On March 15, 2022, President Biden signed an omnibus spending bill into law, which, in part, requires companies to report cyber incidents and ransom payments. The relevant portions of the law, titled the Cyber Incident Reporting for Critical Infrastructure Act
On 23 February 2022 the EU Commission published its long-awaited Data Act, the last major building block of the Commission’s February 2020 Data Strategy. The Data Act:
Google recently announced several key changes to the upcoming “Data safety form” for Google Play. Learn more about these updates on our NT Analyzer blog.
On February 17, 2022 the California Privacy Protection Agency’s Board (“Board”) met to discuss their progress launching the new agency. They also shared their projected timeline for rulemaking. The California Privacy Protection Agency (CPPA) is the new agency charged with
Recent decisions out of the EU will impact the use of Google Analytics and similar non-European analytics services when targeting EU individuals, with the potential to put many organizations at risk of receiving GDPR fines.
At issue was the transfer
The French Data Protection Authority (the “CNIL”) continues its campaign against companies that do not respect the rules relating to cookies and other trackers, which the CNIL has previously reminded the market about in multiple communications and decisions.
The CNIL
On 2 February 2022, the Belgian Data Protection Authority (the BDPA) fined IAB Europe for various infringements in relation to the IAB Transparency and Consent Framework. This decision could have a huge impact on the majority of players in the
Illinois’ Biometric Information Privacy Act (“BIPA”) is considered the most comprehensive law governing the processing of biometric data. Passed in 2008, BIPA sets out requirements for private entities, including employers, that collect, use, store, and share biometric information. It’s also
On January 24, 2022, the New York Attorney General (AG) announced a settlement with vision-benefits-provider EyeMed Vision Care, Inc., relating to a 2020 security incident where a threat actor obtained access to an email account that enabled the threat actor
The UK government has finally published the UK’s own standard form international data transfer agreement (UK IDTA) for transferring personal data outside the UK to countries not deemed to have adequate data protection regimes. It has also published a standard