Biometric building access controls (i.e., “smart access” technologies) have become increasingly popular among residential and commercial property managers for the enhanced security benefits that these solutions provide. The...more
11/2/2023
/ Biometric Information ,
Biometric Information Privacy Act ,
Class Action ,
Commercial Leases ,
Commercial Property Owners ,
Commercial Real Estate Market ,
Commercial Tenants ,
Landlords ,
Property Managers ,
Rental Property ,
Residential Real Estate Market ,
Risk Management ,
Tenants
As a significant step in its ongoing initiatives on the disclosure, management, and oversight of cybersecurity risks and incidents, on July 26, 2023, the US Securities and Exchange Commission (SEC or Commission) adopted rules...more
7/31/2023
/ Compliance ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Foreign Private Issuers ,
Form 10-K ,
Form 8-K ,
Publicly-Traded Companies ,
Regulation S-K ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation ,
Smaller Reporting Companies ,
Third-Party Risk ,
XBRL Filing Requirements
On July 10, 2023, the European Commission adopted an adequacy decision for the new EU-US Data Privacy Framework (“DPF”), the revamped transatlantic framework designed to support transfers of personal data from the EU to...more
7/19/2023
/ Adequacy Requirement ,
Binding Corporate Rules ,
Certification Requirements ,
Data Privacy ,
EU ,
Executive Orders ,
Framework Agreement ,
International Data Transfers ,
Personal Data ,
Privacy Framework ,
Standard Contractual Clauses ,
Switzerland ,
UK
The SEC continues its overhaul of cybersecurity, cyber incident reporting, and privacy controls and requirements for industry registrants, their services providers, and corporate America generally.
On March 15, 2023, the SEC...more
4/14/2023
/ Broker-Dealer ,
Compliance ,
Covered Entities ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Disposal Protocols ,
Financial Industry Regulatory Authority (FINRA) ,
Incident Response Plans ,
Mutual Funds ,
Personal Information ,
Policies and Procedures ,
Proposed Rules ,
Registered Investment Advisors ,
Regulation S-P ,
Safeguards Rule ,
Securities and Exchange Commission (SEC) ,
Sensitive Personal Information
On March 10, 2023, the US Federal Deposit Insurance Corporation took control of the assets of Silicon Valley Bank (SVB). In light of SVB’s closure, many venture firms and emerging companies are establishing new accounts with...more
On June 4, 2021, the European Commission (the “EC”) abolished the old Standard Contractual Clauses (the “Old SCCs”) and published a new more flexible set of clauses (the “New SCCs”) for companies that wish to export personal...more
On October 7, 2022, President Biden signed an Executive Order on “Enhancing Safeguards for United States Signals Intelligence Activities,” establishing new privacy safeguards and oversight mechanisms for foreign intelligence...more
10/10/2022
/ Administrative Review Board ,
Biden Administration ,
Civil Liberties ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
EU ,
EU-US Privacy Shield ,
Executive Orders ,
Foreign Intellgence ,
International Data Transfers ,
National Intelligence Agencies ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Surveillance
As a significant step in its ongoing initiatives on the disclosure, management and oversight of cybersecurity risks and incidents, on March 9, 2022 the U.S. Securities and Exchange Commission (SEC) proposed new rules that...more
The U.S. Securities and Exchange Commission is implementing a campaign to overhaul the agency’s expectations around cybersecurity and cyber incident reporting for the financial services industry and corporate America...more
2/15/2022
/ Broker-Dealer ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Collection ,
Disclosure Requirements ,
Financial Services Industry ,
Investment Adviser ,
Investment Companies ,
Popular ,
Proposed Rules ,
Publicly-Traded Companies ,
Regulation S-P ,
Regulation SCI ,
Securities and Exchange Commission (SEC) ,
Third-Party Service Provider
On February 9, 2022, the U.S. Securities and Exchange Commission (“SEC”) proposed a package of new rules and amendments to enhance cybersecurity preparedness and improve cyber resilience of investment advisers and investment...more
2/11/2022
/ Comment Period ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Disclosure Requirements ,
Investment Adviser ,
Investment Advisers Act of 1940 ,
Investment Companies ,
Investment Company Act of 1940 ,
New Rules ,
Policies and Procedures ,
Proposed Rules ,
Public Comment ,
Recordkeeping Requirements ,
Reporting Requirements ,
Securities and Exchange Commission (SEC)
There is little doubt that the U.S. Securities and Exchange Commission is making cybersecurity a top priority. SEC Chair Gary Gensler told a Senate committee on Tuesday, September 14, 2021 that the agency is developing a...more
9/16/2021
/ Broker-Dealer ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Information Security ,
Investment Adviser ,
Investment Advisers Act of 1940 ,
Investment Firms ,
Personally Identifiable Information ,
Phishing Scams ,
Policies and Procedures ,
Regulation S-P ,
Safeguards Rule ,
Sanctions ,
Securities and Exchange Commission (SEC)
I. OVERVIEW -
The U.S. Food & Drug Administration (“FDA”) has increased its focus on mitigating cybersecurity risks in medical device software. On June 24, 2021, the FDA issued two documents that are important not only...more
On August 20, the People’s Republic of China became the latest global economic powerhouse to pass an omnibus privacy law. Titled the Personal Information Protection Law (“PIPL”), the law was adopted by the Standing Committee...more
9/3/2021
/ China ,
Consent ,
Data Privacy ,
Data Processing Rules ,
Enforcement ,
Extraterritoriality Rules ,
International Data Transfers ,
New Legislation ,
Personal Information ,
Personal Information Protection Law (PIPL) ,
Personally Identifiable Information ,
Privacy Laws ,
Sensitive Personal Information
The dust has settled on the new EU standard contractual clauses for cross-border data transfers (“New SCCs”), but confusion still reins on how the New SCCs cover data transfers and what companies need to do to take advantage...more
8/27/2021
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Transfers ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Impact Assessments ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
On July 7, 2021, Colorado Governor Jared Polis signed the Colorado Privacy Act (“CPA”) into law. The CPA will take effect on July 1, 2023 and joins the California Consumer Privacy Act (“CCPA”), the California Privacy Rights...more
7/29/2021
/ Consent ,
Consumer Privacy Rights ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Subjects Rights ,
Enforcement ,
Notice Requirements ,
Opt-Outs ,
Penalties ,
Personal Data ,
Personally Identifiable Information ,
Sensitive Personal Information ,
State Privacy Laws
The exponential rise in ransomware attacks in the past year has everyone on high alert, not least of which are regulators. Following on the heels of a June 2, 2021 White House memo addressing ransomware prevention, on June...more
Since its passage almost three years ago, the California Consumer Privacy Act (“CCPA”) has offered California-based consumers certain rights over the personal information companies collect and process about them.
While...more
6/15/2021
/ California Consumer Privacy Act (CCPA) ,
Consumer Data Requests ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Intellectual Property Protection ,
Multinationals ,
Personal Data ,
Proprietary Information ,
Trade Secrets
By this point, most businesses that regularly send and receive funds electronically have heard about the risk of wire fraud scams in which an intruder changes wiring instructions and diverts funds to its own account,...more
6/14/2021
/ Best Practices ,
Business E-Mail Compromise (BEC) ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Phishing Scams ,
Portfolio Companies ,
Private Equity Firms ,
Spoofing ,
Wire Fraud ,
Wire Transfers
On May 12, President Biden signed an Executive Order on Improving the Nation’s Cybersecurity. The order comes on the heels of a number of recent widely reported cybersecurity crises, including the Solar Winds and Microsoft...more
5/27/2021
/ Best Practices ,
Biden Administration ,
Cyber Threats ,
Cybersecurity ,
Data Security ,
Executive Orders ,
Federal Contractors ,
Incident Response Plans ,
Internet of Things ,
NIST ,
Popular ,
Private Sector ,
Software Developers ,
Supply Chain
Millions of vaccinated Americans — now maskless — surely can’t wait to rekindle their love affair with their iPhone’s facial recognition technology. Meanwhile, these same people are probably less eager for the bars,...more
5/19/2021
/ Biometric Information ,
Consumer Privacy Rights ,
Cure Periods ,
Data Collection ,
Data Privacy ,
Data Sellers ,
Data Use Policies ,
Data-Sharing ,
Exceptions ,
Facial Recognition Technology ,
Fingerprints ,
Personally Identifiable Information ,
Privacy Laws ,
Remedies ,
Written Notice
New York City tenants harboring “big brother” concerns over landlords abusing data collected through smart access (i.e., keyless entry) systems will soon be able to rest easier. Following California, Virginia, and the British...more
5/14/2021
/ Consent ,
Data Collection ,
Data Deletion ,
Data Privacy ,
Data Protection ,
Data Retention ,
Data Security ,
Data Use Policies ,
Data-Sharing ,
Landlords ,
Mayor de Blasio ,
Pending Legislation ,
Privacy Laws ,
Privacy Policy ,
Private Right of Action ,
Property Managers ,
Property Owners ,
Tenants
Risks of non-compliance with the GDPR keep increasing with data protection authorities (DPAs) now ordering suspension of transfers of personal data to the U.S. In March, the Bavarian DPA found there was an unlawful transfer...more
On 21 April 2021, the European Commission unveiled a proposal for an EU Artificial Intelligence Regulation (“Proposal”). The Proposal recognizes that AI offers significant benefits and opportunities for the EU market, but...more
4/27/2021
/ Artificial Intelligence ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Distributors ,
EU ,
European Commission ,
Fines ,
Importers ,
Member State ,
Proposed Regulation ,
Recordkeeping Requirements ,
Registration Requirement ,
Regulatory Oversight ,
Transparency
On 31 March 2021 the Dutch Data Protection Authority (DPA) announced that it fined the online reservation platform Booking.com €475,000 for failing to notify the DPA of a data breach within the timeline established in the...more
In early March, the New York State Department of Financial Services (“NYDFS”) announced a consent order that required Maine-based mortgage servicer Residential Mortgage Services, Inc. (“Residential”) to pay a $1.5 million...more
3/23/2021
/ Banking Sector ,
Business E-Mail Compromise (BEC) ,
Consent Order ,
Covered Entities ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Security ,
Failure to Report ,
Financial Institutions ,
Financial Services Industry ,
Mortgage Servicers ,
Non-Public Information ,
NYDFS ,
Personally Identifiable Information ,
Sensitive Personal Information