On September 4, 2019, the Federal Trade Commission (FTC or the “Commission”) announced a settlement with YouTube and its parent Google that resolves allegations that the companies violated the Children’s Online Privacy...more
9/10/2019
/ COPPA ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Google ,
Mobile Apps ,
Online Safety for Children ,
Parental Consent ,
Personally Identifiable Information ,
Privacy Policy ,
Settlement ,
Settlement Offer ,
Statutory Penalties ,
Statutory Violations ,
Website Owner Liability ,
Websites ,
YouTube
On August 1, 2019, Bahrain’s Personal Data Protection Law (PDPL) (Law No. (30) of 2018) took effect. The PDPL aims to align Bahrain’s data protection framework more closely with global best practices and regulates the...more
8/21/2019
/ Bahrain ,
Best Practices ,
Civil Liability ,
Criminal Liability ,
Criminal Penalties ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
International Data Transfers ,
New Legislation ,
Personally Identifiable Information ,
Written Consent
• New York recently enacted the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, which expands data breach notification requirements and imposes new data security obligations on businesses that own, license or,...more
8/5/2019
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Governor Cuomo ,
HIPAA Breach ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
SHIELD Act ,
State Data Breach Notification Statutes
• May 31, 2019, was the deadline for the California Legislature to pass bills out of the chamber in which they were introduced. Several measures proposing amendments to the California Consumer Privacy Act (CCPA) passed the...more
6/5/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Amendments
A year ago, on May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) came into force. With its extraterritorial scope and detailed requirements, the GDPR aimed to change the approach to personal data...more
5/31/2019
/ Consent ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Security ,
Data Subjects Rights ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular ,
Regulatory Oversight ,
Regulatory Standards ,
Telemarketing
• On May 23, 2019, the Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert describing its observations in past examinations of weaknesses and best practices...more
5/29/2019
/ Broker-Dealer ,
Cloud Storage ,
Customer Information ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Data Security ,
Data Storage Providers ,
Identity Theft ,
Identity Theft Red Flags Rule ,
Investment Adviser ,
OCIE ,
Policies and Procedures ,
Regulation S-ID ,
Regulation S-P ,
Regulatory Requirements ,
Risk Alert ,
Safeguards Rule ,
Securities and Exchange Commission (SEC) ,
Third-Party Service Provider ,
Vendors
• On May 16, 2019, the California Senate Appropriations Committee held Senate Bill 561 (SB-561) in committee, likely blocking its passage this term.
• SB-561, co-authored by the California Attorney General, would have...more
• The SEC released a Risk Alert summarizing key areas in which it continues to see compliance deficiencies related to Regulation S-P, the primary SEC rule regarding privacy notices and safeguard policies of investment...more
4/29/2019
/ Broker-Dealer ,
Customer Information ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Employee Training ,
Incident Response Plans ,
Investment Adviser ,
Notice Requirements ,
OCIE ,
Opt-Outs ,
Personally Identifiable Information ,
Policies and Procedures ,
Popular ,
Privacy Policy ,
Regulation S-P ,
Risk Alert ,
Safeguards Rule ,
Securities and Exchange Commission (SEC) ,
Vendors
The EU General Data Protection Regulation (GDPR), which revised and sought to ensure greater harmonization of the European Union’s data protection framework, took effect in May 2018. Among the changes it introduced was the...more
2/21/2019
/ Cybersecurity ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Data Subjects Rights ,
EU ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
Goods or Services ,
International Data Transfers ,
Proposed Guidance
The 2018 California Consumer Privacy Act (CCPA) requires the California Attorney General’s Office (AGO) to promulgate regulations related to the CCPA by July 1, 2020. The AGO is holding seven public forums and accepting...more
2/7/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Privacy Laws ,
Public Comment ,
Public Forum ,
Rulemaking Process ,
State Attorneys General
This client alert will briefly outline key upcoming deadlines under the New York State Department of Financial Services (DFS) Cybersecurity Regulation (the “Regulation”). These include annual filing deadlines coming up in...more
1/31/2019
/ Certificates of Compliance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Due Diligence ,
Encryption ,
Exemptions ,
Filing Deadlines ,
NYDFS ,
Policies and Procedures ,
Risk Assessment ,
Third-Party Service Provider ,
Vendors
The 2018 California Consumer Privacy Act (CCPA) requires the California Attorney General’s Office (AGO) to promulgate regulations related to the CCPA by July 1, 2020. The AGO is holding a series of public forums and accepting...more
1/29/2019
/ Comment Period ,
Consumer Privacy Rights ,
Consumer Protection Act ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Non-Discrimination Rules ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Public Comment ,
Public Forum ,
Rulemaking Process ,
Safe Harbors ,
State Attorneys General
• Non-profit organizations are testing companies’ GDPR compliance through targeted requests for information and other means and are filing complaints against allegedly non-compliant companies.
• Main areas for non-profit...more
1/28/2019
/ Australia ,
CNIL ,
Cybersecurity ,
Data Collection ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
Google ,
International Data Transfers ,
Nonprofits ,
Personal Data ,
Popular ,
Request For Information
The 2018 California Consumer Privacy Act (CCPA) requires the California Attorney General’s Office (AGO) to promulgate regulations related to the CCPA by July 1, 2020. The AGO is holding a series of six public forums and...more
1/16/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Privacy Laws ,
Public Comment ,
Public Forum ,
Rulemaking Process ,
State Attorneys General
The Department of Defense (DOD) and its component services and agencies are taking several independent steps to assess and enhance their cyber and supply chain security that will directly or indirectly affect DOD contractors...more
12/20/2018
/ Airlines ,
Aviation Industry ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Defense (DOD) ,
Department of Homeland Security (DHS) ,
DFARS ,
Federal Acquisition Regulations (FAR) ,
Federal Agency Taskforce ,
Federal Contractors ,
Final Guidance ,
General Services Administration (GSA) ,
Government Agencies ,
Memorandum of Understanding ,
NIST ,
Popular ,
Subcontractors ,
Supply Chain ,
Technology Sector ,
Transportation Industry ,
TSA ,
U.S. Navy
• The SEC issued guidance in the form of a rare “21(a) report” this week after investigating a series of email frauds impacting 9 unnamed companies.
• These email-based frauds, referred to as “CEO scams” or “vendor scams,”...more
10/19/2018
/ Accounting Controls ,
Business E-Mail Compromise (BEC) ,
CEOs ,
Corporate Finance ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Email ,
Enforcement Actions ,
Internal Controls ,
New Guidance ,
Policies and Procedures ,
Popular ,
Publicly-Traded Companies ,
Scams ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act ,
Spoofing ,
Wire Fraud
• The California Legislature passed SB 1121 to revise certain sections of the CCPA – the nation’s strictest privacy protection statute which provides Californians with a right to learn what personal information certain...more
9/10/2018
/ California Consumer Privacy Act (CCPA) ,
Civil Monetary Penalty ,
CMIA ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Enforcement ,
Exemptions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Records ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Private Right of Action ,
Time Extensions
• DoD and other government agencies will scrutinize contractors’ supply chain security plans and programs from proposal submission to contract closeout.
• The 2019 NDAA as approved by Congress and DHS initiatives highlight...more
8/22/2018
/ Acquisitions ,
Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Defense (DOD) ,
Department of Homeland Security (DHS) ,
Federal Contractors ,
Goods or Services ,
Government Agencies ,
National Security ,
NDAA ,
Popular ,
Risk Assessment ,
Risk Management ,
Software ,
Strategic Planning ,
Supply Chain
On September 1, 2018, five new requirements included in the New York State Department of Financial Services’ (DFS) Cybersecurity Regulation go into effect – (1) audit trails, (2) application security, (3) data disposal...more
8/13/2018
/ Audit Reports ,
Covered Entities ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Encryption ,
NYDFS ,
Policies and Procedures ,
Popular ,
Recordkeeping Requirements ,
Risk Management ,
State Data Breach Notification Statutes
• California recently passed the landmark California Consumer Privacy Act that goes into effect in 2020, which grants California residents new privacy rights.
• The CCPA creates a private right of action for California...more
7/9/2018
/ Attorney General ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Rights ,
Data Security ,
Disclosure Requirements ,
Encryption ,
Enforcement Actions ,
Governor Brown ,
New Legislation ,
Notice Requirements ,
Opt-Outs ,
Penalties ,
Personal Data ,
Personally Identifiable Information ,
Private Right of Action ,
Right to Delete ,
Third-Party Service Provider ,
Transparency
• California’s new regulations lay out the requirements for manufacturers to obtain permits to test and deploy autonomous-vehicles on public roads. The regulations enable manufacturers to test fully driverless vehicles and...more
3/13/2018
/ Automotive Industry ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
DMV ,
Driverless Cars ,
Innovation ,
Manufacturers ,
New Regulations ,
NHTSA ,
Office of Administrative Law ,
Permits ,
Personally Identifiable Information ,
Registration Requirement ,
Roads ,
Technology Sector
• Disclosures must inform investors about material cybersecurity risks and incidents, including addressing material cybersecurity risks for cyber-attacks that have not yet occurred.
• Comprehensive policies and procedures...more
3/1/2018
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Financial Statements ,
Insider Trading ,
Investors ,
Materiality ,
MD&A Statements ,
New Guidance ,
Non-Public Information ,
Policies and Procedures ,
Regulation FD ,
Risk Assessment ,
Securities and Exchange Commission (SEC)
On February 13-14, 2018, Advisen held a conference focused on exploring cyber risks and how companies can best move to address potential exposures. Below are key takeaways and trends discussed by the panelists....more
2/23/2018
/ Attorney-Client Privilege ,
Best Practices ,
Cloud Service Providers (CSPs) ,
Competition ,
Cybersecurity ,
Data Breach ,
EU ,
Federal Rule 12(b)(6) ,
General Data Protection Regulation (GDPR) ,
Insurance Industry ,
Netherlands ,
Notification Requirements ,
Professional Conferences ,
Reputational Injury
• NAIC recently adopted an Insurance Data Security Model Law that follows the risk assessment-based approach of the New York DFS Cybersecurity Regulation. This signals the growing influence of the New York Regulation,...more
11/1/2017
/ Cyber Insurance ,
Cybersecurity ,
Data Security ,
Department of Financial Services ,
Health Insurance Portability and Accountability Act (HIPAA) ,
National Association of Insurance Commissioners ,
Non-Public Information ,
Notification Requirements ,
Personally Identifiable Information ,
Reinsurance ,
Risk Assessment ,
The Model Law ,
Third-Party Service Provider
New York Financial Regulator to Enforce First-of-Its-Kind Cybersecurity Regulations in Coming Weeks -
On December 28, 2016, the New York Department of Financial Services (NYDFS) issued revised cybersecurity regulations...more