The Texas Data Privacy and Security Act (TDPSA) was enacted on June 18, 2023, making Texas the tenth U.S. state to authorize a comprehensive privacy law that protects resident consumers. The TDPSA borrows many statutes from other state privacy laws, mainly the Virginia Consumer Data Protection Act (VCDPA) and the California Consumer Privacy Act (CCPA).

CPS 230 will disrupt vendor relationships for Australian financial institutions by giving APRA greater authority over service provider arrangements when prudential concerns are heightened. If you’re an APRA-regulated entity, this post will help you understand the requirements of CPS 230, how the new standards differ from SPS 231 and SPS 232, and how to achieve compliance standards by the full compliance deadline of 1 July 2025.

When the Nevada Revised Statutes Chapter 603A (Nevada Privacy Law) was first proposed, it only required businesses to notify consumers in the event of a data breach. Since then, the law has been expanded and amended on several occasions. Today, the law grants resident consumers various privacy rights and requires operators and data brokers to adhere to strict data protection regulations.

In a significant stride towards strengthening cybersecurity practices and protecting the nation’s digital future, the White House has issued a formal National Cybersecurity Implementation Plan, and named the 5 pillars that it believes are critical to successfully implementing its cybersecurity strategy.

New York State’s Department of Financial Services (DFS) recently published a proposed amendment to its cybersecurity regulation affecting New York financial institutions. Part 500 of Title 23 of the New York Codes, Rules and Regulations (23 NYCRR 500) governs cybersecurity requirements for financial services companies. When first adopted in 2017, it was the first comprehensive cybersecurity regulation from a state government to govern the financial services sector.

On May 11, 2017, President Trump signed Executive Order 13800, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. The intention was to reduce cybersecurity risks to national security by improving federal agencies’ cybersecurity and information technology (IT) systems. The executive order holds the heads of federal agencies accountable for their agencies’ risk management practices.

On July 7, 2021, Colorado became the third U.S. state to establish regional data privacy legislation. Colorado included the legislation in Senate Bill 21-190, which was signed into action by Governor Polis. The Colorado Privacy Act (CPA), also called the Colorado Privacy Law, became effective on July 1, 2023.

On July 10th, the EU Commission adopted an adequacy decision for the proposed EU-U.S. Data Privacy Framework. This is exciting news for organizations, as many have been stuck in privacy "limbo" since the annulment of the previous EU-U.S. Data transfer mechanism, Privacy Shield, which was annulled due to challenges in court by privacy activist Max Schrems.

Have you heard of the NIS Directive? The full name is quite a mouthful, "DIRECTIVE (EU) 2022/2555 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on measures for a high common level of cybersecurity across the Union". The informal name has been shortened to the Network and Information Security (NIS) Directive. The aim of the directive was to develop a common level of cybersecurity across the Member States that could be applied to entities of critical national importance.

Australia officially launched their National Anti-Scam Centre this week. With more than AUD $3.1 billion lost each year, Australians need support. With representatives from the banks, telecommunications industries and digital platforms, the intent of the center is to identify methods to disrupt all kinds of scams and reduce scam losses. While I completely support this initiative, it would be remiss of me not to highlight that the prevention of scams is perhaps as important as the cure.