M³AAWG experts continue to keep their finger on the pulse of growing privacy laws and regulations. Here is a brief overview of what our members are keeping an eye on this month: 

US

• CPRA enforcement delay appealed
  • The California Privacy Protection Agency and California Attorney General Rob Bonta filed an appeal over a superior court decision to delay enforcement of California Privacy Rights Act regulations. In its appeal, the CPPA alleged the superior court decision on claims by the California Chamber of Commerce was grounded in a "single ambiguous section in the CPRA.” – read more
• CISA roadmap outlines cybersecurity objectives
  • The U.S. Cybersecurity and Infrastructure Security Agency released its 2024-26 cybersecurity roadmap, outlining nine objectives including outcome-based measures to reduce cybersecurity risk – read more
• NIST publishes draft Cybersecurity Framework 2.0, seeks feedback
  • The U.S. National Institute of Standards and Technology released a public draft of its Cybersecurity Framework 2.0. The agency is seeking feedback on whether the draft "addresses organizations' current and anticipated future cybersecurity challenges, is aligned with leading practices and guidance resources, and reflects comments received so far." The deadline for comments is 4 Nov. and the draft will be discussed during a to-be-scheduled fall workshop. – read more
• US senators urge FTC to probe YouTube, Google over alleged children's privacy violations
  • U.S. Sens. Edward Markey, D-Mass., and Marsha Blackburn, R-Tenn., are calling on the U.S. Federal Trade Commission to investigate reported children's privacy violations by YouTube and its parent company Google. The New York Times and Adalytics revealed the companies potentially violated a consent decree with the FTC and the Children's Online Privacy Protection Act. – read more

• Millions of Americans’ health data stolen after MOVEit hackers targeted IBM
  • A sensitive health data breach through hacks of file transfer service MOVEit affected at least three U.S. states, including Colorado, Missouri and Oregon.
  • Indiana's Medicaid database containing the personal health data of more than 744,000 residents was also accessed in the MOVEit incident. – read more

CANADA

• Office of the Privacy Commissioner of Canada (OPC): G7 Data Protection and Privacy Authorities’ Action Plan – read more

M³AAWG's Public Policy Committee has regular calls to discuss topics like these and how they impact our members, society, and anti-abuse efforts. Visit the M³AAWG Public Policy Comments page to review our official Public Policy submissions, including our latest Comments on ICANN Amendments to the Base gTLD RA and RAA to Modify DNS Abuse Contract Obligations. Stay tuned for monthly M³AAWG’s Public Policy Updates!