On October 27, 2021, Secretary of State Antony Blinken formally announced plans to modernize and reorient American diplomacy to meet the evolving demands of the 21st century. The State Department, in consultation with...more
Key Points -
On October 6, 2021, the DOJ announced two new initiatives: the Civil Cyber-Fraud Initiative and the National Cryptocurrency Enforcement Team.
The Civil Cyber-Fraud Initiative will fight rising cyber threats...more
10/13/2021
/ Cryptocurrency ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Department of Defense (DOD) ,
Department of Justice (DOJ) ,
DFARS ,
False Claims Act (FCA) ,
Federal Acquisition Regulations (FAR) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
NDAA ,
Popular ,
Supply Chain
On October 1, 2021, two Acts overhauling data privacy and cybersecurity in Connecticut took effect—the latest instance of stronger state breach reporting requirements with a safe harbor protection from litigation for...more
10/7/2021
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Notification Requirements ,
Personal Information ,
Popular ,
Safe Harbors ,
State Data Breach Notification Statutes
On September 27, 2021, all new contracts that involve cross-border personal data transfers must incorporate the updated standard contractual clauses (“New SCCs”) for controllers and processors. On June 4, 2021, the European...more
On September 8, 2021, U.S. Secretary of Commerce Secretary Gina Raimondo announced the establishment of the National Artificial Intelligence (AI) Advisory Committee (NAIAC or the “Committee”). The NAIAC will advise the...more
On August 30, 2021, the Securities and Exchange Commission announced three enforcement actions against registered investment advisers for alleged cybersecurity failures involving cloud-based email systems. All three actions...more
On August 20, 2021, the 30th session of the Standing Committee of the 13th National People’s Congress (NPC) adopted China’s new PRC Personal Information Protection Law (PIPL), which will take effect on November 1, 2021. The...more
8/27/2021
/ China ,
Criminal Liability ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Use Policies ,
International Data Transfers ,
National Security ,
Personal Information
Recent developments in the tech sector in China, including government directives concerning heightened regulatory scrutiny of tech companies listed or looking to list in the US or on exchanges in other overseas jurisdictions,...more
With the passage of the Colorado Privacy Act (CPA) during its latest legislative session, Colorado has become the third state to enact a comprehensive consumer data privacy law, following California and Virginia. Corporations...more
Key Points -
On June 9, President Biden signed an executive order (“EO”) revoking a series of Trump-era EOs targeting specific Chinese “connected software applications” (“apps”), including TikTok and WeChat.
The EO calls...more
6/23/2021
/ Biden Administration ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Department of Justice (DOJ) ,
Executive Orders ,
Foreign Adversaries ,
Mobile Apps ,
National Security ,
Personal Data ,
Popular ,
Supply Chain
Key Points -
On Wednesday, May 12, 2021, President Biden issued EO 14,028, “Improving the Nation’s Cybersecurity.” The EO sets out an ambitious schedule of reviews and rulemakings that portend significant changes in the...more
While some states have enacted privacy laws granting consumers the right to bring a private right of action in a data breach context, federal courts have struggled to fit data breach injury into traditional Article III...more
On April 14, 2021, the Department of Labor (DOL) issued its first set of guidance documents related to the cybersecurity of retirement benefit plans covered by the Employee Retirement Income Security Act (ERISA). The...more
On April 21, 2021, the European Commission (Commission) published its draft Regulation on Artificial Intelligence (AI). It follows the strategies outlined in the February 2020 Commission’s White Paper on AI. The draft...more
5/3/2021
/ Artificial Intelligence ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
European Commission ,
Popular ,
Proposed Regulation ,
Registration Requirement ,
Transparency
On April 14, 2021, the New York Department of Financial Services (DFS) announced it settled an enforcement action against National Securities Corporation (“National Securities”) related to claims under the Cybersecurity...more
In this episode, Akin Gump cybersecurity, privacy and data protection practice co-heads Natasha Kohne and Michelle Reed, and counsel Molly Whitman discuss the firm’s new 2020 CCPA Litigation Annual Report and its...more
4/7/2021
/ California Consumer Privacy Act (CCPA) ,
Class Action ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Defense Strategies ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action
On March 12, 2021, United Kingdom’s (UK) Digital Secretary Oliver Dowden announced the UK’s forthcoming National Artificial Intelligence (AI) Strategy as he set out his Ten Tech Priorities. The Strategy, which is due to be...more
The U.S. Food and Drug Administration (FDA) announced that the newly-created post of Acting Director of Medical Device Security has been filled by Kevin Fu, a University of Michigan associate professor and founder of the...more
In ongoing multidistrict litigation concerning Capital One’s 2019 data breach, Capital One succeeded in defeating a motion to compel disclosure of a privileged root cause analysis conducted by PwC. In contrast to an earlier...more
3/1/2021
/ Attorney-Client Privilege ,
Capital One ,
Cybersecurity ,
Data Breach ,
Discovery ,
FBI ,
Forensic Examination ,
Motion to Compel ,
Multidistrict Litigation ,
Popular ,
Privileged Communication ,
Work-Product Doctrine
A data analytics company for the mortgage industry is facing allegations of violating the Gramm-Leach Bliley Act (GLBA), stemming from a data breach of a third-party vendor. In its complaint, the Federal Trade Commission...more
On November 10, 2020, the recently established Taskforce of the European Data Protection Board (EDPB), a body consisting of representatives of all the Data Protection Authorities (DPAs) in the European Economic Area (EEA),...more
On Friday, December 4, 2020, President Donald Trump signed H.R. 1668, the Internet of Things (IoT) Cybersecurity Improvement Act of 2020, into law. The measure, which was approved by the House of Representatives in September...more
In August, Viacom and a number of other app developers and ad-tech companies reached a settlement with parents who had alleged that the companies were illegally selling children’s personal information for behavioral...more
12/7/2020
/ Advertising ,
App Developers ,
Behavioral Advertising ,
COPPA ,
Cybersecurity ,
Data Collection ,
Federal Trade Commission (FTC) ,
Mobile Apps ,
Online Safety for Children ,
Settlement Agreements ,
State Law Claims ,
State Privacy Laws ,
Unfair Competition Law (UCL)
On Tuesday, November 17, the Senate passed H.R. 1668, the Internet of Things (IoT) Cybersecurity Improvement Act of 2020, by unanimous consent. The bill, which previously passed the House of Representatives in September after...more
Voters in Massachusetts overwhelmingly approved a ballot initiative that gives independent mechanics greater access to vehicle data, a move that vehicle manufacturers have foreshadowed could have significant cyber and privacy...more
11/18/2020
/ Auto Repair Regulations ,
Automotive Industry ,
Ballot Measures ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Motor Vehicles ,
Popular ,
Right to Repair ,
Telematics