
This article is the first of a two-part series examining recent advancements in encryption technology that are set to have significant impacts on how businesses comply with data privacy regulations.
Explainer: How Data Lakehouses Can Help Your Compliance Scheme
When it comes to storing your data, organization is important. But many companies aren’t that organized, and as a result, data often ends up in what’s known as a data lake—or, as Venture Beat calls it, “a broader repository that stores data in its raw or natural format.”
Explainer: Iowa Data Privacy Bill
On March 28, the Iowa legislature unanimously approved a data privacy law, Senate File 262 (SF262). The law applies to any person or entity conducting business in Iowa or producing products or services targeted at Iowa residents, controls or processes personal data of at least 100,000 consumers, and controls or processes personal data of at least twenty-five thousand Iowa consumers and derives over fifty percent of gross revenue from the sale of personal data.”
Explainer: Synthetic Data Privacy
A new form of technology has hit the data governance market—synthetic data generation.
SEC Announces Proposed Amendments to Regulation S-P
On March 15, 2023, the Securities and Exchange Commission (SEC) announced proposed amendments (“Proposed Amendments”) to enhance Regulation S-P. Regulation S-P Requires registered broker-dealers, investment companies, and investment advisers to "adopt written policies and procedures that address administrative, technical, and physical safeguards for the protection of customer records and information."
Pennsylvania Data Breach Notification Law
Pennsylvania businesses have a little more than a month to comply with new data privacy regulations. On May 3, 2023, amendments to the Pennsylvania's Breach of Personal Information Notification Act (BOPINA) will take effect—and they’re a long time in the making. Mondaq says these amendments are the first updates to the BOPINA since they were enacted in 2005 “as part of the wave of adoption of model breach notification laws around the United States[,]” with many of these states “substantially broaden[ing] the scope of their breach notification requirements.”
Practical Guidance: The Technical Side of Compliance
Recently, Forbes released an article titled 13 Tech Experts Explain Essential Facts About Data Privacy And Data Protection, in which “13 members of Forbes Technology Council further explore and explain data privacy and data protection, their differences and their impact on businesses.”
Practical Guidance: TikTok Bans
The U.S. Congress House Energy and Commerce Committee is scheduled to meet with TikTok CEO Shou Zi Chew next month to discuss its fate in the U.S. The hearing is just the latest regulatory scrutiny of TikTok’s ownership by Beijing based ByteDance.
Employee Privacy to See Advances in 2023
Employee privacy will likely be at the forefront of discussion in 2023.
State of the Union Discusses Privacy
On February 7, 2023, President Joe Biden delivered his second State of the Union address to the United States (U.S.). Biden addressed many issues facing the nation, including the privacy rights of U.S. citizens.
Legislative Privacy Predictions in 2023
Kennedy Sutherland’s privacy predictions for 2023 continue with a series of legislative analyses.
Forecast for 2023 Privacy and Cybersecurity Landscape
So far, 2023 is shaping up to be a big year for data privacy and cybersecurity. We have put together a forecast from industry experts and reliable sources.
Explainer: What is Global Privacy Control?
On August 24, 2022, the California Attorney General (AG), Rob Bonta, announced a settlement with Sephora, resolving allegations that the company violated the California Consumer Privacy Act (CCPA) by failing to process requests by consumers to opt out of having their data processed. Seems straightforward, except that Bonta made reference to something called global privacy controls, noting that his office was “watching” and looking to hold businesses “accountable” for failure to “[f]ollow the law, do right by consumers, and process opt-out requests made via user-enabled global privacy controls [(GPC)].”
Why Your Organization Should Invest in Confidential Computing
With the rise of large-scale data breaches in the last few years, many organizations are considering how to best protect their organization’s data. One emerging approach gaining attention is something called confidential computing.