On November 3, 2022, the California Privacy Protection Agency (“CPPA”) issued a notice of modifications to the Proposed Regulations implementing the California Privacy Rights Act (“CPRA”). These proposed modifications come in response to public comments on, and are meant to clarify, previously issued modifications. The modifications, which are largely based on the Modified Proposed Regulations […]
California Privacy Protection Agency Approves Modifications to CPRA Regulations
Today, October 29, 2022, the California Privacy Protection Agency (“CPPA”) Board approved modifications to the Proposed Regulations under the California Privacy Rights Act (“CPRA”). The modifications will largely be based on the Modified Proposed Regulations published on October 17, but the Board directed the Staff to make changes pursuant to the CPPA Board meeting on […]
CSBS Releases Cybersecurity Programs to Help Nonbank Financial Services Institutions Improve Cybersecurity Posture
On August 9, 2022, the Conference of State Bank Supervisors (CSBS) released two cybersecurity tools for nonbank financial services institutions to help prepare for state cybersecurity exams and, ultimately, improve cybersecurity maturity. Developed by a multi-state team of cybersecurity examination experts, the Baseline Nonbank Cybersecurity Exam Program and the Enhanced Nonbank Cybersecurity Exam Program (the […]
California Privacy Protection Agency Initiates Notice and Comment Period for CCPA Regulations
The California Privacy Protection Agency (the “CPPA”) has issued a Notice of Proposed Rulemaking, as anticipated, for amendments to regulations the California Attorney General promulgated in 2020, and to propose new regulations under the CPPA’s mandate provided in the California Privacy Rights Act. The comment period closes on August 23, 2022. There will be a […]
EDPB Issues Draft Guidelines on the Calculation of Administrative Fines
On May 16, 2022, the European Data Protection Board (‘EDPB’) published draft regulatory guidelines (‘draft guidance’) on the calculation of administrative fines for infringements of the EU General Data Protection Regulation (‘GDPR’). In the draft guidance, the EDPB sets out its methodology, consisting of five steps, for calculating administrative fines. The EDPB adopted these guidelines […]