The EU Data Act (Regulation (EU) 2023/2854) introduces a comprehensive framework to enhance data portability and reduce vendor lock-in across the EU digital economy. One impactful component is the cloud switching regime (Chapter VI), which establishes broad obligations to facilitate switching between “data processing services.” For providers of cloud-based services (such as Infrastructure
On Aug. 11, 2022, the U.S. Consumer Financial Protection Bureau issued guidance indicating that financial institutions and service providers that fail to adopt sufficient data security measures to protect consumer financial data may violate the Consumer Financial Protection Act provision prohibiting unfair acts and practices.
What types of documents, policies, procedures, and protocols should service providers consider putting in place to comply with the CCPA?
The written policies and procedures that service providers put into place to assist in their compliance with the CCPA differ depending upon several factors including the size of the service provider, the quantity of personal