On July 26, 2023, the Securities and Exchange Commission (SEC) adopted the long-awaited final rule requiring that public companies disclose information about cybersecurity incidents within four business days of determining the incident is material. GT wrote about the proposed rule shortly after it was released in March 2022. For context, Commissioner Caroline Crenshaw noted, in
The IAPP Global Privacy Summit 2023, held April 4-5 in Washington, D.C., will bring together thousands of privacy pros from around the world for a comprehensive data privacy conference. The event will provide critical updates from key figures in the privacy field and offer new strategies and best practices. From technology and advertising to
No.
The regulations implementing the CCPA require that in-scope businesses must provide two or more designated methods of submitting requests to opt-out, including an interactive form accessible via a clear and conspicuous link titled “Do Not Sell My Personal Information,” on the business’s website or mobile application.[1]
In addition to the “DNSMPI” link noted
Yes.
Where a global privacy control (“GPC”) conflicts with a consumer’s existing business-specific privacy setting or their participation in a business’s financial incentive program, the business must respect the GPC, but may notify the consumer of the conflict and give the consumer the choice to confirm the business-specific privacy setting or participation in the financial
No.
A group of privacy advocates and privacy software companies has proposed an “unofficial” specification for how consumers might transmit, and how companies might receive, a global privacy opt-out signal that indicates an intention for information not to be sold. As of 12 October 2020, the draft “Global Privacy Control specification” claims to have “no
A group of privacy advocates, publishers, and privacy software companies have proposed an “unofficial” specification for how consumers might transmit, and how companies might receive, a global privacy opt-out signal that indicates an intention for information not to be sold. They refer to their specification as the Global Privacy Control header, “GPC header,” or “GPC