On October 27, 2021, Secretary of State Antony Blinken formally announced plans to modernize and reorient American diplomacy to meet the evolving demands of the 21st century. The State Department, in consultation with...more
Key Points -
On October 6, 2021, the DOJ announced two new initiatives: the Civil Cyber-Fraud Initiative and the National Cryptocurrency Enforcement Team.
The Civil Cyber-Fraud Initiative will fight rising cyber threats...more
10/13/2021
/ Cryptocurrency ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Department of Defense (DOD) ,
Department of Justice (DOJ) ,
DFARS ,
False Claims Act (FCA) ,
Federal Acquisition Regulations (FAR) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
NDAA ,
Popular ,
Supply Chain
On October 1, 2021, two Acts overhauling data privacy and cybersecurity in Connecticut took effect—the latest instance of stronger state breach reporting requirements with a safe harbor protection from litigation for...more
10/7/2021
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Notification Requirements ,
Personal Information ,
Popular ,
Safe Harbors ,
State Data Breach Notification Statutes
On September 27, 2021, all new contracts that involve cross-border personal data transfers must incorporate the updated standard contractual clauses (“New SCCs”) for controllers and processors. On June 4, 2021, the European...more
On September 8, 2021, U.S. Secretary of Commerce Secretary Gina Raimondo announced the establishment of the National Artificial Intelligence (AI) Advisory Committee (NAIAC or the “Committee”). The NAIAC will advise the...more
On August 30, 2021, the Securities and Exchange Commission announced three enforcement actions against registered investment advisers for alleged cybersecurity failures involving cloud-based email systems. All three actions...more
On August 20, 2021, the 30th session of the Standing Committee of the 13th National People’s Congress (NPC) adopted China’s new PRC Personal Information Protection Law (PIPL), which will take effect on November 1, 2021. The...more
8/27/2021
/ China ,
Criminal Liability ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Use Policies ,
International Data Transfers ,
National Security ,
Personal Information
Recent developments in the tech sector in China, including government directives concerning heightened regulatory scrutiny of tech companies listed or looking to list in the US or on exchanges in other overseas jurisdictions,...more
With the passage of the Colorado Privacy Act (CPA) during its latest legislative session, Colorado has become the third state to enact a comprehensive consumer data privacy law, following California and Virginia. Corporations...more
Key Points -
The U.S. Supreme Court held that all members of a certified class must demonstrate that they suffered a concrete harm—such as physical injury or monetary loss—to have Article III standing to recover damages in...more
6/30/2021
/ Article III ,
Class Action ,
Class Members ,
Credit Reporting Agencies ,
Credit Reports ,
Fair Credit Reporting Act (FCRA) ,
Injury-in-Fact ,
SCOTUS ,
Standing ,
TransUnion ,
TransUnion LLC v Ramirez
Through updated guidance, the UAE has introduced a significant change to how it administers sanctions regimes—expanding its focus from a limited implementation of multilateral sanctions to more broadly imposing its own...more
Key Points -
On June 9, President Biden signed an executive order (“EO”) revoking a series of Trump-era EOs targeting specific Chinese “connected software applications” (“apps”), including TikTok and WeChat.
The EO calls...more
6/23/2021
/ Biden Administration ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Department of Justice (DOJ) ,
Executive Orders ,
Foreign Adversaries ,
Mobile Apps ,
National Security ,
Personal Data ,
Popular ,
Supply Chain
Key Points -
The Supreme Court held that a former police officer did not violate the CFAA by “exceeding” his authorized access to a law enforcement database when he used the database to sell information because he was...more
Key Points -
On Wednesday, May 12, 2021, President Biden issued EO 14,028, “Improving the Nation’s Cybersecurity.” The EO sets out an ambitious schedule of reviews and rulemakings that portend significant changes in the...more
While some states have enacted privacy laws granting consumers the right to bring a private right of action in a data breach context, federal courts have struggled to fit data breach injury into traditional Article III...more
On April 14, 2021, the Department of Labor (DOL) issued its first set of guidance documents related to the cybersecurity of retirement benefit plans covered by the Employee Retirement Income Security Act (ERISA). The...more
On April 21, 2021, the European Commission (Commission) published its draft Regulation on Artificial Intelligence (AI). It follows the strategies outlined in the February 2020 Commission’s White Paper on AI. The draft...more
5/3/2021
/ Artificial Intelligence ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
European Commission ,
Popular ,
Proposed Regulation ,
Registration Requirement ,
Transparency
On April 14, 2021, the New York Department of Financial Services (DFS) announced it settled an enforcement action against National Securities Corporation (“National Securities”) related to claims under the Cybersecurity...more
The California Supreme Court overturned the California Court of Appeals to hold that a party to a phone call can violate California Penal Code section 632.7 by recording the conversation without the consent of the other...more
In this episode, Akin Gump cybersecurity, privacy and data protection practice co-heads Natasha Kohne and Michelle Reed, and counsel Molly Whitman discuss the firm’s new 2020 CCPA Litigation Annual Report and its...more
4/7/2021
/ California Consumer Privacy Act (CCPA) ,
Class Action ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Defense Strategies ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action
On March 12, 2021, United Kingdom’s (UK) Digital Secretary Oliver Dowden announced the UK’s forthcoming National Artificial Intelligence (AI) Strategy as he set out his Ten Tech Priorities. The Strategy, which is due to be...more
On March 2, 2021, the Governor of Virginia signed the Virginia Consumer Data Protection Act (CDPA) into law, which goes into effect on January 1, 2023. The law applies only to businesses with large amounts of consumer data...more
The U.S. Food and Drug Administration (FDA) announced that the newly-created post of Acting Director of Medical Device Security has been filled by Kevin Fu, a University of Michigan associate professor and founder of the...more
In ongoing multidistrict litigation concerning Capital One’s 2019 data breach, Capital One succeeded in defeating a motion to compel disclosure of a privileged root cause analysis conducted by PwC. In contrast to an earlier...more
3/1/2021
/ Attorney-Client Privilege ,
Capital One ,
Cybersecurity ,
Data Breach ,
Discovery ,
FBI ,
Forensic Examination ,
Motion to Compel ,
Multidistrict Litigation ,
Popular ,
Privileged Communication ,
Work-Product Doctrine
In an unusual departure from prior settlements, the Federal Trade Commission (FTC) has required a company to delete the facial recognition algorithm that was allegedly developed using improperly obtained user consent....more