I think of cookie consent requirements as being driven by European law, specifically the EU ePrivacy Directive. But I recently heard that Russia also has a cookie consent requirement. Is this really the case? If so, do the requirements apply to a business that is not a Russian company?
I heard that the Russian data protection authority (Roskomnadzor) has sent out thousands of inquiries to businesses (including businesses outside Russia) asking them to confirm, within 30 days, that they store personal information of Russian citizens in Russia in compliance with Russia’s data localization law.
My company received the letter. What do I need to know?
My company is registered with the Russian tax authority, but we did not receive such an inquiry. Should I be concerned?
Who is Lina Khan, and what is the likely impact of her appointment as chair of the Federal Trade Commission?
Do breach notification laws require me to notify regulators or individuals when my business inadvertently sends an email to the wrong person that contains a small amount of personal information about another person?
The new California Privacy Rights Act (CPRA) and Virginia Consumer Data Protection Act (VCDPA) will be operative on January 1, 2023. That seems like a lot of time to prepare, and the CPRA regulations are not out yet. When should I begin, and how can I phase out the work over 2021 and 2022?
We recently notified our lead data protection authority in the EU of a data breach we suffered. Do we need to also notify the UK data protection authority (ICO) or will our lead DPA forward the notification to the ICO as part of an ongoing cooperation?
Our cyber insurance broker is bracing its clients for a tough cyber insurance renewal this year. Is there anything we can do to help make things go more smoothly?