The Data Protection and Privacy Hub™’s Post

California Regulator Opens Comment Period for Latest Round of Privacy Regulations: On November 22, 2024, the California Privacy Protection Agency (CPPA) opened the formal public comment period for its latest proposed rulemaking package. The package includes updates to existing regulations and proposed regulations for cybersecurity audits, risk assessments, automated decision-making technology (ADMT) and insurance companies. The public comment period begins on November 22, 2024 and concludes on January 14, 2025.... By: Katten Muchin Rosenman LLP #dataprotection #dataprivacy #privacy

Draft CCPA Regulations Stalled as Agency Struggles With Applicability of ADMT Rules: On July 15, 2024, the California Privacy Protection Agency (CPPA) released proposed updates to the California Consumer Privacy Act (CCPA) regulations, including updates to the draft risk assessments, automated decisionmaking technology (ADMT), cybersecurity audits and insurance companies’ regulations. The CPPA board did not vote to send the revised proposals to final rulemaking during its July 16 meeting due to reservations about certain key concepts, such as the broad definition of ADMT. At... By: McDermott Will & Emery #dataprotection #dataprivacy #privacy

Archana Acharya, Chief General Counsel, recently discussed the importance of shared expertise in tackling compliance challenges, including concerns such as data privacy and cybersecurity with Insurance Business Australia. Learn more about navigating the regulatory landscape for insurers in today's complex environment: https://hubs.ly/Q02xz8Kw0

Latest Post from JD Supra - California Regulator Opens Comment Period for Latest Round of Privacy Regulations #privacy #dataprotection #cybersecurity

Today, the California Privacy Protection Agency (CPPA) began the official public comment period for proposed regulatory action for CCPA updates, cybersecurity audits, risk assessments, ADMT, and insurance companies.   The proposed regulations are based on several years of preliminary rulemaking activities, including receiving written comments from the public, hosting public stakeholder sessions through the state, and meeting with stakeholders to receive invaluable feedback. The proposed rulemaking package:  ◼ Updates existing CCPA regulations    ◼ Establishes requirements for certain businesses to complete annual cybersecurity audits and conduct risk assessments   ◼ Implements consumers’ rights to access and opt-out of businesses’ use of ADMT   ◼ Clarifies when insurance companies must comply with the CCPA  Those wishing to submit written comments on the proposed regulations may do so until January 14, 2025, at 6 p.m. PST. The Agency will also hold a public hearing to receive public comment on January 14, 2025. Find more information about the event and read more: https://lnkd.in/gbCTTxBu 

On November 8, the California Privacy Protection Agency (CPPA) Board took significant steps to strengthen consumer data privacy. The board voted to adopt new regulations for data broker registration and advanced a comprehensive rulemaking package focused on insurance, cybersecurity audits, risk assessments, and automated decision-making technology (ADMT). Highlights of New Data Broker Regulations: - Refined Registration Requirements: The regulations, expected to take effect by January 1, 2025, clarify data broker registration processes under the Delete Act, improving transparency and public awareness. - Enhanced Disclosures: Data brokers will now be required to disclose exempt data collection practices and clarify terms such as “direct relationship” and “reproductive health care.” Advancement of Key Rulemaking for Privacy Protections: The CPPA also advanced new rules on insurance, cybersecurity, and ADMT, which include: - Cybersecurity & Risk Assessments: Requires annual cybersecurity audits and risk assessments for specific businesses. - Insurance Compliance with CCPA: Clarifies when insurance companies must adhere to California’s privacy law. - Consumer Rights Over ADMT: Establishes consumers’ rights to access and opt-out of businesses’ use of automated decision-making technology. Executive Director Ashkan Soltani stated, “The board’s vote today is a critical step in advancing privacy rights for Californians.” The public will have an opportunity to comment on these proposals as they enter the formal rulemaking phase. For more on data privacy regulations, follow Global Regulatory Insights. #DataPrivacy #CaliforniaPrivacy #CPPA #DataBrokers #Cybersecurity #ADMT #GRI

The Economic Crime and Corporate Transparency Act 2023 introduces a new offence of 'Failure to Prevent Fraud' and expands the identification principle which attributes criminal liability to companies in respect of economic crime. This ground breaking legislation introduces significant changes that will reshape the landscape of corporate liability for economic crimes. Corporate crime experts Euros Jones and Kelly Wilson explore how this will impact the insurance sector in our Insurance Trends Report: https://bit.ly/4bp3Qvy #dwf #insurance #corporatelaw #economiccrime #compliance #riskmanagement #legal

(JDSUPRA) Is privacy a bigger risk than cyber? Maybe. Regardless, trying to keep track of and comply with the wide range of privacy law is no easy task, particularly considering so much of the application of those laws are determined by many factors. For this reason, it is not hard to see why underwriters may view privacy as their top concern, and why organizations need trusted and experienced partners to help navigate the maze. 🔹 Regulatory compliance is not the end of the story for privacy. For example, organizations can cause self-inflicted wounds when they make assertions about the handling and safeguarding of the personal information they collect, and fail to meet those assertions. A good example is the privacy policy on an organization’s website. Stating in such a policy that the organization will “never” disclose the personal information collected on the site may create a binding obligation on the organization, even if there is not a law that requires such a rule concerning disclosure. Check out the Federal Trade Commission’s enforcement of these kinds of issues in its recently issued 2023 Privacy and Data Security Update. 🔹 As a recent DarkReading article points out, there is a growing sense that the “mishandling [of] protected personally identifiable information (PII) could rival the cost of ransomware attacks.” The article discusses several reasons driving this view, citing among other things, the recent uptick in pixel litigation. That is, litigation concerning the handling of website users’ personal information obtained from tracking technologies on websites without consent. 🔹 However, the article also alludes to the vast patchwork of nuanced privacy laws across numerous jurisdictions as support for an increasing number of insurance professionals viewing privacy as the “top insurance concern.” In addition to the onslaught of litigation over the use of website tracking technologies, the challenges of navigating the ever expanding and deepening maze of privacy law seem to present much greater compliance and litigation risks for organizations. #privacy #pii #dataprivacy #cybersecurity #policies #cyberpolicies #compliance #regulatorycompliance #buckler #riskmanagement #governance #cybergrc #regtech #financialservices #ciso #cisos #biso #cco #cro #securityprofessionals https://lnkd.in/eg-_3raj

I was glad to share some thoughts on data privacy with Dark Reading—data is hazardous material, but we often see companies hoarding it like an asset instead of eliminating it to reduce risk. Read more: https://lnkd.in/gSVZ-7zF #DataPrivacy #DataSecurity