Two leading U.S. legislators have unveiled a bipartisan plan to enact the first comprehensive federal data privacy law. The proposed American Privacy Rights Act (APRA) largely mirrors common themes in the patchwork of state...more
On November 1, the New York Department of Financial Services (NYDFS) amended its cybersecurity regulations to set additional notification, administrative, training and technical requirements. The Amended Cybersecurity...more
The SEC has finalized rules requiring public companies to disclose information about cybersecurity incidents, risk management, strategy and governance. This guide to help public companies comply with SEC rules covers...more
The SEC has scheduled an open meeting on Wednesday to decide on the adoption of eagerly anticipated cybersecurity incident and governance reporting rules. If the agency adopts rules that align with what it proposed last year,...more
The Client: A telecommunications company with operations in California The Business Question: How should we adapt our strategy in an evolving privacy and antitrust environment? Our client competed in a digital advertising...more
Looking towards 2023, organizations should be mindful of the effective dates of several new state privacy laws in the U.S. Companies should review the new laws to evaluate their applicability and identify potential...more
9/16/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Popular ,
State Privacy Laws
The U.S. Legislature has proposed the first bipartisan comprehensive consumer data protection law, the American Data Privacy and Protection Act (ADPPA). If enacted, the United States would join over 100 countries and several...more
The Cybersecurity and Infrastructure Security Agency (“CISA”) released a “Sharing Cyber Event Information” Fact Sheet on April 7 that may preview its implementation of the new federal government cyber incident reporting...more
Update: UK international data transfer agreement and UK addendum to the EU standard contractual clauses now in force In February, the Information Commissioner’s Office (“ICO”), the United Kingdom (UK) data protection...more
On March 10 2022, the UK Information Commissioner’s Office (ICO) handed down its first Monetary Penalty Notice in respect of a ransomware attack and data exfiltration incident under the UK General Data Protection Regulation...more
To help your company get its United States (U.S.) state privacy compliance program on the right track in 2022, Orrick's Cyber' Privacy & Data Innovation Group has analyzed the differences between key topics for the California...more
3/15/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Personal Information ,
State Privacy Laws
On February 9, 2022, the Securities and Exchange Commission (SEC) proposed expansive new rules addressing cybersecurity risk management for registered investment advisers (advisers) and investment companies (funds). The...more
Environmental, social, and governance (ESG) factors are increasingly a key area of focus for investors and stakeholders. Businesses today are expected to have policies and strategies focused on long-term value creation and to...more
The California Privacy Rights Act (CPRA) became law on December 16, 2020, and amended the California Consumer Privacy Act (CCPA). When the CPRA becomes fully operative on January 1, 2023, these important changes, among...more
Significant developments in artificial intelligence, cybersecurity and consumer privacy occurred across the globe in 2021 with the anticipation of more activity in 2022. Our roundup for the year captures some of the major...more
Across the United States (U.S.), 2021 was a busy year for legislative and regulatory-related consumer privacy developments. Our roundup captures some of the major updates that occurred in states throughout the year. We will...more
Artificial Intelligence (AI) has the potential to create breakthrough advances in a wide range of industries, while raising legal and ethical questions that will likely define the next era of technological advancement. ...more
11/19/2021
/ Algorithms ,
Artificial Intelligence ,
Cybersecurity ,
EU ,
European Commission ,
Federal Trade Commission (FTC) ,
FTC Act ,
GAO ,
Machine Learning ,
Popular ,
Proposed Regulation ,
Regulatory Oversight
As cybersecurity incidents become increasingly complex, your initial response to a potential cybersecurity crisis matters. The decisions that you make in the first 24 to 48 hours of a potential cybersecurity incident can have...more
11/4/2021
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Incident Response Plans ,
Policies and Procedures ,
Popular ,
Risk Management ,
Risk Mitigation
On September 21, 2021, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) announced several actions focused on disrupting criminal digital finance infrastructure, including virtual currency...more
10/13/2021
/ Cryptocurrency ,
Cyber Attacks ,
Cybersecurity ,
Department of Justice (DOJ) ,
Digital Currency ,
Enforcement Actions ,
International Emergency Economic Powers Act (IEEPA) ,
Office of Foreign Assets Control (OFAC) ,
Popular ,
Ransomware ,
Risk Mitigation ,
Sanctions ,
SDN List ,
Virtual Currency
On June 10, 2021, China’s national legislature – the Standing Committee of the National People's Congress passed the Data Security Law (the “DSL”). The DSL (see here for a non-official English translation) took effect on...more
On June 7, 2021, the European Commission (Commission) published its long-awaited Implementing Decision adopting standard contractual clauses for the transfer of personal data to third countries referred to as the new Standard...more
The French data protection authority, La Commission nationale de l’informatique et des libertés ("CNIL"), one of Europe's ("EU") most active data protection regulators, has continued to focus on the lawfulness of the use of...more
Nevada recently enacted an amendment that will significantly expand the scope of its existing online privacy law, SB260. Effective October 1, 2021, the amended law will impose additional obligations on qualifying “data...more
How can your business prepare for The California Privacy Rights Act (CPRA) ramp-up in 2021? The CPRA is scheduled to become effective in January 2023. Preparations will occur over the next two years, including establishing...more
On October 21, 2020, a draft of China’s Personal Information Protection Law (the “Draft PIPL”) was released for public comment on the website of China’s National People’s Congress – the national legislature. The comment...more