With the passage of the Colorado Privacy Act (CPA) during its latest legislative session, Colorado has become the third state to enact a comprehensive consumer data privacy law, following California and Virginia. Corporations...more
Key Points -
On Wednesday, May 12, 2021, President Biden issued EO 14,028, “Improving the Nation’s Cybersecurity.” The EO sets out an ambitious schedule of reviews and rulemakings that portend significant changes in the...more
While some states have enacted privacy laws granting consumers the right to bring a private right of action in a data breach context, federal courts have struggled to fit data breach injury into traditional Article III...more
On April 14, 2021, the Department of Labor (DOL) issued its first set of guidance documents related to the cybersecurity of retirement benefit plans covered by the Employee Retirement Income Security Act (ERISA). The...more
On April 21, 2021, the European Commission (Commission) published its draft Regulation on Artificial Intelligence (AI). It follows the strategies outlined in the February 2020 Commission’s White Paper on AI. The draft...more
5/3/2021
/ Artificial Intelligence ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
European Commission ,
Popular ,
Proposed Regulation ,
Registration Requirement ,
Transparency
On April 14, 2021, the New York Department of Financial Services (DFS) announced it settled an enforcement action against National Securities Corporation (“National Securities”) related to claims under the Cybersecurity...more
The National Association of Insurance Commissioner (NAIC)’s model data security law (“Model Law”) was recently adopted by Maine and North Dakota. This addition brings the total number to states that have joined the NAIC...more
On Tuesday, April 20, the Senate Commerce, Science and Transportation Committee held a hearing on the Federal Trade Commission’s (FTC) authority to protect consumers.
The hearing featured discussion from lawmakers on the...more
In this episode, Akin Gump cybersecurity, privacy and data protection practice co-heads Natasha Kohne and Michelle Reed, and counsel Molly Whitman discuss the firm’s new 2020 CCPA Litigation Annual Report and its...more
4/7/2021
/ California Consumer Privacy Act (CCPA) ,
Class Action ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Defense Strategies ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action
On March 12, 2021, United Kingdom’s (UK) Digital Secretary Oliver Dowden announced the UK’s forthcoming National Artificial Intelligence (AI) Strategy as he set out his Ten Tech Priorities. The Strategy, which is due to be...more
The U.S. Food and Drug Administration (FDA) announced that the newly-created post of Acting Director of Medical Device Security has been filled by Kevin Fu, a University of Michigan associate professor and founder of the...more
A data analytics company for the mortgage industry is facing allegations of violating the Gramm-Leach Bliley Act (GLBA), stemming from a data breach of a third-party vendor. In its complaint, the Federal Trade Commission...more
On November 10, 2020, the recently established Taskforce of the European Data Protection Board (EDPB), a body consisting of representatives of all the Data Protection Authorities (DPAs) in the European Economic Area (EEA),...more
In August, Viacom and a number of other app developers and ad-tech companies reached a settlement with parents who had alleged that the companies were illegally selling children’s personal information for behavioral...more
12/7/2020
/ Advertising ,
App Developers ,
Behavioral Advertising ,
COPPA ,
Cybersecurity ,
Data Collection ,
Federal Trade Commission (FTC) ,
Mobile Apps ,
Online Safety for Children ,
Settlement Agreements ,
State Law Claims ,
State Privacy Laws ,
Unfair Competition Law (UCL)
On Tuesday, November 17, the Senate passed H.R. 1668, the Internet of Things (IoT) Cybersecurity Improvement Act of 2020, by unanimous consent. The bill, which previously passed the House of Representatives in September after...more
Voters in Massachusetts overwhelmingly approved a ballot initiative that gives independent mechanics greater access to vehicle data, a move that vehicle manufacturers have foreshadowed could have significant cyber and privacy...more
11/18/2020
/ Auto Repair Regulations ,
Automotive Industry ,
Ballot Measures ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Motor Vehicles ,
Popular ,
Right to Repair ,
Telematics
The newly passed Proposition 24, the California Privacy Rights Act (CPRA), represents the second time in two years that California has instituted a comprehensive privacy statute that fundamentally changes data privacy...more
In early October, the United States Department of Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory, warning of the potential risk of sanctions to companies and individuals who pay ransomware payments. The...more
11/2/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Insurance ,
Cybersecurity ,
Economic Sanctions ,
Financial Institutions ,
Foreign Policy ,
Hackers ,
Office of Foreign Assets Control (OFAC) ,
Ransomware ,
Risk Management ,
Risk-Based Approaches ,
Sanction Violations
A coalition of African nations have developed a data protection framework with the goal of centralizing data protection laws and the digital economy across Africa. Currently, five countries, including Nigeria, are testing the...more
10/28/2020
/ Africa ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Transfers ,
Information Security ,
International Data Transfers ,
Multinationals ,
New Guidance ,
Personal Data ,
Personally Identifiable Information
On September 15, 2020, the New York Attorney General (NYAG) reached a Consent and Stipulation Agreement (the “Agreement”) with Dunkin’ Brand’s Inc. a year after filing a lawsuit over the company’s response to cyberattacks in...more
10/6/2020
/ Consent Agreements ,
Consumer Privacy Rights ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Security ,
Debit and Credit Card Transactions ,
Dunkin' Donuts ,
Failure to Notify ,
Hackers ,
Information Security ,
Personally Identifiable Information ,
Settlement ,
State Attorneys General ,
State Data Breach Notification Statutes
Two developments in the United Kingdom demonstrate the country’s renewed commitment to a sustainable data strategy with appropriate privacy and security safeguards. First, on September 9, 2020, the U.K. government published a...more
9/30/2020
/ Artificial Intelligence ,
Cyber Threats ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Security ,
Data Storage ,
International Data Transfers ,
Personal Data ,
Research and Development ,
UK
- In ongoing multidistrict litigation concerning Capital One’s 2019 data breach, Capital One succeeded in defeating a motion to compel disclosure of a privileged root cause analysis conducted by PwC.
- In contrast to an...more
9/21/2020
/ Best Practices ,
Capital One ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Forensic Examination ,
Motion to Compel ,
Multidistrict Litigation ,
Popular ,
Privileged Communication ,
Privileged Documents ,
Work-Product Doctrine
On Friday September 4, 2020, the European Data Protection Board (EDPB), a body consisting of representatives of all the Data Protection Authorities (DPAs) in the European Economic Area, announced that it had formed two new...more
9/14/2020
/ Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Security ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information
- The OCIE of the SEC highlights that responses to COVID-19 present important regulatory and compliance issues for SEC registrants, including “heightened risks of misconduct” tied to recent market volatility.
- The Risk...more
8/21/2020
/ Asset Management ,
Broker-Dealer ,
Business Continuity Plans ,
Business Operations ,
Compliance ,
Conflicts of Interest ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Protection ,
Fees ,
Financial Transactions ,
Investment Adviser ,
Investment Fraud ,
Investment Management ,
Investors ,
OCIE ,
Personally Identifiable Information ,
Policies and Procedures ,
Popular ,
Remote Working ,
Risk Alert ,
Securities and Exchange Commission (SEC) ,
Supervision
Massachusetts Attorney General (AG) Maura Healey announced the creation of a Data Privacy and Security Division, focusing on protecting consumers from privacy and security breaches and threats. AG Healey named Sara Cable as...more
8/20/2020
/ Consumer Privacy Rights ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Equal Access ,
Internet ,
Personal Data ,
Popular ,
Privacy Laws ,
State Attorneys General