CM Privacy, Data and Cybersecurity Group: Updates You Need to Know for 2022

CM Privacy, Data and Cybersecurity Group: Updates You Need to Know for 2022

Today, January 28th, is international Data Privacy Day! Our Privacy, Data and Cybersecurity Practice Group highlights a few recent legal developments, surprises, and resources you will want to have on your radar screen in 2022.

For additional information, please click here to visit the Privacy, Data and Cybersecurity Practice Group’s page on our website or contact Linda Priebe at

Here is what our Privacy, Data and Cybersecurity Practice Group has to share:

Data Privacy Day January 28, 2022                 

Is your organization ready? Escalating calls from consumers, legislators and regulators in the U.S. and abroad are demanding stronger restrictions on collection, use and sharing of Personal Data, making 2022 The Year of Privacy.

Culhane Meadows’ Privacy, Data & Cybersecurity Practice Group wants your organization to be prepared when the inevitable questions arise about your data privacy practices and protections. Below are recent legal developments, surprises, and resources to help you avoid data privacy questions and concerns in 2022. Culhane Meadows stands ready to help your organization avoid scrutiny on Privacy Day and every day!  More information about our services is at

NOYB Gears Up for 10,000 GDPR Complaints in 2022 (Linda V. Priebe, CIPP/E, Partner & Chair Privacy, Data & Cybersecurity Practice Group)

None Of Your Business (NOYB) is the nonprofit legal advocacy group founded by Max Schrems, the Austrian lawyer credited with both the U.S.-EU Safe Harbor and EU-U.S. Privacy Shield data protection compliance mechanisms being struck down by the Court of Justice of the European Union (CJEU). Over 5,000 medium, small, and large U.S. companies relied on Safe Harbor and/or Privacy Shield certification to conduct European business in compliance with EU data protection laws. NOYB’s funding, legal team and network of private lawyers has continued to grow with 101 complaints filed in 2020 challenging EU-U.S. data transfers. In 2022 NOYB is gearing up to file between 5,000 and 10,000 complaints under the EU General Data Protection Regulation (GDPR). Now is a great time to update your GDPR compliance. It’s ‘None of Your Business’: The Privacy Nonprofit Founded by Lawyer Max Schrems Is Gearing Up | Corporate Counsel

The California Privacy Rights Act & More (Caroline A. Morgan, Partner)

The New Year effectively kicked off the start to the California Privacy Rights Act (CPRA), also known as CCPA 2.0 for its amendment and expansion of the California Consumer Privacy Act. CPRA provides new privacy rights like the right to correction, expands existing rights, and adopts new principles like data minimization and purpose limitation. Significantly, it also includes a new category of data called sensitive personal information. Though most of CPRA’s provisions do not take effect until January 1, 2023, it contains a lookback period to January 1, 2022. Businesses within the scope of CPRA should begin incorporating the new law’s requirements into their data collection and use practices now since enforcement authorities can scrutinize a company’s actions dating back to January 1 of this year.

Other new U.S. privacy laws businesses should beware of are the Virginia Consumer Data Protection Act (“VCDPA”) and the Colorado Privacy Act (“CPA”), enacted in March and July 2021, respectively. Though both laws do not go into effect until 2023, businesses can better prepare by revisiting their compliance programs now. Similar to CCPA, VCDPA and CPA are comprehensive state data privacy laws that provide their residents enhanced privacy rights. In addition to personal data, both include sensitive data which is personal data that reveals a number of things ranging from religious beliefs to citizenship or immigration status.

Unlike CCPA and CPA, VCDPA does not grant the attorney general rulemaking authority. Rather, changes to VCDPA are made by the Virginia legislature. Currently, a number of amendments are being considered which could impact a business’ compliance strategy, including narrowing the right to cure and broadening the ability to impose penalties. Stay tuned for further privacy updates as we monitor amendments to VCDPA!

As data privacy laws continue to strengthen in the U.S. and abroad in 2022 ALL companies will benefit from reviewing and updating their compliance program sooner rather than later.

The downloadable PDF version of this article can be found here.

About Culhane MeadowsBig Law for the New Economy®
The largest woman-owned national full-service business law firm in the U.S., Culhane Meadows fields over 70 partners in eleven major markets across the country. Uniquely structured, the firm’s Disruptive Law® business model gives attorneys greater work-life flexibility while delivering outstanding, partner-level legal services to major corporations and emerging companies across industry sectors more efficiently and cost-effectively than conventional law firms. Clients enjoy exceptional and highly-efficient legal services provided exclusively by partner-level attorneys with significant experience and training from large law firms or in-house legal departments of respected corporations. U.S. News & World Report has named Culhane Meadows among the country’s “Best Law Firms” in its 2014 through 2022 rankings and many of the firm’s partners are regularly recognized in Chambers, Super Lawyers, Best Lawyers and Martindale-Hubbell Peer Reviews.

The foregoing content is for informational purposes only and should not be relied upon as legal advice. Federal, state, and local laws can change rapidly and, therefore, this content may become obsolete or outdated. Please consult with an attorney of your choice to ensure you obtain the most current and accurate counsel about your particular situation.