Yesterday, the Biden Administration issued a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems (“Memorandum”). A short summary is below. However, the primary take away is that the government will be establishing preliminary cybersecurity performance goals for certain industries no later than September 2021. While we do not yet know what these […]
EDPB publishes Guidelines on the Concepts of Controller and Processor in the GDPR
On July 7th, the European Data Protection Board (“EDPB”) adopted its finalized guidelines on the concepts of controller and processor in the General Data Protection Regulation (“GDPR”). While the EDPB’s predecessor – the Article 29 Working Party – had issued guidance on the concepts of controller/processor (Opinion 1/2010, WP169) back in 2010, many practical concerns […]
Partner and Former Deputy Assistant Attorney General Kellen Dwyer Discussed China Tech Crackdown on CNBC
Partner Kellen Dwyer joined CNBC’s “Squawk on the Street” to discuss what he sees in China’s tech crackdown.
State Legislatures Consider Bans on Ransomware Payments
As ransomware attacks continue to dominate the news cycle, legislation has recently been introduced in several states that would place limits on certain entities’ ability to pay a ransom payment in the event of a ransomware attack. Although the proposed limits would generally apply to state agencies and other local governmental authorities, certain state proposals […]
Alston & Bird Publishes FAQs – Standard Contractual Clauses for Controllers and Processors in the EU/EEA
Our Privacy, Cyber & Data Strategy Team answers five questions about the standard contractual clauses that aim to ensure compliance with Articles 28(3) and (4) of the General Data Protection Regulation: Are controllers and processors obliged to use the Article 28 clauses for their data processing agreements? Do the Article 28 clauses ensure compliance with […]