Trends in Privacy and Data Security | Practical Law The Journal

As the National Security Agency (NSA) noted in its 2022 cybersecurity yearly review, “[c]yberspace is dangerous” (NSA: NSA Cybersecurity Year in Review: 2022). Reports of sophisticated cyberattacks and ransomware threats were prevalent in 2022. The government, manufacturers, and others further developed standards for securing digital infrastructure like 5G, cloud services, cryptography, internet protocols, and internet of things (IoT) devices. Organizations deployed zero trust cybersecurity strategies more frequently to close operational technology gaps. On the data privacy side, businesses now face an increasing array of state laws in the absence of comprehensive federal data protection regulation.

Organizations must keep up with the dynamic and increasing legal obligations governing privacy and data security, understand how they apply, monitor cyber risks and attack trends, and manage their compliance to minimize exposure. This article reviews important privacy and data security developments in 2022 and highlights key issues as the year ahead takes shape. It addresses:

(For the complete version of this article, which includes more on new federal and state regulations and legislation as well as private litigation and industry self-regulation and guidance, see Trends in Privacy and Data Security: 2022 on Practical Law.)

Several federal agencies issued guidance and took notable privacy and data security enforcement actions in 2022, including:

(For information on guidance and enforcement activity by the Securities and Exchange Commission (SEC), various other federal agencies, and the White House, see Trends…