Cybersecurity & Privacy
Cybersecurity & Privacy
New DoJ Policy Limits Computer Hacking Prosecutions
The Department of Justice today issued a new policy on computer hacking prosecutions that would protect good-faith security research and allow “minor” violations of the Computer Fraud and Abuse Act (CFAA) to go unpunished. The policy responds to conc...

An advisory published Tuesday by the Cybersecurity and Infrastructure Security Agency, the National Security Agency, and the Federal Bureau of Investigation, along with allied nations, addresses the common weaknesses that enable hackers to gain acces...
A bill that would establish a training program to educate public and private sector entities about cyber threats to industrial control systems (ICS) today cleared the House Homeland Security Committee. The Industrial Control Systems Cybersecurity Tra...
Brazil’s data protection authority, the Autoridade Nacional de Proteção de Dados (ANPD), has opened a call for comments on the regulation of international transfers of personal data. The call for comments notes that international data transfers have ...
Legislation that would require the Small Business Administration to establish a cybersecurity training program for counselors at small business development centers (SBDCs) was approved yesterday by the Senate Small Business and Entrepreneurship Commi...
Fourteen senators have written data brokers SafeGraph, Inc., and Placer.ai demanding information about the companies’ collection and sale of cellphone-based location data of people who visit abortion clinics. In letters sent Tuesday, the lawmakers sa...
TR Daily Khan asked the House Subcommittee on Financial Services and General Government for increased staff to address a historic surge in mergers. During a House Appropriations financial services and general government subcommittee hearing to discus...
Cybersecurity & Privacy
House OKs Bill to Help Local Governments With Cybersecurity
A bill designed to help state and local governments improve their cybersecurity through closer collaboration with the Department of Homeland Security cleared the House late yesterday by a vote of 404-14. The State and Local Government Cybersecurity A...

The Louisiana state House Committee on House and Governmental Affairs voted 9-2 yesterday to pass a bill called the Louisiana Consumer Privacy Act to establish consumer rights related to personal data processing. HB 987, which is sponsored by Rep. Da...
The California state Senate Committee on Appropriations meets tomorrow to take up a bill that seeks to strengthen the state’s privacy protections by expanding the definition of “data brokers,” imposing additional requirements on data brokers, and inc...
The European Data Protection Supervisor (EDPS) announced yesterday that it had published two opinions on proposed regulations establishing harmonized rules for cybersecurity and information security for European Union institutions, bodies, offices, a...
Four Senate Democrats today asked the Federal Trade Commission to investigate whether ID.me, Inc., an online authentication platform used by some government entities, made deceptive statements about its use of facial recognition technology. ID.me, a ...
The Singapore Personal Data Protection Commission (PDPC) published guidance on May 17 on the use of biometric identifiers in commercial security applications. In its Guide on Responsible Use of Biometric Data in Security Applications , the PDPC notes...
The Spanish data protection authority, Agencia Espanola de Proteccion de Datos (AEPD), issued a resolution of a procedure implemented against Google LLC in which it found serious infractions of the European Union’s General Data Protection Regulation ...
Without establishing an injury-in-fact from the data breach, patients lacked standing to bring suit to collect damages from provider. A provider who failed to safeguard electronic protected health information (e-PHI) of 300,000 patients escaped respo...
Cybersecurity & Privacy
Officials Report Progress on Meeting Cyber EO’s Goals
Government witnesses today offered an optimistic assessment of the federal government’s progress toward implementing a cybersecurity executive order issued in the aftermath of the SolarWinds cyber intrusion. At a hearing of the House Homeland Securit...

The increasing number of states enacting comprehensive consumer privacy laws has highlighted a variety of issues related to the storage, management and disposal of record information. Jeff Phillips and Collen M. Yushchak of Ankura Consulting Group LL...
The Andorran Data Protection Authority (ADPA) announced today that the country’s updated data protection law had officially entered into force. Law 29/2021 of 28 October , which originally was published in the Official Bulletin in November 2021, alig...
The Berlin data protection authority issued updated guidance on Friday discussing the permissibility of cross-border data transfers in light of the Schrems II decision issued by the Court of Justice of the European Union (CJEU). The guidance outlines...
A bill that would establish a training program to educate public and private sector entities about cyber threats to industrial control systems (ICS) has been introduced by Rep. Eric Swalwell (D., Calif.). The Industrial Control Systems Cybersecurity ...
The California Privacy Protection Agency (CPPA) will hold its next board meeting on May 26, at which it is expected to provide updates on its rulemaking processes. According to the board’s agenda , Executive Director Ashkan Soltani will provide updat...
The Canadian Office of the Privacy Commissioner (OPC) announced yesterday that it had provided updated guidance for data controllers on the processing of sensitive personal information under the Personal Information Protection and Electronic Document...
A bill that would provide financial assistance to graduate students researching the cybersecurity of U.S. energy infrastructure was approved today by voice vote by the House Science, Space, and Technology Committee. The Energy Cybersecurity Universit...
The French data protection authority, Commission nationale de l'informatique et des libertés (CNIL), has published the first evaluation criteria to assess the legality of the use of so-called “cookie walls” by websites and mobile applications. Faced ...
Legislation that would require the Department of Homeland Security to review the effectiveness of its cyber incident response plans cleared the House late yesterday. The DHS Roles and Responsibilities in Cyber Space Act (HR 5658) was approved by a vo...
The individuals pose as non-North Korean to obtain employment that helps fund the country’s nuclear weapons and ballistic missile programs, the advisory says. The U.S. Treasury Department, State Department, and Federal Bureau of Investigation have is...
Tech giants don’t currently have a large share of the financial services market, but any of them could scale up quickly in the future, the Congressional Research Service said in a report. Big technology companies’ growing involvement in the banking s...
Cybersecurity & Privacy
Trade and Technology Council Agrees to Supply Chain, ICT Actions
At its second meeting, the U.S.-European Union Trade and Technology Council (TTC) highlighted efforts on supply chains, information and communications technology (ICT) security, 6G, and other areas at a two-day session that ended today in France. “TT...

Welcome to The Week in State Privacy and Cybersecurity Legislation , your weekly update on the latest developments in proposed and amended privacy and data security legislation across the 50 states and the District of Columbia, as well as a summary o...
A bill that would direct federal agencies to provide cybersecurity resources to small businesses, governments, and nonprofits would cost the federal government $10 million over the 2022-2027 period, the Congressional Budget Office has estimated. The ...
The Electronic Privacy Information Center (EPIC) announced on Friday that is had joined a coalition of privacy groups called Fight for the Future to call on Zoom Communications to abandon its plans to develop and incorporate emotional tracking softwa...
The European Data Protection Board (EDPB) released guidelines for public consultation today that address the calculation of administrative fines under the European Union’s General Data Protection Regulation (GDPR) and the use of facial recognition in...
Entities should exercise caution in deploying open radio access network (RAN) technology because it can lead to additional network vulnerabilities, especially in the short term, according to a report released by European Union countries with the supp...
The European Council announced today that it had approved the Data Governance Act (DGA), which it said would promote the availability of data and build a trustworthy environment to facilitate data use for research and innovation. Reuse of public sect...
Access Now, Free Press, and UltraViolet have delivered thousands of petition signatures urging the Federal Trade Commission to launch a privacy and civil rights rulemaking, and the groups say that with Alvaro Bedoya’s confirmation as an FTC commissio...
TR Daily Groups say companies’ use of personal data harms minorities. Access Now, Free Press, and UltraViolet have delivered thousands of petition signatures urging the Federal Trade Commission to launch a privacy and civil rights rulemaking, and the...
Although the group of patients had standing to sue medical providers in multidistrict litigation based on alleged breaches of privacy, many of their counts were dismissed for failure to state a claim. A federal district court in Florida dismissed man...
Cybersecurity & Privacy
EU Lawmakers Reach Agreement on Stricter Cybersecurity Rules
European Union legislators today announced a tentative agreement on the text of a new law that would impose stricter cybersecurity requirements on EU organizations and create new mechanisms to protect critical infrastructure from cyber attacks. The a...

The European Council (EC) announced on Wednesday that it had reached a provisional agreement with the European Parliament on the Digital Operations Resilience Act (DORA), which is designed to strengthen the IT security of financial entities like bank...
Ninety-four members of the House-Senate conference committee on HR 4521—the America COMPETES Act in the House and the U.S. Innovation and Competition Act (USICA) in the Senate—spoke yesterday during the first meeting of the committee tasked with iron...
Federal Trade Commission Chair Lina Khan announced yesterday that the agency’s commissioners will vote on a policy statement on education technology and the Children’s Online Privacy Protection Act at a virtual open meeting on May 19, beginning at 1 ...
Interactive Advertising Bureau Europe (IAB Europe) announced today that it had withdrawn its request to suspend the execution of a decision of the Belgian data protection authority imposing a fine based on violations of the European Union General Dat...
The Linux Foundation has released a plan calling for $150 million to be spent over two years to improve the security of open source software (OSS), and it announced that six technology companies had pledged $30 million for the effort. The foundation’...
The Louisiana state House Committee on House and Governmental Affairs meets May 17 to discuss the proposed Louisiana Consumer Privacy Act. HB 987, which is sponsored by Rep. Daryl Deshotel (R.), would give consumers the right to confirm whether a con...
Sen. Michael Bennet (D., Colo.) yesterday introduced a bill to create a federal commission to oversee and regulate digital platforms to protect consumers; promote competition; assure algorithms are fair, transparent, and safe; promote access to platf...
The Council of Europe (COE) announced yesterday that the “second additional protocol” to the Convention on Cybercrime (also known as the Budapest Convention) has been signed by 22 member and non-member states. According to the COE press release , mem...
With claims sufficiently pleaded, the court delayed the question of whether the employee could prove her allegations. The federal district court in Chicago denied a motion to dismiss by a Subway franchisor and the creator of its point-of-sale (POS) s...