Following the lead of California, Virginia, Colorado, Connecticut and Utah (as previously discussed here, here, here, here and here respectively), on March 29, 2023, Iowa passed the Iowa Consumer Privacy Act (the “ICPA”), creating compliance obligations for
Cleary Cybersecurity and Privacy Watch
Global Legal Developments related to Cybersecurity Incidents, Cyber Corporate Governance and Regulation Issues, and Privacy and Data Protection Laws
Blog Authors
Latest from Cleary Cybersecurity and Privacy Watch
Italian National Cybersecurity Perimeter: Some Considerations Following Completion of the Regulatory Framework
On January 10, 2023, the Resolution of the National Cybersecurity Agency’s of January 3, 2023, which includes the taxonomy of incidents affecting networks, information systems, and information services other than ICT Assets to be notified by entities included in the…
SEC Continues to Shine Light on Cyber and Data Security: Proposes Amendments to Regulation S-P
On March 15, 2023, the U.S. Securities and Exchange Commission (“SEC”) issued proposed amendments (the “Proposal”) to Regulation S-P, which governs the treatment of nonpublic personal information about consumers by broker-dealers, registered investment advisers, registered investment companies, and…
SEC Proposes Major New Cybersecurity Rules for Market Participants
On March 15, 2023, the U.S. Securities and Exchange Commission (“SEC”) proposed three new cybersecurity rulemakings that, if adopted, would affect a wide range of market participants, including SEC-registered broker-dealers.…
SEC Charges Public Company For Alleged Misleading Disclosures Surrounding Ransomware Attack
On March 9, 2023, the Securities and Exchange Commission (“SEC”) brought an enforcement action against a public company, Blackbaud Inc. (“Blackbaud” or the “Company”), alleging that it had made misleading disclosures about a 2020 ransomware attack.[1] This is…
The UK Government Publishes the New Data Protection Bill
On March 8, 2023, the UK government published the Data Protection and Digital Information (No. 2) Bill (the “Bill”) which proposes to update the current UK data protection regime. …
Key Takeaways from the EDPB’s Cookie Banner Taskforce Report
On January 17, 2023, the European Data Protection Board (“EDPB”) Cookie Banner Taskforce adopted a report which provides useful guidance on cookie banners. The EDPB’s report is available here.…
Privacy and Data Protection Compliance Will Remain a Top Priority in 2023
The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2023”.
As the value of data continues to increase exponentially, so too do the associated risks, including risk…
Cybersecurity: Continued Cyberattacks and New Regulations Result in Increased Risk
The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2023”.
In a recent survey of almost 2,800 global organizations, one in five respondents reported experiencing a ransomware…
Irish Data Protection Commission’s decisions regarding Facebook and Instagram
On January 4, 2023, the Irish Data Protection Commission (the “DPC”) announced it issued two decisions that have wide relevance for the adtech industry. The decisions focus on the extent to which businesses can rely on the GDPR legal basis…