UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
President Biden Issues Cybersecurity Executive Order -
On May 12, 2021, President Biden issued an executive order that placed new standards on the...more
8/10/2021
/ Article III ,
Biden Administration ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Executive Orders ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Technology ,
Mobile Apps ,
Personal Data ,
Popular ,
Ransomware ,
SCOTUS ,
Standing ,
TransUnion LLC v Ramirez
Introduction Colorado has joined California and Virginia as the third state with a comprehensive data privacy law. On July 7, 2021, Colorado Governor Polis signed the Act into law, following the Colorado Senate's passage of...more
7/8/2021
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Controller ,
Data Management ,
Data Privacy ,
Data Processors ,
Data Protection ,
Information Governance ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Standards ,
State and Local Government
President Biden's Executive Order calls for an extensive reassessment and revamping of the federal government's cybersecurity defenses and incident response capabilities, establishing benchmarks that may inform standards...more
The Situation: On May 12, 2021, President Biden issued an "Executive Order on Improving the Nation's Cybersecurity," which calls for "bold" and extensive action designed to update and standardize requirements and procedures...more
The General Services Administration ("GSA") is including language regarding cybersecurity requirements in requests for proposals relating to certain IT governmentwide acquisition contracts ("GWACs"). Certain requirements will...more
The FAA's new regulations provide long-awaited relief for commercial drone users and assurances to the security community.
On January 15, 2021, the Federal Aviation Administration ("FAA") issued two significant final...more
The Situation: As we advised in our recent Commentary, federal banking regulators have proposed rules requiring a banking organization to provide its primary federal regulator with prompt notification of any...more
United States -
Regulatory—Policy, Best Practices, and Standard -
NIST Unveils Draft Guidance to Protect Critical Infrastructure -
On October 22, 2020, the National Institute of Standards and Technology ("NIST")...more
1/8/2021
/ CNIL ,
Consumer Privacy Rights ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
NIST ,
Personal Data ,
Popular ,
Risk Management
The Situation: Although the deadline keeps getting extended, e-commerce merchants and payment processors across the European Union are racing to implement the strong customer authentication ("SCA") requirements of the Revised...more
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
NIST Releases Revision to Security Standard -
On September 23, the National Institute of Standards and Technology ("NIST") released Revision 5 to...more
The Situation: Less than one year after the California Consumer Privacy Act ("CCPA") became effective, California voters approved the California Privacy Rights Act ("CPRA"), a consumer privacy ballot initiative that amends...more
11/6/2020
/ Advertising ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Popular
On October 12, 2020, the California Attorney General released a third set of proposed modifications to the California Consumer Privacy Act ("CCPA") regulations.
On October 12, 2020, the California Attorney General issued...more
As the United States and other countries gradually ease stay-at-home orders and mandatory lockdowns, data-driven technologies have become increasingly discussed as a potential strategy for tracing and mitigating the further...more
7/13/2020
/ Biometric Information ,
Contact Tracing ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Privacy ,
Employer Liability Issues ,
Employer Responsibilities ,
Federal Trade Commission (FTC) ,
Health and Safety ,
Infectious Diseases ,
Popular ,
Private Sector ,
Re-Opening Guidelines ,
Workplace Safety
The Attorney General requested expedited review by the Office of Administrative Law and asked that the regulations become effective upon filing with the Secretary of State.
On June 1, 2020, the Office of the California...more
The Situation: The global spread of the novel coronavirus (COVID-19) has prompted the workforce to migrate from the office to remote-working environments and businesses to adopt new data collection, use, and disclosure...more
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
Cybersecurity Standards Issued for Government Contractors -
On January 31, the Office of the Under Secretary of Defense for Acquisition and...more
4/1/2020
/ 5G Network ,
Artificial Intelligence ,
Canada ,
China ,
CNIL ,
Computer Fraud and Abuse Act (CFAA) ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
Department of Defense (DOD) ,
EU ,
European Commission ,
Executive Orders ,
Federal Trade Commission (FTC) ,
FERC ,
GAO ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Commissioner's Office (ICO) ,
Japan ,
Latin America ,
National Security ,
NIST ,
OCIE ,
OCR ,
Online Safety for Children ,
People's Bank of China ,
Public Health Emergency ,
Securities and Exchange Commission (SEC) ,
Social Media ,
State Attorneys General ,
Telehealth ,
Trump Administration ,
Unmanned Aircraft Systems
The Situation: Four months after releasing the initial draft proposed regulations to the California Consumer Privacy Act ("CCPA") of 2018, the California Attorney General ("Attorney General") issued modifications to these...more
2/21/2020
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Protection ,
Notice Requirements ,
Opt-Outs ,
Privacy Policy ,
Proposed Regulation ,
Public Comment ,
Right To Know ,
State Attorneys General
On January 16, 2020, a federal judge held that Michigan's Personal Privacy Protection Act applies to nonresidents who are located outside the state. The decision, Lin v. Crain Communications, No. 19-11889 (E.D. Mich. January...more
In light of the increasingly heightened cybersecurity risk environment facing the financial services industry and other critical business sectors, on January 16, 2020, the Office of the Comptroller of the Currency and the...more
The Situation: On January 1, 2020, the California Consumer Privacy Act of 2018 ("CCPA") goes into effect, with enforcement by the California attorney general ("attorney general") to begin six months after the final...more
10/25/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Employee Privacy Rights ,
New Amendments ,
Privacy Laws ,
Proposed Regulation ,
Public Comment ,
Public Hearing
As the legislative session came to a close last week, the California Legislature passed five bills that amend the California Consumer Privacy Act ("CCPA"). Here are the five bills that are now headed to the governor for...more
9/24/2019
/ Amended Legislation ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action
Whistleblower programs that previously focused on traditional concerns such as accounting and FCPA issues should now consider expanding to incorporate company IT and information security teams and account for data protection...more
8/8/2019
/ Cisco ,
Cybersecurity ,
Data Protection ,
False Claims Act (FCA) ,
Federal Contractors ,
Foreign Corrupt Practices Act (FCPA) ,
Hackers ,
NIST ,
Popular ,
Subcontractors ,
Whistleblower Protection Policies ,
Whistleblowers
Musical.ly app receives $5.7 million fine for collecting personal information in violation of the Children's Online Privacy Protection Act
On February 27, 2019, the Federal Trade Commission ("FTC") issued a record $5.7...more
3/8/2019
/ Civil Monetary Penalty ,
COPPA ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Mobile Apps ,
Online Safety for Children ,
Parental Consent ,
Personally Identifiable Information ,
Websites
The U.S. data privacy landscape continues to evolve. Last year, the California Consumer Privacy Act ("CCPA") passed following the EU General Data Protection Regulation ("GDPR"). Nine additional states have since introduced...more
On June 12, 2018, Vietnam's National Assembly passed the contentious Law on Cybersecurity ("Law"), which will go into effect on January 1, 2019. The Law has hallmarks similar to China's Cybersecurity Law that took effect in...more