Sasha Hondagneu-Messner, Author at Data Matters Privacy Blog

About Sasha Hondagneu-Messner

New York

Entries by Sasha Hondagneu-Messner

23 10 '25

New York Department of Financial Services (NYDFS) Clarifies Expectations for Third-Party Cybersecurity Risks Under its Cybersecurity Regulation, and Additional Amendments Go into Effect on November 1, 2025

October 23, 2025/in Cybersecurity, Financial Sector, Information Security/by Sasha Hondagneu-Messner

On October 21, 2025, NYDFS, the New York State agency responsible for regulating financial services and products, issued an Industry Letter clarifying how “Covered Entities”[1] should manage cybersecurity risks arising […]

31 07 '25

A Mid-Year Privacy Check-In – Important Developments and New Compliance Obligations for Privacy Laws

July 31, 2025/in AI, Biometrics, CCPA, Children’s Privacy, Health Privacy, Online Privacy, U.S. State Law/by Sasha Hondagneu-Messner

During the first half of 2025, state legislators and regulators have been working overtime to enact new data privacy laws and expand existing laws, all of which are likely to […]

29 07 '25

California Privacy Protection Agency Advances Substantial Rulemaking – Cyber Audits, Risk Assessments, New Automated Decisionmaking Technologies Rights, and More

July 29, 2025/in AI, Automated Decisionmaking, CCPA, Cybersecurity, Online Privacy, Policy, U.S. State Privacy Laws/by Sasha Hondagneu-Messner

The California Privacy Protection Agency (Agency) on Thursday, July 24, 2025, approved a comprehensive set of new California Consumer Privacy Act (CCPA) regulations that the Agency has been developing for […]

13 08 '24

New York Attorney General Publishes Guide to Avoid “Key Mistakes” Regarding Online Tracking Technologies

August 13, 2024/in Enforcement, FTC, Litigation, Online Privacy, State Privacy Laws/by Sasha Hondagneu-Messner

On July 30, 2024, New York Attorney General Letitia James announced website privacy guides for New York consumers and businesses. The guides, a business-focused Business Guide to Website Privacy Controls […]

05 06 '24

U.S. SEC Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information Amendments Adopted

June 5, 2024/in Compliance, Consumer Protection, Financial Privacy, Regulatory, SEC/by Sasha Hondagneu-Messner

On May 16, 2024, the U.S. Securities and Exchange Commission (SEC) adopted amendments to its Regulation S-P. These final amendments impose significant cybersecurity requirements for several SEC-registered entities and transfer […]

07 03 '24

FTC Proposes Significant and Sweeping Changes to COPPA and Requests Public Comment

March 7, 2024/in Children’s Privacy, Cybersecurity, Enforcement, FTC, Information Security, Online Privacy, Policy, Regulatory/by Sasha Hondagneu-Messner

On January 11, 2024, the Federal Trade Commission (“FTC”) published its Notice of Proposed Rule Making (“NPRM”) seeking to update the FTC’s Children’s Online Privacy Protection Act (“COPPA”) Rule in […]

31 07 '23

U.S. SEC Public Company Cybersecurity Disclosure Regulation Finalized With Swift Effective Date

July 31, 2023/in Compliance, Cybersecurity, Data Breaches, Governance, Policy, Public Companies, Regulation, SEC/by Sasha Hondagneu-Messner

On July 26, 2023, the U.S. Securities and Exchange Commission finalized its rule on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies (the Final Rule), which will become effective […]

29 06 '23

SEC Delays Enactment of Cyber Rules Related to Investment Adviser and Public Companies to October 2023, Updates Timeline to April 2024 for Recently Proposed Cybersecurity Rules

June 29, 2023/in Cybersecurity, Data Breaches, Policy, Regulation, SEC/by Sasha Hondagneu-Messner

On June 13, 2023, the Office of Management and Budget released its Spring 2023 Unified Agenda of Regulatory and Deregulatory Actions, which includes updates on Securities and Exchange Commission (“SEC”) […]

24 04 '23

Compliance Updates for Employer’s use of Automated Decisionmaking Tools: New York City Finalizes Rules on Automated Employment Decision Tools and Sets Enforcement Date for July 5, 2023, Upcoming California Regulations, and Federal Guidance

April 24, 2023/in AI, Employee Privacy, Policy, U.S. State Privacy Laws/by Sasha Hondagneu-Messner

Employers in New York City may soon be subject to a new law, Local Law 144, that regulates employers’ use of automated employment decision tools (“AED tools” or “AEDT”) – […]

18 04 '23

U.S. Securities and Exchange Commission Proposes Three Rules Related to Cybersecurity, Reopens Comment for One Rule

April 18, 2023/in Cybersecurity, Regulation, SEC/by Sasha Hondagneu-Messner

On March 15, 2023, the U.S. Securities and Exchange Commission (SEC) proposed three rules related to cybersecurity and the protection of consumer information and reopened the comment period for a […]