At the end of 2023, the Federal Communications Commission (“FCC” or “the Commission”) adopted updates to its existing 16-year-old data breach notification rules (“prior rules”) designed to ensure that sensitive customer...more
Over the last several years, the class action bar has targeted companies in a wave of putative class actions under state “right of publicity” statutes. Although they vary some around the edges, these statutes generally seek...more
Key Points -
Over the last several years, the class action bar has targeted companies in a wave of putative class actions under state “right of publicity” statutes. Although they vary some around the edges, these statutes...more
This year has seen some substantial new data breach settlements including a $500,000 Federal Trade Commission (FTC) fine against CafePress, a $1.25 million multi-state class action settlement and $5 million New York...more
11/3/2022
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Notification Requirements ,
NYDFS ,
Personally Identifiable Information ,
Popular
Gary Gensler, Chair of the U.S. Securities and Exchange Commission (SEC), signaled a new era of cybersecurity law (and accompanying enforcement) in his keynote address “Cybersecurity and Securities Laws” on January 24, 2022,...more
On August 30, 2021, the Securities and Exchange Commission announced three enforcement actions against registered investment advisers for alleged cybersecurity failures involving cloud-based email systems. All three actions...more
Throughout the month of March, states continued to introduce new privacy laws of their own as Congress focused on enacting President Biden’s $1.9 trillion COVID-19 relief plan—H.R. 1319, the American Rescue Plan Act of...more
In this episode, Akin Gump cybersecurity, privacy and data protection practice co-heads Natasha Kohne and Michelle Reed, and counsel Molly Whitman discuss the firm’s new 2020 CCPA Litigation Annual Report and its...more
4/7/2021
/ California Consumer Privacy Act (CCPA) ,
Class Action ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Defense Strategies ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action
A coalition of African nations have developed a data protection framework with the goal of centralizing data protection laws and the digital economy across Africa. Currently, five countries, including Nigeria, are testing the...more
10/28/2020
/ Africa ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Transfers ,
Information Security ,
International Data Transfers ,
Multinationals ,
New Guidance ,
Personal Data ,
Personally Identifiable Information
The California Attorney General surprised companies by issuing new guidance for the California Consumer Privacy Act (CCPA) compliance, reflecting likely compliance missteps by companies. On Tuesday October 12, 2020, the...more
10/16/2020
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Notice Requirements ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Policy ,
Proposed Regulation ,
Public Comment ,
State Attorneys General
United Kingdom, French and Belgian national security laws (and such laws of other EU Member States) fell under the scrutiny of the Court of Justice of the European Union (CJEU), which on October 6, 2020, ruled on whether such...more
10/14/2020
/ Consumer Privacy Rights ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Retention ,
Data Security ,
Electronic Communications ,
EU ,
General Data Protection Regulation (GDPR) ,
Member State ,
National Security ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
UK
On September 15, 2020, the New York Attorney General (NYAG) reached a Consent and Stipulation Agreement (the “Agreement”) with Dunkin’ Brand’s Inc. a year after filing a lawsuit over the company’s response to cyberattacks in...more
10/6/2020
/ Consent Agreements ,
Consumer Privacy Rights ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Security ,
Debit and Credit Card Transactions ,
Dunkin' Donuts ,
Failure to Notify ,
Hackers ,
Information Security ,
Personally Identifiable Information ,
Settlement ,
State Attorneys General ,
State Data Breach Notification Statutes
The City Council of Portland, Oregon unanimously passed a ban on facial recognition, set to take effect in January 2021. The Portland ban is currently the strongest in the United States, preventing not only government...more
The Federal Data Protection and Information Commissioner (FDPIC) has determined that the Swiss-United States Privacy Shield does not provide an adequate level of data protection for data transfers from Switzerland to the U.S....more
9/30/2020
/ Binding Corporate Rules ,
Data Privacy ,
Data Protection ,
Data Security ,
Encryption ,
EU-US Privacy Shield ,
International Data Transfers ,
Personally Identifiable Information ,
Risk Assessment ,
Standard Contractual Clauses ,
Swiss Privacy Shield ,
Switzerland
On Friday September 4, 2020, the European Data Protection Board (EDPB), a body consisting of representatives of all the Data Protection Authorities (DPAs) in the European Economic Area, announced that it had formed two new...more
9/14/2020
/ Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Security ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information
- The OCIE of the SEC highlights that responses to COVID-19 present important regulatory and compliance issues for SEC registrants, including “heightened risks of misconduct” tied to recent market volatility.
- The Risk...more
8/21/2020
/ Asset Management ,
Broker-Dealer ,
Business Continuity Plans ,
Business Operations ,
Compliance ,
Conflicts of Interest ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Protection ,
Fees ,
Financial Transactions ,
Investment Adviser ,
Investment Fraud ,
Investment Management ,
Investors ,
OCIE ,
Personally Identifiable Information ,
Policies and Procedures ,
Popular ,
Remote Working ,
Risk Alert ,
Securities and Exchange Commission (SEC) ,
Supervision
On March 5, 2020, Gov. Phil Scott (VT-R) signed into law amendments to the Security Breach Notice Act (the “Act”). The amendments, which originated in the State Senate as part of an initiative addressing a number of data...more
8/10/2020
/ Amended Legislation ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Governor Scott ,
New Guidance ,
Notice Requirements ,
Personally Identifiable Information ,
Popular ,
State Attorneys General
On July 21, 2020, the New York Department of Financial Services (DFS) filed a “Statement of Charges and Notice of Hearing” (the “Charges”) against First American Title Insurance Company (the “Company”) alleging violations of...more
8/7/2020
/ Banking Sector ,
Banks ,
Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Financial Services ,
Enforcement Actions ,
Financial Institutions ,
Financial Services Industry ,
Personally Identifiable Information ,
Sensitive Personal Information ,
Websites
On Tuesday, August 4, Senators Jeff Merkley (D-OR) and Bernie Sanders (I-VT) announced the introduction of the National Biometric Information Privacy Act of 2020 to prohibit private companies from collecting biometric data...more
On July 1, 2020, California Attorney General Xavier Becerra issued a statement as the first day of enforcement of the California Consumer Privacy Act (CCPA) commenced, urging businesses to know their responsibilities under...more
The advocacy group, Californians For Consumer Privacy, has qualified the California Privacy Rights Act (CPRA) for the November 2020 ballot. The required number of signatures was verified by the California Secretary of State,...more
The California Attorney General’s Office is going forward with the enforcement of the California Consumer Privacy Act (CCPA) despite the logistical issues caused by COVID-19. An advisor to Attorney General Becerra made a...more
- The California Attorney General Office (AGO) issued revised proposed regulations (Version 2) regarding the California Consumer Privacy Act on February 7, 2020. The AGO will collect comments on the revised regulations until...more
2/21/2020
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Notice Requirements ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Policy ,
Proposed Regulation ,
Public Comment ,
Right to Delete ,
Right To Know ,
State Attorneys General
- The Washington state Senate has passed its version of a consumer data privacy bill as state lawmakers debate proposed legislation for the Washington Privacy Act, the state’s first data privacy law.
- In their own bill,...more
2/19/2020
/ Consumer Privacy Rights ,
Corporate Counsel ,
Customer-Loyalty Programs ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Facial Recognition Technology ,
Legislative Agendas ,
Opt-Outs ,
Personally Identifiable Information ,
Preemption ,
Privacy Legislation ,
Private Right of Action ,
Proposed Legislation ,
Right to Delete ,
Right-To-Access
• The Draft Regulations introduced by the California Attorney General’s Office on October 10, 2019 are subject to a public comment period and public hearings that will close on December 6, 2019. Now is the time to act to try...more
10/29/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Proposed Regulation ,
Public Comment ,
Right to Delete ,
Right To Know ,
State Attorneys General