NIST

NIST Publishes Draft Security Criteria for Consumer Software

Consumer software providers will soon have the option to label their software as compliant with National Institute of Standards and Technology (NIST) standards for software security. On November 1, 2021, NIST published its initial draft of this standard in a white paper titled “DRAFT Baseline Criteria for Consumer Software Cybersecurity Labeling” (the White Paper). The…
Read More
Disposition

Developing a Defensible Disposition Process

Starting in January of 2023, businesses subject to California Privacy Rights Act (CPRA) may be required to publish the retention periods for all categories of personal and sensitive information they collect, manage, store, share, or sell. CPRA Section 1798.100. Given the complexity of the upcoming CPRA requirements, we are publishing a series of articles on this topic.…
Read More
PDPL

Updates to Saudi Arabia’s Data Protection Law

Whilst European and North American businesses are well accustomed to dealing with complex data protection legislation, businesses in the MENA region have by and large not had to consider the same in their local markets. From a Saudi standpoint, the recently published Personal Data Protection Law (published on 24 September 2021 and effective as of…
Read More
Cybersecurity

New York DFS Issues New Cybersecurity Guidance

Under New York’s Cybersecurity Regulation, issued in 2017, any entity (a “Covered Entity”) regulated by the New York State Department of Financial Services (DFS) must maintain a risk-based cybersecurity program that protects its information systems and nonpublic data. For years, DFS has allowed Covered Entities to adopt the cybersecurity program of an affiliate. This has…
Read More
Data Protection

Opinion: How the U.S. Government’s Efforts Can Improve Data Privacy and Protection in 2021

This year, cybersecurity incidents, such as data breaches, have led to the proliferation of identity theft and fraud, facilitated by a lack of digital identity verification credentials. Additionally, data privacy legislation has gained momentum at the state level and become a key area of concern for lawmakers and citizens alike. Meanwhile, artificial intelligence and blockchain…
Read More
Rights

Lessons Learned from Implementing Privacy Rights Request Processes

Over the last three years, several data privacy regulations have been adopted around the world which include requirements related to the collection, processing, and use of personal information. The list includes the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and the Lei Geral de Proteção de Dados Pessoais (LGPD) for Brazil,…
Read More
California

California Passes Suite of New Privacy Laws

California continues to be at the vanguard of privacy protection.  On October 11, 2021, California’s Governor Newsom signed several bills addressing privacy and data security. These new laws go into effect January 1, 2022 and include: AB 335, which adds an exemption to the California Consumer Privacy Act (CCPA) consumer personal information sales opt-out right.…
Read More
Back To Top