There is little doubt that the U.S. Securities and Exchange Commission is making cybersecurity a top priority. SEC Chair Gary Gensler told a Senate committee on Tuesday, September 14, 2021 that the agency is developing a...more
9/16/2021
/ Broker-Dealer ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Information Security ,
Investment Adviser ,
Investment Advisers Act of 1940 ,
Investment Firms ,
Personally Identifiable Information ,
Phishing Scams ,
Policies and Procedures ,
Regulation S-P ,
Safeguards Rule ,
Sanctions ,
Securities and Exchange Commission (SEC)
The dust has settled on the new EU standard contractual clauses for cross-border data transfers (“New SCCs”), but confusion still reins on how the New SCCs cover data transfers and what companies need to do to take advantage...more
8/27/2021
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Transfers ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Impact Assessments ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
On July 7, 2021, Colorado Governor Jared Polis signed the Colorado Privacy Act (“CPA”) into law. The CPA will take effect on July 1, 2023 and joins the California Consumer Privacy Act (“CCPA”), the California Privacy Rights...more
7/29/2021
/ Consent ,
Consumer Privacy Rights ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Subjects Rights ,
Enforcement ,
Notice Requirements ,
Opt-Outs ,
Penalties ,
Personal Data ,
Personally Identifiable Information ,
Sensitive Personal Information ,
State Privacy Laws
Since its passage almost three years ago, the California Consumer Privacy Act (“CCPA”) has offered California-based consumers certain rights over the personal information companies collect and process about them.
While...more
6/15/2021
/ California Consumer Privacy Act (CCPA) ,
Consumer Data Requests ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Intellectual Property Protection ,
Multinationals ,
Personal Data ,
Proprietary Information ,
Trade Secrets
New York City tenants harboring “big brother” concerns over landlords abusing data collected through smart access (i.e., keyless entry) systems will soon be able to rest easier. Following California, Virginia, and the British...more
5/14/2021
/ Consent ,
Data Collection ,
Data Deletion ,
Data Privacy ,
Data Protection ,
Data Retention ,
Data Security ,
Data Use Policies ,
Data-Sharing ,
Landlords ,
Mayor de Blasio ,
Pending Legislation ,
Privacy Laws ,
Privacy Policy ,
Private Right of Action ,
Property Managers ,
Property Owners ,
Tenants
Risks of non-compliance with the GDPR keep increasing with data protection authorities (DPAs) now ordering suspension of transfers of personal data to the U.S. In March, the Bavarian DPA found there was an unlawful transfer...more
On 21 April 2021, the European Commission unveiled a proposal for an EU Artificial Intelligence Regulation (“Proposal”). The Proposal recognizes that AI offers significant benefits and opportunities for the EU market, but...more
4/27/2021
/ Artificial Intelligence ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Distributors ,
EU ,
European Commission ,
Fines ,
Importers ,
Member State ,
Proposed Regulation ,
Recordkeeping Requirements ,
Registration Requirement ,
Regulatory Oversight ,
Transparency
On March 2, 2021, Virginia enacted the Consumer Data Protection Act (“VCDPA”). The VCDPA will become effective January 1, 2023. The VCDPA shares its roots with the California Consumer Protection Act (“CCPA”) and the recently...more
3/9/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Acts ,
Data Security ,
Data Sellers ,
Data-Sharing ,
Enforcement Actions ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Sensitive Personal Information
Earlier this year, the European Data Protection Board (“EDPB”) issued additional guidance on the application of the General Data Protection Regulation (“GDPR”) in the area of scientific health research.
In key takeaways...more
3/5/2021
/ Consent ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
Personal Data ,
Scientific Research