General

The European Commission and the Association of Southeast Asian Nations (ASEAN) have published a first-of-its-kind guide[1] that identifies the similarities and differences between the ASEAN model contractual clauses (ASEAN MCCs) and the EU standard contractual clauses (EU SCCs).

A second guide will be issued in due course, which will provide best practices for meeting

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

South Korea Consults on Draft Decree to Personal Information Protection Act | Privacy World

Bilingual Draft of China’s Standard Contract

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

NIST Not Voluntary in the Volunteer State: Tennessee Privacy Law Requires Comprehensive Written Privacy Program that Conforms to a Voluntary

2023 has swiftly become the year of the U.S. National Cybersecurity Strategy.  On March 2, 2023, the Biden Administration issued its National Cybersecurity Strategy brief, outlining its vision to: (1) defend critical infrastructure; (2) disrupt and dismantle threat actors; (3) shape market forces to drive security and resilience; (4) invest in a resilient future; and (5) forge international partnerships to pursue shared goals. In furtherance of the goal to defend critical infrastructure, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default” (the “Report”), on April 13.

Calling the current state of technology “vulnerable by design,” the Report aims to encourage technology manufacturers to integrate security into their products from the ground up, factoring security into product development beginning at the design phase.  In addition to the CISA, several American security agencies (the National Security Agency and Federal Bureau of Investigation) and international cybersecurity agencies (from Australia, Canada, the United Kingdom, Germany, the Netherlands, and New Zealand) collaborated to provide a unified recommended approach to the development of both software and hardware.  Below, we break down what the Report means for the tech sector.

Continue Reading New CISA Guidelines Lay Out Unified International Principles on Security-by-Design and Security-by-Default

On 13 April 2023, Singapore was appointed as the deputy chair of the Global Cross-Border Privacy Rules (CBPR) Forum’s policymaking body, the Global Forum Assembly.

Co-founded by Singapore and other participants in the APEC CBPR System in April 2022, the forum aims to promote the free flow of data and data protection and privacy globally

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Data Retention and Minimization, The Elephant in the Room | Privacy World

Orders to Progress Complaints – No Backdoor Appeal

On March 29, 2023, the California Office of Administrative Law (OAL) approved the regulations implementing the California Consumer Privacy Act (CCPA). The regulations were approved by the California Privacy Protection Agency (CPPA) during its February 3rd meeting (see our report here) and filed with the OAL on February 14, 2023. The regulations are

Last week, on March 15, 2023, the U.S. Securities and Exchange Commission (“SEC” or “Commission”) continued its aggressive push to regulate the cybersecurity of entities in the financial services sector, proposing three rules affecting a variety of SEC-regulated entities, including broker-dealers, investment companies, and investment advisers, as we covered here on Privacy World.  These

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

2023 State Privacy Laws and Regulations Bring Extensive Data Protection Assessment Requirements | Privacy World

Priority Topics for French CNIL

On 8 March 2023 the UK government heralded its new Data Protection and Digital Information (No 2) Bill (the Bill) as a “new common-sense-led version of the EU’s GDPR” that would save the UK economy more than £4 billion over the next 10 years and ensure that privacy and data protection are securely protected”.