The newly passed Proposition 24, the California Privacy Rights Act (CPRA), represents the second time in two years that California has instituted a comprehensive privacy statute that fundamentally changes data privacy...more
In early October, the United States Department of Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory, warning of the potential risk of sanctions to companies and individuals who pay ransomware payments. The...more
11/2/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Insurance ,
Cybersecurity ,
Economic Sanctions ,
Financial Institutions ,
Foreign Policy ,
Hackers ,
Office of Foreign Assets Control (OFAC) ,
Ransomware ,
Risk Management ,
Risk-Based Approaches ,
Sanction Violations
On October 1, 2020, the three-month grace period for businesses to comply with the Dubai International Financial Centre (DIFC) Data Protection Law (DIFC Law No. 5 of 2020) (“DPL 2020”) came to an end. Regulating the...more
10/2/2020
/ California Consumer Privacy Act (CCPA) ,
Consent ,
Cybersecurity ,
Data Breach ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Security ,
Data Subjects Rights ,
DIFC ,
Dubai ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Notice Requirements ,
Penalties ,
Personal Data ,
Popular
- In ongoing multidistrict litigation concerning Capital One’s 2019 data breach, Capital One succeeded in defeating a motion to compel disclosure of a privileged root cause analysis conducted by PwC.
- In contrast to an...more
9/21/2020
/ Best Practices ,
Capital One ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Forensic Examination ,
Motion to Compel ,
Multidistrict Litigation ,
Popular ,
Privileged Communication ,
Privileged Documents ,
Work-Product Doctrine
- The OCIE of the SEC highlights that responses to COVID-19 present important regulatory and compliance issues for SEC registrants, including “heightened risks of misconduct” tied to recent market volatility.
- The Risk...more
8/21/2020
/ Asset Management ,
Broker-Dealer ,
Business Continuity Plans ,
Business Operations ,
Compliance ,
Conflicts of Interest ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Protection ,
Fees ,
Financial Transactions ,
Investment Adviser ,
Investment Fraud ,
Investment Management ,
Investors ,
OCIE ,
Personally Identifiable Information ,
Policies and Procedures ,
Popular ,
Remote Working ,
Risk Alert ,
Securities and Exchange Commission (SEC) ,
Supervision
On Friday, August 14, California’s Office of Administrative Law (OAL) approved the final draft of the Attorney General’s (AG) regulations under the California Consumer Privacy Act (CCPA). Attorney General Xavier Becerra’s...more
8/20/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Subjects Rights ,
Office of Administrative Law ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Private Right of Action ,
Regulatory Requirements ,
State Attorneys General
Massachusetts Attorney General (AG) Maura Healey announced the creation of a Data Privacy and Security Division, focusing on protecting consumers from privacy and security breaches and threats. AG Healey named Sara Cable as...more
8/20/2020
/ Consumer Privacy Rights ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Equal Access ,
Internet ,
Personal Data ,
Popular ,
Privacy Laws ,
State Attorneys General
On March 5, 2020, Gov. Phil Scott (VT-R) signed into law amendments to the Security Breach Notice Act (the “Act”). The amendments, which originated in the State Senate as part of an initiative addressing a number of data...more
8/10/2020
/ Amended Legislation ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Governor Scott ,
New Guidance ,
Notice Requirements ,
Personally Identifiable Information ,
Popular ,
State Attorneys General
On July 21, 2020, the New York Department of Financial Services (DFS) filed a “Statement of Charges and Notice of Hearing” (the “Charges”) against First American Title Insurance Company (the “Company”) alleging violations of...more
8/7/2020
/ Banking Sector ,
Banks ,
Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Financial Services ,
Enforcement Actions ,
Financial Institutions ,
Financial Services Industry ,
Personally Identifiable Information ,
Sensitive Personal Information ,
Websites
- In the age of broad corporate teleworking brought on by COVID-19, OCIE of the SEC has observed during recent examinations that investment advisers, broker-dealers and investment companies are subject to an increased threat...more
7/16/2020
/ Broker-Dealer ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Financial Services Industry ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Incident Response Plans ,
Investment Management ,
Malware ,
OCIE ,
Popular ,
Ransomware ,
Risk Alert ,
Securities and Exchange Commission (SEC)
On July 1, 2020, California Attorney General Xavier Becerra issued a statement as the first day of enforcement of the California Consumer Privacy Act (CCPA) commenced, urging businesses to know their responsibilities under...more
Cybersecurity threat actors are targeting information of businesses seeking assistance during this time of crisis. For example, last week the Small Business Administration (SBA) reported a suspected data breach, affecting...more
Akin Gump cybersecurity, privacy and data protection co-heads Natasha Kohne and Michelle Reed discuss the California Consumer Privacy Act and its implications for business in this episode recorded in mid-March....more
The California Attorney General’s Office is going forward with the enforcement of the California Consumer Privacy Act (CCPA) despite the logistical issues caused by COVID-19. An advisor to Attorney General Becerra made a...more
- The Washington state Senate has passed its version of a consumer data privacy bill as state lawmakers debate proposed legislation for the Washington Privacy Act, the state’s first data privacy law.
- In their own bill,...more
2/19/2020
/ Consumer Privacy Rights ,
Corporate Counsel ,
Customer-Loyalty Programs ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Facial Recognition Technology ,
Legislative Agendas ,
Opt-Outs ,
Personally Identifiable Information ,
Preemption ,
Privacy Legislation ,
Private Right of Action ,
Proposed Legislation ,
Right to Delete ,
Right-To-Access
Key Points
- AV 4.0 provides a unified overview of the U.S. government’s involvement in AV policy and development. It shifts federal AV guidance toward a multi-agency, coordinated effort led by the White House.
- The new...more
1/14/2020
/ 5G Network ,
Automotive Industry ,
Cybersecurity ,
Department of Transportation (DOT) ,
Driverless Cars ,
Government Agencies ,
Intellectual Property Protection ,
New Guidance ,
Popular ,
Regulatory Oversight ,
Safety Standards
On January 1, 2020, the California Consumer Protection Act (CCPA) will become effective for all businesses that, among other things, have at least $25 million in annual revenue and collect or use any personal information of...more
12/31/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Financial Services Industry ,
Fund Managers ,
Investment ,
Investment Firms ,
Investment Management ,
Personal Data ,
Personal Information ,
Privacy Policy
On Tuesday, November 26, Sen. Maria Cantwell (D-WA), Ranking Member of the Senate Commerce, Science, and Transportation Committee, introduced the Consumer Online Privacy Rights Act. The bill notably contains a private right...more
• In October, the House Energy and Commerce Committee and the Senate Commerce, Science and Transportation Committee unveiled a partial discussion draft of autonomous vehicle (AV) legislation. The draft text addresses safety...more
11/25/2019
/ Automotive Industry ,
Cybersecurity ,
Department of Transportation (DOT) ,
Driverless Cars ,
Legislative Agendas ,
Motor Vehicles ,
NHTSA ,
NTSB ,
Popular ,
Proposed Legislation ,
Safety Standards ,
SCC
Key Points -
- The Online Privacy Act was introduced in the House of Representatives. If passed, it would establish individual privacy rights related to personal information.
- The Filter Bubble Transparency Act was...more
11/8/2019
/ Covered Entities ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
New Legislation ,
Online Platforms ,
Personal Data ,
Personal Information ,
Privacy Laws
With the expansion of privacy legislation—from the General Data Protection Regulation (GDPR) in Europe to the coming California Consumer Privacy Act (CCPA) in the United States—cyber liability insurance is taking on increased...more
11/4/2019
/ California Consumer Privacy Act (CCPA) ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Denial of Insurance Coverage ,
Incident Response Plans ,
Insurance Contracts ,
Insurance Litigation ,
Liability Insurance ,
Litigation Fees & Costs ,
Policies and Procedures ,
Popular ,
Privacy Laws ,
Private Right of Action ,
Risk Mitigation ,
Third-Party Liability
• The Draft Regulations introduced by the California Attorney General’s Office on October 10, 2019 are subject to a public comment period and public hearings that will close on December 6, 2019. Now is the time to act to try...more
10/29/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Proposed Regulation ,
Public Comment ,
Right to Delete ,
Right To Know ,
State Attorneys General
On October 7, the Federal Trade Commission (FTC or the “Commission”) brought together privacy and technology stakeholders for a public workshop aimed at informing updates to regulations promulgated under the Children’s Online...more
10/23/2019
/ Behavioral Advertising ,
California Consumer Privacy Act (CCPA) ,
COPPA ,
Cybersecurity ,
Data Collection ,
Data Security ,
Federal Trade Commission (FTC) ,
FERPA ,
General Data Protection Regulation (GDPR) ,
Online Advertisements ,
Online Safety for Children ,
Parental Consent ,
Personally Identifiable Information ,
Popular ,
Privacy Concerns ,
Public Comment ,
Public Workshops ,
Safe Harbors ,
Website Owner Liability
Alastair Mactaggart, the real estate developer who led the push for the California Consumer Privacy Act (CCPA), is at it again. Mactaggart and his organization, Californians for Consumer Privacy, have submitted a new ballot...more
9/27/2019
/ Algorithms ,
Ballot Measures ,
California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Laws ,
Public Comment ,
State Agencies
• The California Consumer Privacy Act (CCPA) goes into effect on January 1, 2020. The window of opportunity to pass federal privacy legislation to preempt the CCPA in the 116th Congress is rapidly closing.
• Discussions are...more
9/26/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Legislative Agendas ,
Preemption ,
Privacy Laws ,
Private Right of Action