On July 21, 2020, the New York Department of Financial Services (DFS) filed a “Statement of Charges and Notice of Hearing” (the “Charges”) against First American Title Insurance Company (the “Company”) alleging violations of...more
8/7/2020
/ Banking Sector ,
Banks ,
Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Financial Services ,
Enforcement Actions ,
Financial Institutions ,
Financial Services Industry ,
Personally Identifiable Information ,
Sensitive Personal Information ,
Websites
On Tuesday, August 4, Senators Jeff Merkley (D-OR) and Bernie Sanders (I-VT) announced the introduction of the National Biometric Information Privacy Act of 2020 to prohibit private companies from collecting biometric data...more
On July 16, 2020, the Grand Chamber of the Court of Justice of the European Union (CJEU) in Luxembourg handed down its highly anticipated judgment in a case brought by privacy activist Max Schrems (C-311/18, Data Protection...more
7/20/2020
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Safe Harbors ,
Standard Contractual Clauses
- In the age of broad corporate teleworking brought on by COVID-19, OCIE of the SEC has observed during recent examinations that investment advisers, broker-dealers and investment companies are subject to an increased threat...more
7/16/2020
/ Broker-Dealer ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Financial Services Industry ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Incident Response Plans ,
Investment Management ,
Malware ,
OCIE ,
Popular ,
Ransomware ,
Risk Alert ,
Securities and Exchange Commission (SEC)
On July 1, 2020, California Attorney General Xavier Becerra issued a statement as the first day of enforcement of the California Consumer Privacy Act (CCPA) commenced, urging businesses to know their responsibilities under...more
The advocacy group, Californians For Consumer Privacy, has qualified the California Privacy Rights Act (CPRA) for the November 2020 ballot. The required number of signatures was verified by the California Secretary of State,...more
On May 4, 2020, the European Data Protection Board (EDPB) adopted two important revisions to its 33-page Guidelines on Consent (Guidelines) under the General Data Protection Regulation (GDPR). The Guidelines are highly...more
The U.S. Supreme Court is requesting that startup hiQ Labs Inc. respond to LinkedIn’s request for intervention of a ruling in the Ninth Circuit. In its petition for writ of certiorari filed in March, LinkedIn claimed that hiQ...more
Cybersecurity threat actors are targeting information of businesses seeking assistance during this time of crisis. For example, last week the Small Business Administration (SBA) reported a suspected data breach, affecting...more
- The U.S. Supreme Court will review whether a person who is authorized to access information on a computer for certain purposes violates the CFAA if he accesses the same information for an improper purpose.
- The Court’s...more
Akin Gump cybersecurity, privacy and data protection co-heads Natasha Kohne and Michelle Reed discuss the California Consumer Privacy Act and its implications for business in this episode recorded in mid-March....more
The California Attorney General’s Office is going forward with the enforcement of the California Consumer Privacy Act (CCPA) despite the logistical issues caused by COVID-19. An advisor to Attorney General Becerra made a...more
Cybersecurity and Privacy -
Despite cries from corporations and privacy advocates across America for a unified federal privacy law, the nation’s toughest privacy law—the California Consumer Privacy Act (CCPA)—went into...more
3/6/2020
/ Board of Directors ,
California Consumer Privacy Act (CCPA) ,
Corporate Governance ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
General Data Protection Regulation (GDPR) ,
Internal Controls ,
New Regulations ,
Policies and Procedures ,
Popular ,
Privacy Laws ,
Risk Mitigation ,
Wire Fraud
- The California Attorney General Office (AGO) issued revised proposed regulations (Version 2) regarding the California Consumer Privacy Act on February 7, 2020. The AGO will collect comments on the revised regulations until...more
2/21/2020
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Notice Requirements ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Policy ,
Proposed Regulation ,
Public Comment ,
Right to Delete ,
Right To Know ,
State Attorneys General
- The Washington state Senate has passed its version of a consumer data privacy bill as state lawmakers debate proposed legislation for the Washington Privacy Act, the state’s first data privacy law.
- In their own bill,...more
2/19/2020
/ Consumer Privacy Rights ,
Corporate Counsel ,
Customer-Loyalty Programs ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Facial Recognition Technology ,
Legislative Agendas ,
Opt-Outs ,
Personally Identifiable Information ,
Preemption ,
Privacy Legislation ,
Private Right of Action ,
Proposed Legislation ,
Right to Delete ,
Right-To-Access
With the expansion of privacy legislation—from the General Data Protection Regulation (GDPR) in Europe to the coming California Consumer Privacy Act (CCPA) in the United States—cyber liability insurance is taking on increased...more
11/4/2019
/ California Consumer Privacy Act (CCPA) ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Denial of Insurance Coverage ,
Incident Response Plans ,
Insurance Contracts ,
Insurance Litigation ,
Liability Insurance ,
Litigation Fees & Costs ,
Policies and Procedures ,
Popular ,
Privacy Laws ,
Private Right of Action ,
Risk Mitigation ,
Third-Party Liability
• The Draft Regulations introduced by the California Attorney General’s Office on October 10, 2019 are subject to a public comment period and public hearings that will close on December 6, 2019. Now is the time to act to try...more
10/29/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Proposed Regulation ,
Public Comment ,
Right to Delete ,
Right To Know ,
State Attorneys General
Maine’s legislature unanimously passed a new law—“An Act to Protect the Privacy of Online Customer Information” (the “Act”)—that will impose strict data protection restrictions on broadband internet service providers (ISPs)...more
10/29/2019
/ Broadband ,
Consent ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Authority ,
Internet ,
Internet Service Providers (ISPs) ,
New Legislation ,
Personally Identifiable Information ,
Privacy Laws ,
Public Utility ,
Utilities Sector
Attorney General Becerra held a press conference on October 10th, 2019, and announced the release of proposed regulations concerning the California Consumer Privacy Act (CCPA). He stressed that privacy is an inalienable right...more
10/14/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Protection ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Regulation ,
Public Comment ,
State Attorneys General
Alastair Mactaggart, the real estate developer who led the push for the California Consumer Privacy Act (CCPA), is at it again. Mactaggart and his organization, Californians for Consumer Privacy, have submitted a new ballot...more
9/27/2019
/ Algorithms ,
Ballot Measures ,
California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Laws ,
Public Comment ,
State Agencies
• The California Consumer Privacy Act (CCPA) goes into effect on January 1, 2020. The window of opportunity to pass federal privacy legislation to preempt the CCPA in the 116th Congress is rapidly closing.
• Discussions are...more
9/26/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Legislative Agendas ,
Preemption ,
Privacy Laws ,
Private Right of Action
In a narrow but notable holding, the Ninth Circuit recently held that the data mining company hiQ won the balance of hardships and identified sufficiently serious merits questions to warrant a preliminary injunction against...more
Since July 1, 2019, Delaware, New Hampshire and Connecticut have enacted laws imposing new cybersecurity requirements on insurers. These laws follow similar statutes already operating in at least six other states: Alabama,...more
9/16/2019
/ Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Insurance Industry ,
Insurance Regulations ,
NAIC ,
Security Risk Assessments ,
State Data Breach Notification Statutes ,
State Insurance Administrations ,
The Model Law
On May 29, 2019, Nevada’s governor approved a new privacy law, Senate Bill 220 (“SB 220”). SB 220 amends existing state law that requires operators of websites and online services (“Operators”) to post privacy notices on...more
9/12/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Rights ,
Data Security ,
Data Use Policies ,
New Legislation ,
Online Platforms ,
Operators ,
Opt-Outs ,
Permanent Injunctions ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Private Right of Action ,
State Data Privacy Laws ,
Statutory Penalties ,
Third-Party Service Provider ,
Websites
Data protection authorities (DPAs) in the European Union (EU) continue to scrutinize practices in the adtech sector for compliance with the EU’s General Data Protection Regulation (GDPR) and local data protection and...more
8/6/2019
/ Cookies ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Subjects Rights ,
Data Use Policies ,
Electronic Communications ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marketing ,
Notice Requirements ,
Online Advertisements ,
Personal Data ,
Popular