In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Federal Court Sanctions Company for Spoilation of Evidence Over Arguments Data Settings Changed to Comply with CCPA and ISO

On Monday, it was announced that the Federal Trade Commission (“FTC”) was taking action against education technology provider Chegg Inc. (“Chegg”) for its deficient data security practices that exposed the sensitive information of millions of its customers and employees, including Social Security numbers, email addresses and passwords.  According to the FTC, Chegg allegedly failed to fix problems with its cybersecurity despite experiencing four breaches since 2017.  This latest development is another reaffirmation of the FTC’s prioritization of privacy and security, as previously covered on CPW.

Continue Reading Ed Tech Company’s Four Data Breaches in Three Years Leads to FTC Enforcement Action

Burn After Reading is a black comedy spy movie by the Coen brothers. It could also be an extreme encapsulation of the core of data retention rules applicable to communications providers: data should only be kept for as long as:

  • There is an administrative need to keep it to carry out your business or support functions (e.g. billing); or
  • It is required to demonstrate compliance for audit purposes or for legislative requirements (e.g. in case of an order to intercept communications for law enforcement).

Continue Reading Burn After Reading… Data Retention Compliance

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Ad Industry Group Modifies Its Compliance Program to Address 2023 US State Privacy Laws | Consumer Privacy World


On October 17, 2022, the California Privacy Protection Agency (“CPPA” or “Agency”) published Modified Text of Proposed Regulations (“Modified Regs”) and Explanation of Modified Text of Proposed Regulations (“Explanation of Modified Regs”). The CPPA review of the Modified Regs has been postponed and is now scheduled to be considered during the October 28-29, 2022 public meeting.

Recall that earlier this year, on May 27, 2022, the CPPA published the first draft of the proposed CPRA Regs and initial statement of reasons. The Agency commenced the formal rulemaking process to adopt the Regs on July 8, 2022, and the 45-day public comment period closed on August 23, 2022. The comments submitted in response to the first draft of the Regs are available here.
Continue Reading Revised Proposed CPRA Regs To Be Considered At October 28, 2022 Meeting

The UK’s Electronic Communications (Security Measures) Regulations 2022 (the Regulations) came into force on 1 October 2022, together with the Telecommunications Security Code of Practice (the Code of Practice). The Regulations reflect the increased risk of cyber-attack and data breaches, whether for criminal purposes or by potentially hostile states. They supplement general duties imposed on providers of public electronic communications networks and services by the Communications Act 2003, sections 105A and 105C, and provide Ofcom with new powers to monitor and enforce enhanced obligations affecting:

  • providers of public electronic communications networks (“network providers”); and
  • providers of public electronic communications services (“service providers”).

Continue Reading Protecting Electronic Communications Networks and Services from Cyber-Attack and Data Breach: Enhanced Obligations and Board-level Accountability

Join CPW’s Scott Warren at the 12th International Cybersecurity Symposium as he leads a panel of experts in a  session on “Practical Steps to Creating Real Social, Economic and National Security in Japan” in-person at Keio University in Tokyo, Japan, on October 14, 2022, at 4:00 pm JST.

Squire Patton Boggs partner and chair of

Last Friday, the Securities and Exchange Commission reopened the comment period on eleven of its pending rulemakings because of a technological error that caused the SEC not to receive all of the comments submitted during the original comment period.  One of the eleven proposals affected by the reopening is the SEC’s proposal from March

Earlier today, President Biden issued the Executive Order that is expected to lay the groundwork for the replacement for Privacy Shield.   

Key Takeaway 

President Biden issued an Executive Order to help pave the way for a new mechanism to transfer personal data subject to EU data protection law from the EU to the US. Whether and when the new mechanism will be available for US businesses remains to be seen.

Continue Reading Biden Administration Issues Executive Order for Privacy Shield Replacement

After several days of deliberating, a jury today convicted Uber Technologies Inc.’s (“Uber’s”) former chief security officer (the “Former CSO”) of criminal obstruction and concealing the theft of personal data of fifty million Uber customers and seven million Uber drivers from the Federal Trade Commission (“FTC”).

Recall that back in 2016, two hackers stole data