Page 267 - Cyber Defense eMagazine Annual RSA Edition for 2024

P. 267

July 1, 2024 — Businesses subject to the Colorado Privacy Act must recognize the Global Privacy Control
universal opt-out mechanism.

October 1, 2024 — Businesses subject to the Connecticut Data Privacy Act must stop selling child
personal data, collecting precise geolocation data on children, using any system design feature to
“significantly increase, sustain, or extend” any minor’s use of such online service, product, or feature, and
processing children’s personal data for targeted advertising.

October 18, 2024 — Businesses subject to the European Union General Data Protection Regulation must
update their cybersecurity procedures to comply with a new network and information security directive.

December 15, 2024 — All public companies must begin tagging cybersecurity disclosures in their Form
10-K in Inline XBRL.

December 18, 2024 - All public companies must begin tagging material cybersecurity incident disclosures
in their Form 8-K in Inline XBRL.

This article was written as of April 15, 2024

About the Authors

Sarah Hutchins is a partner with Parker Poe and leads the firm’s Cybersecurity &
Data Privacy team. Based in Charlotte, Sarah’s practice focuses on privacy and
information security law.

Sarah Hutchins can be reached online at [email protected] and at our
company website https://www.parkerpoe.com/.

Robert Botkin, an associate with Parker Poe, helps clients of all sizes navigate
privacy and security issues across different industries. He is based in Raleigh.

Robert Botkin can be reached online at [email protected] and at our
company website https://www.parkerpoe.com/.

Parker Poe law clerk Hunter Snowden also contributed to this article.

267

262 263 264 265 266 267 268 269 270 271 272