Inside Privacy

Updates on developments in data privacy and cybersecurity

Latest from Inside Privacy - Page 2

On October 12, 2023 the Italian Data Protection Authority (“Garante”) published guidance on the use of AI in healthcare services (“Guidance”).  The document builds on principles enshrined in the GPDR, national and EU case-law.  Although the Guidance focuses on Italian national healthcare services, it offers considerations relevant to the use of AI in the healthcare

On October 10, 2023, California Governor Gavin Newsom signed S.B. 362, the Delete Act (the “Act”), into law.  The new law represents a substantive overhaul of California’s existing data broker statute, which requires data brokers to register with the California Attorney General annually.  The passage of the Act follows a renewed interest in data

On 3 October 2023, the UK Information Commissioner’s Office (“ICO”) finalized its Employment practices and data protection − Monitoring workers guidance (“Guidance”) to account for new types of work, including work from home, and the use of more sophisticated technologies for monitoring. In November 2022, we published a detailed blog post on the ICO’s public

On September 28, 2023, the Cyberspace Administration of China (“CAC”) issued draft Provisions on Standardizing and Promoting Cross-Border Data Flows (Draft for Comment) (规范和促进数据跨境流动规定(征求意见稿)) (draft “Provisions”) (Chinese version available here) for a public consultation, which will conclude on October 15, 2023. 

The draft Provisions propose significant changes to the existing cross-border data transfer regime

On September 15, the Federal Trade Commission (“FTC”) and U.S. Department of Health and Human Services (“HHS”) announced an updated joint publication describing the privacy and security laws and rules that impact consumer health data.  Specifically, the “Collecting, Using, or Sharing Consumer Health Information? Look to HIPAA, the FTC Act, and the Health Breach

As many readers will be aware, the EU’s new cybersecurity directive, NIS2, imposes security, incident notification, and governance obligations on entities in a range of critical sectors, including energy, transport, finance, health, and digital infrastructure (for an overview of NIS2, see our previous post here). One of the main reasons the Commission proposed these new

On 12 September 2023, the UK Information Commissioner, John Edwards, and the Chief Executive of the National Cyber Security Centre (“NCSC”), Lindy Cameron, signed a joint memorandum of understanding (“MoU”) detailing how the Information Commissioner’s Office (“ICO”) and NCSC will work together moving forward.

The MoU does not create legally binding obligations between the ICO

Ahead of its September 8 board meeting, the California Privacy Protection Agency (CPPA) has issued draft regulations on cybersecurity audits and risk assessments.  Public comments will be requested once the formal rulemaking process is kicked off.  Accordingly, the draft regulations are subject to change.  Below are the key takeaways:

Cybersecurity Audits

  • New cybersecurity audit

On August 21, 2023, the Cybersecurity and Infrastructure Security Agency (“CISA”), National Security Agency (“NSA”), and National Institute of Standards and Technology (“NIST”) issued a joint quantum-readiness factsheet (the “Factsheet”) to inform organizations—particularly those that support critical infrastructure sectors—about quantum computing threats and to urge these organizations to begin planning for future migration to