• On May 16, 2019, the California Senate Appropriations Committee held Senate Bill 561 (SB-561) in committee, likely blocking its passage this term.
• SB-561, co-authored by the California Attorney General, would have...more
• The SEC released a Risk Alert summarizing key areas in which it continues to see compliance deficiencies related to Regulation S-P, the primary SEC rule regarding privacy notices and safeguard policies of investment...more
4/29/2019
/ Broker-Dealer ,
Customer Information ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Employee Training ,
Incident Response Plans ,
Investment Adviser ,
Notice Requirements ,
OCIE ,
Opt-Outs ,
Personally Identifiable Information ,
Policies and Procedures ,
Popular ,
Privacy Policy ,
Regulation S-P ,
Risk Alert ,
Safeguards Rule ,
Securities and Exchange Commission (SEC) ,
Vendors
• On January 25, 2019, the Illinois Supreme Court issued a decision interpreting the Biometric Information Privacy Act (BIPA) in the Rosenbach v. Six Flags Entertainment Corp. appeal. The court ruled that a plaintiff does not...more
1/29/2019
/ Actual Injuries ,
Appeals ,
Biometric Information ,
Biometric Information Privacy Act ,
Consent ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Retention ,
Fingerprints ,
IL Supreme Court ,
Injunctive Relief ,
Liquidated Damages ,
Personally Identifiable Information ,
Private Right of Action ,
Putative Class Actions ,
Standing ,
Statutory Interpretation ,
Statutory Violations
• The SEC issued guidance in the form of a rare “21(a) report” this week after investigating a series of email frauds impacting 9 unnamed companies.
• These email-based frauds, referred to as “CEO scams” or “vendor scams,”...more
10/19/2018
/ Accounting Controls ,
Business E-Mail Compromise (BEC) ,
CEOs ,
Corporate Finance ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Email ,
Enforcement Actions ,
Internal Controls ,
New Guidance ,
Policies and Procedures ,
Popular ,
Publicly-Traded Companies ,
Scams ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act ,
Spoofing ,
Wire Fraud
• The California Legislature passed SB 1121 to revise certain sections of the CCPA – the nation’s strictest privacy protection statute which provides Californians with a right to learn what personal information certain...more
9/10/2018
/ California Consumer Privacy Act (CCPA) ,
Civil Monetary Penalty ,
CMIA ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Enforcement ,
Exemptions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Records ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Private Right of Action ,
Time Extensions
• California recently passed the landmark California Consumer Privacy Act that goes into effect in 2020, which grants California residents new privacy rights.
• The CCPA creates a private right of action for California...more
7/9/2018
/ Attorney General ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Rights ,
Data Security ,
Disclosure Requirements ,
Encryption ,
Enforcement Actions ,
Governor Brown ,
New Legislation ,
Notice Requirements ,
Opt-Outs ,
Penalties ,
Personal Data ,
Personally Identifiable Information ,
Private Right of Action ,
Right to Delete ,
Third-Party Service Provider ,
Transparency
• Disclosures must inform investors about material cybersecurity risks and incidents, including addressing material cybersecurity risks for cyber-attacks that have not yet occurred.
• Comprehensive policies and procedures...more
3/1/2018
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Financial Statements ,
Insider Trading ,
Investors ,
Materiality ,
MD&A Statements ,
New Guidance ,
Non-Public Information ,
Policies and Procedures ,
Regulation FD ,
Risk Assessment ,
Securities and Exchange Commission (SEC)
On February 13-14, 2018, Advisen held a conference focused on exploring cyber risks and how companies can best move to address potential exposures. Below are key takeaways and trends discussed by the panelists....more
2/23/2018
/ Attorney-Client Privilege ,
Best Practices ,
Cloud Service Providers (CSPs) ,
Competition ,
Cybersecurity ,
Data Breach ,
EU ,
Federal Rule 12(b)(6) ,
General Data Protection Regulation (GDPR) ,
Insurance Industry ,
Netherlands ,
Notification Requirements ,
Professional Conferences ,
Reputational Injury
On August 15, 2017, the 9th Circuit, in Thomas Robins v. Spokeo, Inc., reversed the district court’s dismissal of an action alleging willful violations of the Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681 et seq. The 9th...more
8/21/2017
/ Appeals ,
Article III ,
Credit Reports ,
Data Breach ,
Determination on Remand ,
Fair Credit Reporting Act (FCRA) ,
Imminent Harm ,
Injury-in-Fact ,
Ripeness ,
SCOTUS ,
Split of Authority ,
Spokeo v Robins ,
Standard of Review ,
Standing ,
Statutory Violations
The hurdles for claims against directors for failed oversight in connection with data breaches continue to increase. On July 7, 2016, District of Minnesota Judge Paul Magnuson released derivative claims against top Target...more
The SEC has taken a new enforcement action, demonstrating its expectations of industry and the willingness to use the variety of tools at its disposal to address concerns with cybersecurity previously signaled by an...more
The Target data breach has been the source of countless discussions of what to do and what not to do following a data breach. A recent ruling from the federal district court overseeing the consumer class action provides...more
If you read one thing:
- The Federal Trade Commission (FTC) secured a major appellate victory in its quest to challenge lax corporate cybersecurity practices
- In light of the 3rd Circuit’s decision,...more
9/1/2015
/ Appeals ,
Cybersecurity ,
Data Breach ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC Act ,
FTC v Wyndham ,
Hotels ,
Section 5 ,
Security and Privacy Controls ,
Strategic Enforcement Plan ,
Unfair or Deceptive Trade Practices ,
Wyndham
On July 20, 2015, the U.S. Court of Appeals for the 7th Circuit issued an opinion that could dramatically change the class action landscape for companies that are victims of hackers. In Remijas v. Neiman Marcus Gp., the 7th...more
The recent hacking of the sensitive personal information of millions of American public servants at the Office of Personnel Management (OPM) points out a noteworthy distinction in how the U.S. government views some types of...more
On June 4, 2015, the U.S. Office of Personnel Management (OPM) announced that it was the victim of a data breach in which records of more than four million current and former agency employees were accessed. According to the...more
A new study released on May 7, 2015, by the Ponemon Institute revealed that criminal cyberattacks on health care organizations were the most prevalent cause of data breaches in 2014. The report underscores the need to think...more
On Thursday, just three months after a district court judge in Minnesota denied Target’s motion to dismiss the consumer class action following the retailer’s massive 2013 data breach, the court granted preliminary approval of...more
On Thursday, March 12, 2015, House Energy & Commerce Subcommittee on Commerce, Manufacturing, and Trade Chairman Michael Burgess (R-TX), along with Reps. Marsha Blackburn (R-TN) and Peter Welch (D-VT), released draft text of...more
Tuesday, the House Energy & Commerce Subcommittee on Commerce, Manufacturing, and Trade held its first hearing of the 114th Congress, entitled “What Are the Elements of Sound Data Breach Legislation?”...more