On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) published a notice of proposed rulemaking (NPRM) implementing the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). For additional background on CIRCIA, see our prior advisory. CISA is required to issue a final rule by October 4, 2025. Who is required to report covered […] The post CISA Posts Notice of Proposed Rulemaking Under CIRCIA appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog ..read more

Health and Human Services (“HHS”) released updated guidance yesterday on the use of online tracking technologies (like cookies, pixels, software development kits (SDKs), etc.) by HIPAA Covered Entities (the “Updated Guidance”). The Updated Guidance amends and supersedes HHS’s original guidance on the use of digital tracking technologies published on December 1, 2022 (the “Prior Guidance”).  […] The post More Guidance from HHS on Online Tracking Technologies but Questions Remain appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog ..read more

The Federal Trade Commission (FTC) received over 270 comments to its notice of proposed rulemaking (NPRM) for the amendments to the Children’s Online Privacy Protection Rule (COPPA Rule) during the public comment period that ended on March 11, 2024.  The NPRM reflects the FTC’s continued effort to modernize the COPPA Rule, which implements the Children’s […] The post State AGs and Other Stakeholders Weigh In On Proposed COPPA Rule Update appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog ..read more

On March 8, 2024, the California Privacy Protection Agency (“CPPA”) Board voted to advance to formal rulemaking proposed regulations under the California Consumer Privacy Act, as amended, regarding risk assessments, automated decisionmaking technology, and certain updates to existing regulations. The formal rulemaking action will begin when the CPPA publishes a proposed action in the California […] The post California Privacy Protection Agency Board Votes to Advance Proposed Regulations to Formal Rulemaking appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog ..read more

Peter Swire, Senior Counsel at Alston & Bird, has co-authored a detailed article in Lawfare, “Limiting Data Broker Sales in the Name of U.S. National Security: Questions on Substance and Messaging,” analyzing the Biden Administration’s new Executive Order issued yesterday. Swire’s article summarizes key aspects and impacts of the Executive Order, which is intended to […] The post Article: Executive Order to Limit Sales of Americans’ Sensitive Data to Adversarial Foreign Governments appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog ..read more

Today, the White House announced that President Biden will sign an executive order designed to protect sensitive data of U.S. persons from exploitation by identified countries of concern.  This executive order is expected to be published later today, and to direct the Department of Justice (DOJ) to issue regulations designed to address transactions that involve […] The post White House Executive Order to Regulate Transactions Involving Sensitive Personal Data of Americans appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog ..read more

Recently, there has been a surge in alerts and warnings concerning cyberattacks by People’s Republic of China (PRC) state-sponsored threat actors on U.S. critical infrastructure. On February 7, 2024, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA), along with the National Security Agency and their counterparts in Australia, Canada, […] The post FBI and CISA Warn of Chinese Cyberattacks on U.S. Critical Infrastructure appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog ..read more

Theodore Christakis, Professor of International Law at the University Grenoble Alpes and Senior Fellow and Director of Research for Europe at the Cross-Border Data Forum, has published a new comprehensive analysis on cross-border transfers of personal data and the EU’s data protection authorities’ “Zero Risk” theory developed since the CJEU Schrems II Judgment. Prof. Christakis looks […] The post CBDF Research Fellow Theodore Christakis Publishes Study on Cross-Border Data Transfers and the EU’s “Zero Risk” Approach appeared first on Alston & Bird Privacy, Cyber & Data Strategy Bl ..read more

On January 25, 2024, Senator Ron Wyden (D-OR) released documents that confirm U.S. intelligence agencies are purchasing location and other sensitive personal information from data brokers without the consent of the data subjects. The FTC has recently gone after data brokers who collect and sell the sensitive location data of consumers without their express consent, […] The post Declassified Intelligence Community Letters Highlight Importance of Monitoring Outbound Data Flows appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog ..read more

On February 9, 2024, the California state court of appeals mandated a trial court to vacate its order and judgment prohibiting the California Privacy Protection Agency (the “Agency”) from enforcing the California Privacy Rights Act regulations (the “CPRA Regulations”) until March 29, 2024. The Agency will be able to enforce the CPRA Regulations upon the […] The post California Court of Appeals Paves the Way for Enforcement of California Privacy Rights Act Regulations appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog ..read more