U.S. Securities and Exchange Commission Proposes Three Rules Related to Cybersecurity, Reopens Comment for One Rule
On March 15, 2023, the U.S. Securities and Exchange Commission (SEC) proposed three rules related to cybersecurity and the protection of consumer information and reopened the comment period for a proposed cybersecurity rule for investment advisers and funds. This significant action would impose new cybersecurity requirements for several SEC-registered entities, including with respect to these entities’ policies, incident response and notification procedures, and cybersecurity risk management. This Sidley commentary and analysis discusses the key features of each proposal, including new requirements and differences among each of the proposals.
FCC Proposes Updated Data Breach Reporting Requirements, Comment Period Ongoing
On January 6, 2023, the Federal Communications Commission (the Commission) released a unanimously adopted Notice of Proposed Rulemaking, “In the Matter of Data Breach Reporting Requirements” (Proposed Rule). The Commission sought comments through February 22, 2023 on the Proposed Rule which will update its current data breach reporting rule. Reply comments are due on or before March 24, 2023.
Meru Data Podcast Features Sidley Associate Lauren Kitces
Sidley associate Lauren Kitces was featured on Simplify For Success, a podcast series presented by Meru Data and hosted by Priya Keshav. Lauren discussed FTC’s proposed rulemaking regarding data privacy and data security, and shared her thoughts on how to prepare for the FTC enforcement.
Off to the Races: Comment Period for CPRA Proposed Regulations Begins
On Friday, July 8th, the California Privacy Protection Agency (CalPPA) began the formal rulemaking process to adopt proposed regulations to implement California Privacy Rights Act (CPRA) amendments to the California Consumer Privacy Act (CCPA). The initial written comment period will end on August 23, 2022 at 5:00 pm Pacific Time. To cap off the initial comment period, CalPPA will hold a public hearing on August 24th and 25th, during which the agency will accept oral comments and then close the first comment period.
The rulemaking process will take some time. Indeed, it is possible this initial rulemaking round will not be complete until after Thanksgiving. Revisions to the first draft are expected through likely multiple notice and comment rounds, in addition to deliberations by the CalPPA Board in noticed public meetings. Moreover, once the agency process is complete, the Office of Administrative Law (OAL) will review the proposed regulations to ensure they are consistent with the statute.
Data Regulation Ramps Up in Europe: The AI, Data, and Data Governance Acts
Join Sidley and OneTrust DataGuidance for Part two of the “Data Regulation Ramps Up in Europe” webinar series, where our panel will discuss legislative proposals, including the Artificial Intelligence Act, the Data Act, and the Data Governance Act (DGA). (more…)
China Data Law Update: Certification Rules and Draft Standard Contract Are Issued
As the year approaches its halfway point, Chinese government accelerates the legislation for cross-border data transfers. (more…)
