In April 2025, SK Telecom—South Korea’s largest mobile carrier—formally notified regulators of a significant data breach that compromised sensitive SIM card data belonging to nearly 27 million users. Following an...more
Our Privacy, Cyber & Data Strategy Team discusses how to overcome five challenges companies face in the wake of a data security incident when reviewing impacted data to comply with legal obligations....more
On July 8, 2025, the Department of Justice (“DOJ”) is set to lift its self-imposed pause on enforcing certain violations of its Rule Preventing Access to US Sensitive Personal Data and Government-Related Data by Countries of...more
6/24/2025
/ China ,
Compliance ,
Data Privacy ,
Data Security ,
Data Transfers ,
Department of Justice (DOJ) ,
Enforcement Actions ,
Executive Orders ,
Foreign Entities ,
National Security ,
New Regulations ,
Personal Data
Our Privacy, Cyber & Data Strategy Team highlights the shift in priorities for privacy and cybersecurity regulation and enforcement across U.S. agencies under the second Trump Administration....more
On January 15, 2025, the Federal Trade Commission (FTC) announced a proposed settlement with GoDaddy Inc. (GoDaddy) for making false or misleading representations about their security practices in violation of Section 5 of...more
1/22/2025
/ Antitrust Violations ,
Compliance ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC Act ,
Misleading Statements ,
Privacy Laws ,
Risk Management ,
Unfair or Deceptive Trade Practices
In late December 2024, the New York Governor signed two bills (S2659B and S2376B) amending the state’s data breach notification law (N.Y. Gen. Bus. Law § 899-aa), to expand the definition of reportable personal information...more
Just a month before the Security and Exchange Commission’s (“SEC’s”) Material Cybersecurity Incidents Rule is set to take effect, a ransomware group has apparently taken compliance with reporting requirements into its own...more
New York Attorney General Letitia James recently announced two agreements related to data breaches with entities that operate in the education industry. In both instances the entities paid the ransom and received evidence of...more
In late August 2023, the California Privacy Protection Agency (“CPPA” or “Agency”) released a discussion draft of proposed regulations under California’s data privacy law, the California Consumer Privacy Act (“CCPA”)....more
Publications and Advisories - July 31, 2023 – Dave Brown, Kate Hanniford, Kim Peretti, Julia Mediamolle, Cara Peterman, Sierra Shear, Kristen Bartolotta, and Kezia Osunsade published “Securities Law, Securities Litigation,...more
8/10/2023
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Civil Investigation Demand ,
COPPA ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
Hackers ,
International Data Transfers ,
Online Safety for Children ,
Popular ,
Ransomware ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Standard Contractual Clauses ,
Telehealth
In mid-July, the Federal Trade Commission (FTC) reportedly opened an investigation into OpenAI, the maker of ChatGPT, sending the company an extensive Civil Investigative Demand (CID). While FTC investigations are normally...more
On June 18, 2023, Texas Governor Greg Abbott signed the Texas Data Privacy and Security Act (HB 4) (“TDPSA”) into law, making Texas the latest contributor to the growing patchwork of comprehensive U.S. state privacy laws....more
On June 7, 2023, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Joint Cybersecurity Advisory in connection with a recent zero-day (or previously...more
Publications and Advisories - April 5, 2023 – Kate Hanniford and Elinor Hiller published “Healthy Byte: White House and HHS Both Update Their Cybersecurity Guidance.”...more
Publications and Advisories - February 10, 2023 – Kathleen Benway, David Keating, and Sara Pullen Guercio published “Privacy, Cyber & Data Strategy / Consumer Protection/FTC Advisory: Limit Your Health Data Sharing and Call...more
2/15/2023
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
FCC ,
Federal Trade Commission (FTC) ,
Personal Information ,
Popular ,
State Privacy Laws
Selected U.S. Privacy and Cyber Updates - California Privacy Protection Agency Issues Notice of Modifications to Proposed CPRA Regulations - On November 3, 2022, the California Privacy Protection Agency (CPPA) issued a notice...more
On October 31, 2022, the Federal Trade Commission (FTC) announced it has taken action against education technology provider Chegg Inc. (“Chegg”) for its “careless” cybersecurity practices that exposed sensitive personal...more
On October 24, 2022, the Federal Trade Commission (“FTC”) announced a proposed consent order against both Drizly LLC, an online marketplace for alcohol delivery, and its CEO over the company’s alleged security failures that...more
Our Privacy, Cyber & Data Strategy and White Collar, Government & Internal Investigations teams offer key takeaways that companies should consider in the wake of the Justice Department’s first prosecution of a corporate...more
On October 4, 2022, the White House Office of Science and Technology released the Blueprint for an AI Bill of Rights (the Bill) to guide the development and use of artificial intelligence (AI) in the United States. The White...more
Selected Developments in U.S. Law - U.S. Department of Commerce Announces the Establishment of a Global CBPR Forum On April 21, 2022, Canada, Japan, South Korea, the Philippines, Singapore, Taiwan, and the United States...more
5/11/2022
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Assets ,
Fraud ,
Personal Information ,
Popular ,
Privacy Laws ,
Ransomware
The Strengthening American Cybersecurity Act of 2022, a bill that narrowly failed to become law last year, was passed in the Senate on Tuesday, March 1 as a package of cybersecurity measures that would require operators of...more
3/4/2022
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Breach Plans ,
Data Privacy ,
Data Protection ,
Data Security ,
Popular ,
Reporting Requirements
Selected Developments in U.S. Law - SEC Proposed Rule Will Require Private Funds to Report Certain Cyber Events On January 26, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new rules to enhance hedge fund...more
2/9/2022
/ China ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Privacy ,
Data Security ,
Data Subject Access Requests ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Malware ,
Multi-Factor Authentication ,
NYDFS ,
Personal Data ,
Popular ,
Ransomware ,
Reporting Requirements ,
Russia ,
Ukraine
As companies scramble to address the newly exploited, ubiquitous Log4j vulnerability, companies’ actions are now the potential source for government scrutiny. Our Privacy, Cyber & Data Security Team summarizes what the Log4j...more
On November 14, 2021, the Cyberspace Administration of China (CAC) released draft Regulations on the Management of Online Data Security (the “Regulations”) for China’s data privacy and security laws, including the...more