The Court of Justice of the European Union (CJEU), the EU’s highest court, recently announced its significant Lindenapotheke decision, permitting companies to use the General Data Protection Regulation in business-to-business...more
Cybersecurity is a critical element of effective family office operations management, yet many family offices need to further prepare for the range of cybersecurity threats they may face. Family offices manage significant...more
The US Securities and Exchange Commission (SEC), Division of Corporation Finance on June 24, 2024 issued five Compliance and Disclosure Interpretations (C&DIs) on its website to address questions raised by its requirement for...more
The US Securities and Exchange Commission has adopted amendments to Regulation S-P requiring entities under its remit to provide notice to individuals affected by certain types of data breaches. This adds yet another...more
Technological advancements and cyber threats are keeping privacy and data security issues at the forefront of lawmaker and regulatory agency agendas on “the Hill,” in particular the US Federal Communications Commission (FCC),...more
With the flurry of new consumer privacy laws enacted in states across the country, it is vital for companies operating in multiple states to remain informed of this changing landscape in order to plan and execute their...more
The ever-evolving data privacy landscape continues to become more complex as new developments play out on the global stage. In the United States, a number of individual state laws have come into force, with more following in...more
The US Securities and Exchange Commission (SEC) adopted on July 26, 2023 final rules and amendments for mandating disclosure regarding cybersecurity risk management, strategy, governance, and incident reporting, including...more
8/2/2023
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 10-K ,
Form 8-K ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)
The California Consumer Privacy Act (CCPA) exemptions for employee and business-to-business (B2B) personal information have not been extended, further complicating the privacy regulatory landscape for businesses in...more
World events, such as the COVID-19 pandemic, have accelerated the need for business operations to grow more digitally reliant and driven. As the global network grows and becomes more interconnected, privacy and...more
9/15/2022
/ Biometric Information ,
Computer Fraud and Abuse Act (CFAA) ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Personal Information Protection Law (PIPL) ,
Popular
The US Securities and Exchange Commission (SEC) recently proposed a comprehensive framework of cybersecurity-related rules and amendments for investment advisers and investment companies. Although advisers and funds may have...more
China’s long-awaited Personal Information Protection Law (PIPL), after two rounds of draft versions, was finally passed by the Standing Committee of the National People's Congress on August 20, 2021, with the law effective...more
8/24/2021
/ China ,
Corporate Counsel ,
Cybersecurity ,
Data Controller ,
Data Processors ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personal Information ,
Popular ,
Regulatory Reform
The European Commission has finally approved two decisions on 28 June granting the United Kingdom the cherished status of having “adequate” data protection laws so that transfers of personal data from the European Union are...more
Virginia is on track to become the second state in the United States to pass a comprehensive data privacy law after the Virginia Consumer Data Protection Act (CDPA) quickly passed both houses of Virginia’s state legislature...more
2/19/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Protection ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Agenda ,
State and Local Government
The European Data Protection Board (EDPB) has finally released its much anticipated guidance following the Schrems II decision in July 2020, which invalidated the "Privacy Shield" system that allowed the transfer of personal...more
A majority of California voters approved the California Privacy Rights Act of 2020 (CPRA) on November 3. The CPRA expands provisions of the California Consumer Privacy Act (CCPA), creates new consumer privacy rights,...more
11/11/2020
/ Ballot Measures ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Retention ,
Data Sellers ,
Data-Sharing ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
State and Local Government
The US Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) recently issued an advisory to remind US businesses about some aspects of ransomware scams and attacks. ...more
California recently approved the final regulations to the California Consumer Privacy Act (CCPA), which took effect August 14, 2020. This article highlights some of the most notable changes to the final regulations and...more
9/1/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Office of Administrative Law Judges (OALJ) ,
Personal Data ,
Personally Identifiable Information ,
State and Local Government
The Court of Justice of the European Union (ECJ) has finally issued its decision on the validity of standard contractual clauses (SCCs) in the Irish Data Protection Commissioner’s referral to the ECJ for an opinion on the...more
7/20/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
Despite the coronavirus (COVID-19) pandemic, the California attorney general intends to enforce the California Consumer Privacy Act (CCPA) beginning July 1, 2020, pending the anticipated approval from the California Office of...more
6/26/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Information Governance ,
Office of Administrative Law ,
Personal Data ,
Personally Identifiable Information ,
State and Local Government ,
State Attorneys General
With the July 1 enforcement of the California Consumer Privacy Act (CCPA) less than a month away, the state attorney general has finally submitted the final text of the proposed CCPA regulations to the California Office of...more
6/4/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Office of Administrative Law ,
Personal Data ,
Personally Identifiable Information ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
With the July 1 enforcement of the California Consumer Privacy Act (CCPA) less than a month away, the state attorney general has finally submitted the final text of the proposed CCPA regulations to the California Office of...more
6/4/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Risk Management ,
Rulemaking Process ,
State and Local Government
Since the global coronavirus (COVID-19) pandemic began, attempted cyberattacks have increased dramatically. It is no longer a question of whether bad actors will target a company; it’s a question of when a cyberattack will...more
While the final CCPA regulations remain pending, written comments on the recently released proposed modifications are due by February 25, 2020. This article highlights some of the most notable changes to the proposed...more
2/19/2020
/ Anti-Discrimination Policies ,
California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Mobile Apps ,
Mobile Devices ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Regulatory Requirements ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
The landmark California Consumer Privacy Act (CCPA), which took effect on January 1, 2020, is the first privacy act of its kind in the United States and significantly alters the privacy and cybersecurity enforcement...more