In its first major overhaul since 2014, the National Institute of Standards and Technology (NIST) updated its Cybersecurity Framework (CSF) on February 26, 2024. The updated 27-page CSF version 2.0 builds on version 1.1 and provides guidance to industry, government
Privacy & Data Security
FTC Obtains $16.5M from Avast for Sale of Sensitive Data
One month after the February 22, 2024, announcement of enforcement actions against data brokers X-Mode and InMarket Media, the Federal Trade Commission (FTC) announced a complaint and proposed consent order requiring software security company Avast Limited and two subsidiaries,…
Singapore to Pass New Law to Boost Digital Resilience
On March 1, 2024, Singapore’s Ministry of Communications and Information announced[1] that a study would be launched to introduce a new piece of legislation, the Digital Infrastructure Act (DIA), to boost the resilience and security of key digital infrastructure…
Privacy World Week in Review
In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
Proposed State Privacy Law Update: March 18, 2024
Keypoint: It was a very busy week with Kentucky on the cusp of passing a consumer data privacy bill, Maryland advancing consumer and children’s bills, and movement on bills in Minnesota, Vermont, Georgia, Maine, and New York.
Below is the…
Fun with Python ➲ Randomly Delivering our [68+] Lawyer Logic Blog Articles
This blog article is designed to share my thinking and experience as I start to learn to code in Python and consider potential real-world applications. To date, we have amassed a collection of [67+] blog articles. My first self-challenge project…
Year in Review: Top 2023 Data Breach Litigation Trends
One of the main risks that a company faces after a data breach is a potential lawsuit. Plaintiffs often will allege creative statutory and common law theories of harm after they learn that their personal information has been subject to…
UK Government Outlines New Action to Tackle Biases in Medical Devices
On March 11, 2023, the UK Government published its response (“Government Response”) to an independent review on equity in medical devices commissioned by the Department of Health and Social Care (“Review”). The Government Response is not guidance nor policy rather…
CPPA Board Holds Meeting on Revised Draft Regulations for Risk Assessment and Automated Decisionmaking Technology
On March 8, 2024, the California Privacy Protection Agency Board discussed and voted 3-2 in favor of further edits to revised draft regulations regarding risk assessments and automated decisionmaking technology, which were released in February 2024, but did not initiate…
The CJEU Ruled that Supervisory Authorities Can Order the Deletion of Unlawfully Processed Personal Data
On March 14, 2024, the Court of Justice of the EU (“CJEU”) ruled that EU supervisory authorities have the (corrective) power to order data controllers who have been found to process personal data unlawfully to erase such personal data, even…