Congress or FTC? What about SEC? Where U.S. federal privacy legislation efforts stand in 2023
By 
Aaron Nicodemus2023-02-28T14:00:00
Could Congress pass comprehensive federal data privacy legislation in 2023? If not, could another government agency step into the breach?
Experts believe there are several possibilities.
At the federal level, the regulation most likely to be enacted in 2023 with an impact on data privacy won’t come from Congress or the Federal Trade Commission (FTC) but could instead be contained within a cybersecurity rule under consideration by the Securities and Exchange Commission (SEC), said Vivek Mohan, partner at Gibson Dunn and former senior global privacy law and policy attorney at Apple.
Related articles
-
PremiumAs final CPRA rules trickle out, a reminder companies must ‘grow with the law’
If companies haven’t started the process of coming into compliance with the California’s sweeping new privacy law, they need to begin now.
-
News BriefIowa privacy bill signed into law; effective 2025
Iowa became the sixth U.S. state to pass comprehensive data protection legislation allowing residents control over how their personal information is accessed and shared.
-
OpinionTen things I’d like to see happen in 2023 (2022 in review)
Expect big developments for the compliance profession in 2022 to continue to take center stage in the year ahead, including CCO certifications, climate-related disclosures, and more.
More from Regulatory Policy
-
News BriefFinCEN again delays U.S. ban on three Mexican financial institutions
The order barring three Mexican financial institutions from doing business with U.S. financial institutions has been delayed until October.
-
Basic PageSEC taps military judge as Enforcement Division Director
The SEC has named Margaret “Meg” Ryan, a senior military judge and Harvard Law lecturer, as its next Enforcement Division Director—an unconventional pick that could signal changes in enforcement strategy.
-
ArticleCalifornia privacy regulator unveils new cyber, risk, and automation rules
Businesses operating in California will need to meet new, first-in-the-nation privacy requirements for cybersecurity, risk assessments, and automated decision-making technology, under a large expansion of rules by the state.