Selected Developments in U.S. Law
U.S. Department of Commerce Announces the Establishment of a Global CBPR Forum
On April 21, 2022, Canada, Japan, South Korea, the Philippines, Singapore, Taiwan, and the United States issued a Global Cross-Border Privacy Rules Declaration asserting the institution of the Global Cross-Border Privacy Rules Forum. U.S. Secretary of Commerce Gina M. Raimondo described the institution of the Global CBPR Forum as “the beginning of a new era of multilateral cooperation in promoting trusted global data flows” and highlighted its intent to create “first-of-their-kind data privacy certifications that help companies demonstrate compliance with internationally recognized data privacy standards.”
Colorado Issues Pre-rulemaking Considerations for the Colorado Privacy Act
On April 12, 2022, the Colorado Department of Law launched its Pre-rulemaking Considerations for the Colorado Privacy Act (CPA), following state lawyer basic Phil Weiser’s remarks on the International Association of Privacy Professionals’ Global Privacy Summit in Washington, D.C. The division seeks casual enter on a number of matters along with basic feedback on the CPA. Comments could also be offered till the top of August 2022 through the use of the CPA Comment Form and attending to-be-scheduled casual listening classes.
Recent Updates in Two Closely Watched Cybersecurity and Privacy-Related Securities Fraud Class Actions
Observers have been awaiting selections on various cybersecurity and privacy securities fraud class actions with probably vital implications for company legal responsibility. Over the final a number of months, essential developments emerged in two circumstances: the defendants’ movement to dismiss was granted partly and denied partly in In re Zoom Securities Litigation, and the Supreme Court denied cert of the Ninth Circuit’s resolution reviving the claims in Alphabet Inc. v. Rhode Island.
White House Releases Recommendations to Protect Against Potential Cyber-Attacks
The potential for malicious cyber exercise has been a priority for the Biden Administration all through the evolving disaster in Ukraine (together with the imposition of sanctions in opposition to Russia). In response to the priority, the Administration, which confronted “evolving intelligence that Russia may be exploring options for potential cyberattacks,” launched suggestions on March 21, 2022 for firms to guard in opposition to cyber-attacks.
President Biden Issues Executive Order Directing Coordinated Federal Approach to Digital Assets
As a results of the rise in digital property, President Biden signed an Executive Order on March 9, 2022 ordering a evaluate of the nation’s strategy to cryptocurrency. The Executive Order on Ensuring Responsible Development of Digital Assets accommodates broad coverage goals and particular evaluation to be carried out by the federal authorities. The Order identifies a number of key nationwide priorities associated to digital property and directs the manager department to observe the interagency course of that President Biden beforehand carried out for the National Security Council to implement the Order. The Order directs a broad swath of U.S. federal businesses to research and situation assessments associated to digital property, together with the viability of a U.S. central financial institution digital forex, a digital type of U.S. sovereign forex.
Colorado Attorney General’s Office Issues Notice of Invitation for Informal Input on CPA Rulemaking
On March 7, 2022, the Colorado Attorney General’s Office issued to the general public an invite to submit preliminary enter on the CPA and future rulemaking. The Attorney General’s Office is accepting casual feedback on any space on which it has the authority to undertake guidelines and offers examples of enter within the invitation. The public has till August 31, 2022 to submit feedback.
Senate Passes Significant Cyber Bill Requiring Cyber-Incident Reporting
The Strengthening American Cybersecurity Act of 2022, a invoice that narrowly didn’t turn into regulation final yr, was handed within the Senate on Tuesday, March 1, 2022 as a bundle of cybersecurity measures that may require operators of essential infrastructure and federal civilian businesses to report cyber-incidents to the Department of Homeland Security’s Cybersecurity and Infrastructure Agency. With bipartisan help, the invoice was backed by Senators Gary Peters (D-MI) and Rob Portman (R-OH). This marks probably the most vital cyber invoice to make it by way of the Senate within the chamber’s historical past, and if handed could be the primary vital cyber laws to go for the reason that 2015 Cybersecurity Information Sharing Act, which gave firms authorized cowl to voluntarily share cyber-threat data with the federal government.
CPPA Expected Not to Meet CPRA Rulemaking Deadline
At a board assembly held by the California Privacy Protection Agency (CPPA) on February 17, 2022, Executive Director Ashkan Soltani introduced that the CPPA doesn’t count on to satisfy the July 1, 2022, statutory deadline for adopting ultimate rules beneath the California Privacy Rights Act. The CPPA plans to schedule conferences in March and April to solicit feedback from specialists and the general public.
Georgia Introduces Privacy Bill Stricter Than CCPA – The Top 10 Issues
On January 26, 2022, the Georgia General Assembly launched the Georgia Computer Data Privacy Act (GCDPA). Despite its title, the GCDPA shouldn’t be a “computer”-focused invoice. It is as a substitute an omnibus privacy statute modeled after California’s Consumer Privacy Act (CCPA).
Incomplete Cybersecurity Compliance Disclosures May Support Fraud Claim Under the False Claims Act, Federal Court Holds
On the heels of a current Civil Cyber-Fraud Initiative associated to cybersecurity practices and the False Claims Act (FCA), a cybersecurity-related FCA case has survived a movement for abstract judgment, teeing up a trial to find out if the defendants’ cybersecurity compliance disclosures have been materially incomplete and if any misstatements have been knowingly made.
EU and U.S. Reach Agreement in Principle on a Replacement for the EU-U.S. Privacy Shield
On March 25, 2022, the European Commission and the United States introduced that they’ve reached an “agreement in principle” on a alternative for the EU-U.S. Privacy Shield, which was invalidated by the Court of Justice of the European Union in 2020. The new framework will likely be designed to permit private data to stream freely between the EU and collaborating U.S. firms and can probably be seen as the principle various to the usual contractual clauses launched by the European Commission final yr.
Italian Supervisory Authority Imposes €20 Million Fine on Controller Outside of Europe
The Italian Garante per la Protezione dei Dati Personali revealed a choice on February 10, 2022 through which it imposes a €20 million fantastic on an organization exterior of Europe for violations of the EU General Data Protection Regulation.
U.S., UK, and Australia Issue Joint Cybersecurity Advisory on Ransomware Threat to Critical Infrastructure
On February 9, 2022, the United States, United Kingdom, and Australia issued a Joint Cybersecurity Advisory on the “Increased Globalized Threat of Ransomware” in opposition to essential infrastructure sectors. The advisory lists traits in cyber-criminal exercise from the final yr and in addition offers mitigation methods and suggestions to cut back the chance of compromise and the influence of ransomware incidents.