Last month, the Office of Management and Budget (OMB) and the Cyber and Infrastructure Security Agency (CISA) released draft guidance to implement a Zero Trust cybersecurity policy government-wide. OMB and CISA are seeking...more
On September 27, 2021, all new contracts that involve cross-border personal data transfers must incorporate the updated standard contractual clauses (“New SCCs”) for controllers and processors. On June 4, 2021, the European...more
A number of important new privacy law developments arrived in the month of August, chiefly enactment of the new Illinois Protecting Household Privacy Act, which restricts law enforcement access to data collected from the home...more
On August 30, 2021, the Securities and Exchange Commission announced three enforcement actions against registered investment advisers for alleged cybersecurity failures involving cloud-based email systems. All three actions...more
On August 20, 2021, the 30th session of the Standing Committee of the 13th National People’s Congress (NPC) adopted China’s new PRC Personal Information Protection Law (PIPL), which will take effect on November 1, 2021. The...more
8/27/2021
/ China ,
Criminal Liability ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Use Policies ,
International Data Transfers ,
National Security ,
Personal Information
On June 21, 2021, the U.S. Supreme Court issued its opinion in Goldman Sachs Group, Inc. v. Arkansas Teacher Retirement System,1 vacating the 2nd Circuit’s previous decision and remanding for further consideration as to...more
7/29/2021
/ Arkansas Teacher Retirement System v Goldman Sachs Group ,
Burden of Persuasion ,
Class Action ,
Class Certification ,
Conflicts of Interest ,
Fraud-on-the-Market ,
Goldman Sachs ,
Investors ,
Presumption of Reliance ,
SCOTUS ,
Securities Exchange Act ,
Securities Litigation ,
Shareholders
Recent developments in the tech sector in China, including government directives concerning heightened regulatory scrutiny of tech companies listed or looking to list in the US or on exchanges in other overseas jurisdictions,...more
With the passage of the Colorado Privacy Act (CPA) during its latest legislative session, Colorado has become the third state to enact a comprehensive consumer data privacy law, following California and Virginia. Corporations...more
Key Points -
The U.S. Supreme Court held that all members of a certified class must demonstrate that they suffered a concrete harm—such as physical injury or monetary loss—to have Article III standing to recover damages in...more
6/30/2021
/ Article III ,
Class Action ,
Class Members ,
Credit Reporting Agencies ,
Credit Reports ,
Fair Credit Reporting Act (FCRA) ,
Injury-in-Fact ,
SCOTUS ,
Standing ,
TransUnion ,
TransUnion LLC v Ramirez
Key Points -
The Supreme Court held that a former police officer did not violate the CFAA by “exceeding” his authorized access to a law enforcement database when he used the database to sell information because he was...more
Key Points -
On Wednesday, May 12, 2021, President Biden issued EO 14,028, “Improving the Nation’s Cybersecurity.” The EO sets out an ambitious schedule of reviews and rulemakings that portend significant changes in the...more
While some states have enacted privacy laws granting consumers the right to bring a private right of action in a data breach context, federal courts have struggled to fit data breach injury into traditional Article III...more
Throughout the month of March, states continued to introduce new privacy laws of their own as Congress focused on enacting President Biden’s $1.9 trillion COVID-19 relief plan—H.R. 1319, the American Rescue Plan Act of...more
On April 14, 2021, the Department of Labor (DOL) issued its first set of guidance documents related to the cybersecurity of retirement benefit plans covered by the Employee Retirement Income Security Act (ERISA). The...more
On April 21, 2021, the European Commission (Commission) published its draft Regulation on Artificial Intelligence (AI). It follows the strategies outlined in the February 2020 Commission’s White Paper on AI. The draft...more
5/3/2021
/ Artificial Intelligence ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
European Commission ,
Popular ,
Proposed Regulation ,
Registration Requirement ,
Transparency
On April 14, 2021, the New York Department of Financial Services (DFS) announced it settled an enforcement action against National Securities Corporation (“National Securities”) related to claims under the Cybersecurity...more
The National Association of Insurance Commissioner (NAIC)’s model data security law (“Model Law”) was recently adopted by Maine and North Dakota. This addition brings the total number to states that have joined the NAIC...more
On Tuesday, April 20, the Senate Commerce, Science and Transportation Committee held a hearing on the Federal Trade Commission’s (FTC) authority to protect consumers.
The hearing featured discussion from lawmakers on the...more
On March 29, 2021, the U.S. Supreme Court heard oral argument in Goldman Sachs Group, Inc. v. Arkansas Teacher Retirement System. In this closely watched case, the Court is expected to clarify the evidentiary burden for...more
In this episode, Akin Gump cybersecurity, privacy and data protection practice co-heads Natasha Kohne and Michelle Reed, and counsel Molly Whitman discuss the firm’s new 2020 CCPA Litigation Annual Report and its...more
4/7/2021
/ California Consumer Privacy Act (CCPA) ,
Class Action ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Defense Strategies ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action
On March 12, 2021, United Kingdom’s (UK) Digital Secretary Oliver Dowden announced the UK’s forthcoming National Artificial Intelligence (AI) Strategy as he set out his Ten Tech Priorities. The Strategy, which is due to be...more
On March 2, 2021, the Governor of Virginia signed the Virginia Consumer Data Protection Act (CDPA) into law, which goes into effect on January 1, 2023. The law applies only to businesses with large amounts of consumer data...more
The U.S. Food and Drug Administration (FDA) announced that the newly-created post of Acting Director of Medical Device Security has been filled by Kevin Fu, a University of Michigan associate professor and founder of the...more
Amendments Come on the Heels of Supreme Court Decisions on SEC Disgorgement -
On January 1, 2021, Congress passed the National Defense Authorization Act (NDAA). Embedded in the NDAA’s more than 1,400 pages is Section...more
In an unusual departure from prior settlements, the Federal Trade Commission (FTC) has required a company to delete the facial recognition algorithm that was allegedly developed using improperly obtained user consent....more