On September 11, Delaware’s governor signed into law the Delaware Personal Data Privacy Act (the “DPDPA” or “Act”),[1] establishing Delaware as the 12th state in the U.S. to enact its own comprehensive data protection law and contributing to the
Cleary Cybersecurity and Privacy Watch
Global Legal Developments related to Cybersecurity Incidents, Cyber Corporate Governance and Regulation Issues, and Privacy and Data Protection Laws
Blog Authors
Latest from Cleary Cybersecurity and Privacy Watch
Key Takeaway’s from the Irish Data Protection Commission’s decision on Meta Data Transfers
On May 22, 2023, the Irish Data Protection Commission (the “DPC”) published its decision on Meta Platforms Ireland Limited (“Meta”).[1] The decision has wider implications for any company that routinely transfers personal data from the EEA to third countries,…
New SEC Disclosure Rules for Cybersecurity Incidents and Governance and Key Takeaways
On July 26, 2023, the U.S. Securities and Exchange Commission (the “SEC” or “Commission”) adopted rules to enhance and standardize disclosure requirements related to cybersecurity incident reporting and cybersecurity risk management, strategy, and governance.…
EU-U.S. Data Privacy Framework
On July 10, 2023, the European Commission officially adopted its adequacy decision for the new EU-U.S. Data Privacy Framework (“DPF”), concluding that the U.S. ensures an adequate level of protection for personal data transferred from the EU to U.S. organisations…
SEC Proposes Rules Limiting the Use of Artificial Intelligence by Registered Investment Advisers and Broker-Dealers
On July 26, 2023, the Securities and Exchange Commission (“SEC”) proposed new rules targeting the use of predictive data analytics and artificial intelligence (“AI”) by registered investment advisers (“RIAs”) and broker-dealers.[1] The new proposed rules focus on the…
Determining Applicability of Newly Enacted Comprehensive U.S. Privacy Laws
Recent Developments In Data Privacy Enforcement In Brazil And A Comparison With The U.S. Regime
The Brazilian General Data Protection Law (the “LGPD”—Lei Geral de Proteção de Dados)[1] came into effect in September 2020. Given the LGPD’s relatively recent adoption, there has been uncertainty surrounding how public authorities and courts in Brazil will interpret…
Iowa Becomes the Sixth State to Enact a Comprehensive Privacy Law
Italian National Cybersecurity Perimeter: Some Considerations Following Completion of the Regulatory Framework
On January 10, 2023, the Resolution of the National Cybersecurity Agency’s of January 3, 2023, which includes the taxonomy of incidents affecting networks, information systems, and information services other than ICT Assets to be notified by entities included in the…
SEC Continues to Shine Light on Cyber and Data Security: Proposes Amendments to Regulation S-P
On March 15, 2023, the U.S. Securities and Exchange Commission (“SEC”) issued proposed amendments (the “Proposal”) to Regulation S-P, which governs the treatment of nonpublic personal information about consumers by broker-dealers, registered investment advisers, registered investment companies, and…