By

Alan Charles Raul

22 June 2022

Connecticut Makes Five: The Constitution State Enacts Broad Data Privacy Law Effective July 2023

Connecticut has passed a new state data privacy law slated to go into effect on July 1, 2023.  The law largely tracks other new state data privacy laws recently passed in Virginia and Colorado, but also includes several provisions that could impact compliance plans, including a new obligation to provide … Read More

EmailShare
19 May 2022

Data Matters: The Declaration for the Future of the Internet

On April 28, 2022, the White House announced, in partnership with 60 global partners, the launch of the Declaration for the Future of the Internet, also known as the “DFI.”

According to the White House briefing, the Declaration sets forth the shared principles regarding how parties should comport … Read More

EmailShare
17 May 2022

Nation-State-Sponsored Attacks: Not Your Grandfather’s Cyber Attacks

*Reprinted with permission from the May 6, 2022 edition of the New York Law Journal © 2022 ALM Global Properties, LLC. All rights reserved. Further duplication without permission is prohibited, contact 877-256-2472 or reprints@alm.com.

It used to be that data breaches were all about cyber-crooks hacking computer systems to … Read More

EmailShare
05 May 2022

CISA: “We don’t stab the wounded.”

Jen Easterly, Director of the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”), repeatedly emphasizes CISA’s cooperative approach with the U.S. private sector. During her interview with Sidley’s Alan Raul on April 13, 2022, Easterly emphasized that CISA’s role was not to “name, blame, shame, or stab the wounded” victims of … Read More

EmailShare
14 April 2022

Privacy by Design and Data Minimisation

*This article was first published by Global Data Review in March 2022.

“Privacy by design” refers to the practice of integrating and embedding privacy and data protection into the development and implementation of information technology systems, business practices and policies, and products and applications.

EmailShare
Read More
EmailShare
13 April 2022

CISA Publishes a List of Key Elements to Share in Incident Reports

Amidst severe warnings by the United States government of heightened cyber risks (especially for critical infrastructure), and on the heels of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) being signed into law in March 2022, the Cybersecurity and Infrastructure Security Administration (CISA) published a Cyber Event Read More

EmailShare
29 March 2022

California AG’s First Formal CCPA Opinion Directs Businesses to Disclose Internally-Generated Inferences and Expresses Skepticism Around Trade Secret Claims

In its first formal opinion interpreting the California Consumer Privacy Act (the “Opinion”), the California Attorney General (OAG) has expansively interpreted CCPA to mean that inferences created internally by a business, including those based on data that is not included in the definition of personal information, constitute “specific pieces” of … Read More

EmailShare
24 March 2022

Uniform Personal Data Protection Act Offers an Alternative Approach to Consumer Data Protection

*This article first appeared in Legaltech News on March 22, 2024, available here.

With federal consumer privacy bills gaining little traction, the Uniform Law Commission proposes the Uniform Personal Data Protection Act (UPDPA) as an alternative to the existing quilt of state consumer privacy laws. In a panel … Read More

EmailShare
21 March 2022

Congress Passes Cyber Incident Reporting for Critical Infrastructure Act of 2022

The U.S. Congress has passed a significant new cybersecurity law that will require critical infrastructure entities to report material cybersecurity incidents and ransomware payments to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 and 24 hours, respectively. The reporting requirements will cover multiple sectors of the economy, including chemical … Read More

EmailShare
11 March 2022

Newly Proposed SEC Cybersecurity Risk Management and Governance Rules and Amendments for Public Companies

On March 9, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new cybersecurity rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies. The text of the proposed rules is available here. The SEC proposal would continue to ratchet up … Read More

EmailShare
1 2 3 15
XSLT Plugin by BMI Calculator