California employers' reprieve from obligations to employees to disclose data privacy practices and provide access rights to employees appears to be coming to an end as the California Privacy Rights Act (CPRA) becomes...more
10/12/2022
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Compliance ,
Confidential Communications ,
Data Collection ,
Data Privacy ,
Disclosure Requirements ,
Notice Requirements ,
Opt-Outs ,
Personal Information ,
Policies and Procedures ,
Privacy Laws
In a long anticipated development, on August 24 California Attorney General Rob Bonta ("Cal AG") announced the state's first monetary penalty under the California Consumer Privacy Act ("CCPA"), in a settlement with the beauty...more
On August 2, in its first ever cryptocurrency enforcement action, the New York State Department of Financial Services ("NYDFS") announced it had imposed a $30 million fine on Robinhood Crypto, LLC ("RHC") for failures in its...more
8/15/2022
/ Bank Secrecy Act ,
BSA/AML ,
Business Licenses ,
Consent Order ,
Cryptocurrency ,
Enforcement Actions ,
New York ,
Noncompliance ,
Notice Requirements ,
NYDFS ,
Regulatory Violations ,
State and Local Government ,
Virtual Currency
This week, on Tuesday May 10, 2022, Connecticut Gov. Ned Lamont approved Connecticut Senate Bill 6, an Act Concerning Personal Data Privacy and Online Monitoring (the "Connecticut Privacy Act"). Governor Lamont’s approval...more
5/19/2022
/ Connecticut ,
Consent ,
Consumer Privacy Rights ,
Data Collection ,
Data Protection ,
Enforcement ,
GLBA Privacy ,
Governor Lamont ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
Opt-Outs ,
Personal Data ,
State Privacy Laws
Continuing efforts at the state level to establish a data privacy framework in the US, a fourth state has passed a comprehensive consumer privacy law. Utah has joined the ranks of Colorado, California and Virginia after...more
On March 9, 2022, the Securities and Exchange Commission ("SEC") proposed rules that would require public companies to make prescribed cybersecurity disclosures. The proposed rules would "strengthen investors' ability to...more
3/15/2022
/ Broker-Dealer ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Investment Adviser ,
Investment Companies ,
Investors ,
Proposed Rules ,
Publicly-Traded Companies ,
Risk Management ,
Securities and Exchange Commission (SEC)
With data privacy laws tightening and cyberattacks on the rise, due diligence of technology networks and data processes should be a top priority for dealmakers -
May 2021 saw one of the most high-profile cyberattacks in US...more
As state and federal legislatures across the United States continue to contemplate comprehensive data protection legislation, two pending laws—the California Privacy Rights Act (CPRA) and the Virginia Consumer Data Protection...more
Ninth Circuit Decision Highlights Importance of Updating Risk Factors to Address Material Developments, including those relating to Cybersecurity Risks.
As companies prepare their periodic reports with the SEC, a recent...more
Colorado has joined California and Virginia in enacting comprehensive data privacy legislation after Governor Jared Polis signed the Colorado Privacy Act into effect yesterday. The enactment of the Colorado Privacy Act...more
Consistent with its increasing activity in the cybersecurity enforcement space, in March 2021, the NYDFS issued its first penalty under the Cybersecurity Regulation. This client alert explores the settlement and offers...more
On March 2, 2021, Governor Ralph Northam of Virginia signed the Consumer Data Protection Act ("CDPA") into law, after it passed both houses of the legislature with overwhelming support. This new legislation is set to take...more
Hot on the heels of the California Attorney General's rulemaking process for the California Consumer Privacy Act ("CCPA"), California voters have passed a ballot initiative to expand and create new privacy rights for...more
On October 28, 2020, a coalition of US government entities consisting of the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services...more
11/9/2020
/ Best Practices ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
FBI ,
Hackers ,
Health Care Providers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Office of Foreign Assets Control (OFAC) ,
Popular ,
Ransomware
As companies across industries continue to take advantage of existing and emerging technologies that involve the collection and use of human biometric identifiers, corporate privacy programs must take into account the unique...more
11/9/2020
/ Article III ,
Artificial Intelligence ,
Big Tech ,
Biometric Information ,
Biometric Information Privacy Act ,
Compliance ,
Cybersecurity ,
Data Collection ,
Data Retention ,
Emerging Technologies ,
IL Supreme Court ,
Innovative Technology ,
Popular ,
Regulatory Oversight ,
Robotics ,
Standing ,
State Data Breach Notification Statutes
On October 1, 2020, the US Department of the Treasury's Office of Foreign Assets Control ("OFAC") issued an advisory opinion on the sanctions risks associated with certain cyberattacks ("OFAC Guidance"). The OFAC Guidance...more
10/12/2020
/ Compliance ,
Cyber Attacks ,
Cybersecurity ,
Economic Sanctions ,
New Guidance ,
Office of Foreign Assets Control (OFAC) ,
Ransomware ,
Risk Assessment ,
Risk Management ,
Sanction Violations ,
SDN List ,
U.S. Treasury
In the past few years, cybersecurity has taken on increasing importance in the eyes of lawmakers and regulators. Traditionally, cybersecurity compliance that is tied to the protection of personal information generally has...more
9/10/2020
/ Corporate Counsel ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
FTC Act ,
LabMD ,
NYDFS ,
Popular ,
Regulatory Standards
On August 14, 2020, California’s Office of Administrative Law (“OAL”) approved the final version of the implementing regulations for the California Consumer Privacy Act (“Final Regulations”). The approval of these final...more
8/18/2020
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Compliance ,
Consumer Requests ,
Corporate Counsel ,
Data Security ,
Enforcement Actions ,
New Regulations ,
Notice and Comment ,
Notice Requirements ,
Personal Information ,
Privacy Policy ,
Recordkeeping Requirements ,
State Attorneys General ,
Verification Requirements
Irrespective of your industry, the current COVID-19 pandemic poses a new and unique challenge to organizations, their employees, and their customers. The emergence of COVID-19 has prompted organizations to collect and process...more
4/15/2020
/ Business Associates ,
California Consumer Privacy Act (CCPA) ,
Centers for Disease Control and Prevention (CDC) ,
Compliance ,
COPPA ,
Coronavirus/COVID-19 ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Employee Privacy Rights ,
Federal Trade Commission (FTC) ,
FERPA ,
Financial Industry Regulatory Authority (FINRA) ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
NYDFS ,
OCR ,
Patient Privacy Rights ,
Telehealth
The Securities and Exchange Commission (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) recently released a report summarizing best practices for securities market participants, including public companies,...more
The CCPA took effect on 1 January 2020, introducing significant compliance burdens for most businesses that collect personal information about California residents. The reach of the CCPA extends beyond California and the US;...more
2/1/2020
/ California Consumer Privacy Act (CCPA) ,
Compliance ,
Consumer Protection Laws ,
Consumer Rights Directive ,
Corporate Liability ,
Data Collection ,
Data Sellers ,
Data Subjects Rights ,
EU ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
Multinationals ,
Personal Data ,
Personal Information ,
Risk Assessment ,
UK ,
UK Data Protection Act
Your business complies with the General Data Protection Regulation ("GDPR") and/or Turkish Personal Data Protection Law numbered 6698 and its secondary legislation ("PDPL"); but does it comply with the California Consumer...more
1/8/2020
/ California Consumer Privacy Act (CCPA) ,
Compliance ,
Consumer Protection Laws ,
Covered Entities ,
Cross-Border Transactions ,
Data Buyers ,
Data Collection ,
Data Processors ,
Data Sellers ,
Disclosure Requirements ,
E-Commerce ,
Electronic Payment Transactions ,
General Data Protection Regulation (GDPR) ,
Internet Streaming ,
Online Gaming ,
Opt-Outs ,
Personal Information ,
Portability ,
Privacy Laws ,
Right of Access ,
Right to Be Forgotten ,
Risk Assessment ,
Risk Mitigation ,
Transparency ,
Turkey ,
Turkish Personal Data Protection Law (PDPL)
White & Case Technology Newsflash -
Fulfilling a company's data breach and cybersecurity incident notification and disclosure requirements is an increasing challenge. Companies operating across industry sectors and around...more
11/6/2019
/ Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Disclosure Requirements ,
Notification Requirements ,
Popular ,
Privacy Laws ,
Risk Management ,
State Data Breach Notification Statutes
White & Case Technology Newsflash With only 100 days left in 2019 as of the date of this publication, the California Consumer Privacy Act (CCPA) will be here before you know it. As we have described previously, the CCPA...more
9/24/2019
/ Amended Rules ,
California Consumer Privacy Act (CCPA) ,
Compliance ,
Consumer Protection Laws ,
Corporate Counsel ,
Data Collection ,
Data Sellers ,
Data-Sharing ,
Employee Training ,
Personal Information ,
Privacy Policy ,
Proposed Amendments ,
Transparency
New York recently amended its existing data breach notification law to expand the data breach notification obligations of persons and businesses (and state agencies) and impose specific data security requirements on persons...more
8/5/2019
/ Biometric Information ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NYDFS ,
Popular ,
SHIELD Act ,
State Data Breach Notification Statutes