The European Commission recently published two highly anticipated draft documents to facilitate data transfers. The first was the new, updated and modernised standard contractual clauses (“New SCCs”) for the transfer of...more
Last month, the Department of the Treasury and the Federal Reserve System issued a joint notice of proposed rulemaking, available here, requiring banking organizations to provide notification no later than 36 hours after a...more
A data analytics company for the mortgage industry is facing allegations of violating the Gramm-Leach Bliley Act (GLBA), stemming from a data breach of a third-party vendor. In its complaint, the Federal Trade Commission...more
The U.S. Supreme Court granted review last week in TransUnion LLC v. Ramirez, which presents the question of whether Article III or Rule 23 of the Federal Rules of Civil Procedure permits a damages class action where most...more
12/23/2020
/ Article III ,
Class Certification ,
Class Members ,
Class Representatives ,
Fair Credit Reporting Act (FCRA) ,
FRCP 23 ,
Injury-in-Fact ,
Office of Foreign Assets Control (OFAC) ,
Petition for Writ of Certiorari ,
Standing ,
TransUnion
On November 10, 2020, the recently established Taskforce of the European Data Protection Board (EDPB), a body consisting of representatives of all the Data Protection Authorities (DPAs) in the European Economic Area (EEA),...more
On Wednesday, December 9, the Senate Commerce, Science and Transportation Committee held a hearing titled “The Invalidation of the EU-U.S. Privacy Shield and the Future of Transatlantic Data Flows.” During the hearing, both...more
On Friday, December 4, 2020, President Donald Trump signed H.R. 1668, the Internet of Things (IoT) Cybersecurity Improvement Act of 2020, into law. The measure, which was approved by the House of Representatives in September...more
On November 19, 2020, the Abu Dhabi Global Market (ADGM), a financial free-zone in the United Arab Emirates (UAE), announced the issuance of a public consultation paper on its proposed new Data Protection Regulations 2020...more
In August, Viacom and a number of other app developers and ad-tech companies reached a settlement with parents who had alleged that the companies were illegally selling children’s personal information for behavioral...more
12/7/2020
/ Advertising ,
App Developers ,
Behavioral Advertising ,
COPPA ,
Cybersecurity ,
Data Collection ,
Federal Trade Commission (FTC) ,
Mobile Apps ,
Online Safety for Children ,
Settlement Agreements ,
State Law Claims ,
State Privacy Laws ,
Unfair Competition Law (UCL)
On Tuesday, November 17, the Senate passed H.R. 1668, the Internet of Things (IoT) Cybersecurity Improvement Act of 2020, by unanimous consent. The bill, which previously passed the House of Representatives in September after...more
Voters in Massachusetts overwhelmingly approved a ballot initiative that gives independent mechanics greater access to vehicle data, a move that vehicle manufacturers have foreshadowed could have significant cyber and privacy...more
11/18/2020
/ Auto Repair Regulations ,
Automotive Industry ,
Ballot Measures ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Motor Vehicles ,
Popular ,
Right to Repair ,
Telematics
The newly passed Proposition 24, the California Privacy Rights Act (CPRA), represents the second time in two years that California has instituted a comprehensive privacy statute that fundamentally changes data privacy...more
In early October, the United States Department of Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory, warning of the potential risk of sanctions to companies and individuals who pay ransomware payments. The...more
11/2/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Insurance ,
Cybersecurity ,
Economic Sanctions ,
Financial Institutions ,
Foreign Policy ,
Hackers ,
Office of Foreign Assets Control (OFAC) ,
Ransomware ,
Risk Management ,
Risk-Based Approaches ,
Sanction Violations
The California Attorney General surprised companies by issuing new guidance for the California Consumer Privacy Act (CCPA) compliance, reflecting likely compliance missteps by companies. On Tuesday October 12, 2020, the...more
10/16/2020
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Notice Requirements ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Policy ,
Proposed Regulation ,
Public Comment ,
State Attorneys General
United Kingdom, French and Belgian national security laws (and such laws of other EU Member States) fell under the scrutiny of the Court of Justice of the European Union (CJEU), which on October 6, 2020, ruled on whether such...more
10/14/2020
/ Consumer Privacy Rights ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Retention ,
Data Security ,
Electronic Communications ,
EU ,
General Data Protection Regulation (GDPR) ,
Member State ,
National Security ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
UK
On September 29, 2020, Gov. Gavin Newsom signed the California Consumer Privacy Act (CCPA) Sunset Extension Bill, AB-1281, which extends the business to business (B2B) and employee exemptions to the CCPA which were set to...more
On October 1, 2020, the three-month grace period for businesses to comply with the Dubai International Financial Centre (DIFC) Data Protection Law (DIFC Law No. 5 of 2020) (“DPL 2020”) came to an end. Regulating the...more
10/2/2020
/ California Consumer Privacy Act (CCPA) ,
Consent ,
Cybersecurity ,
Data Breach ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Security ,
Data Subjects Rights ,
DIFC ,
Dubai ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Notice Requirements ,
Penalties ,
Personal Data ,
Popular
The U.S. Department of Commerce, Department of Justice, and Office of the Director of National Intelligence have prepared a White Paper providing a detailed discussion and analysis of the July 16th Data Protection...more
10/1/2020
/ Court of Justice of the European Union (CJEU) ,
Data Protection ,
Department of Justice (DOJ) ,
Departments of Commerce ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Standard Contractual Clauses ,
White Papers
The City Council of Portland, Oregon unanimously passed a ban on facial recognition, set to take effect in January 2021. The Portland ban is currently the strongest in the United States, preventing not only government...more
The Federal Data Protection and Information Commissioner (FDPIC) has determined that the Swiss-United States Privacy Shield does not provide an adequate level of data protection for data transfers from Switzerland to the U.S....more
9/30/2020
/ Binding Corporate Rules ,
Data Privacy ,
Data Protection ,
Data Security ,
Encryption ,
EU-US Privacy Shield ,
International Data Transfers ,
Personally Identifiable Information ,
Risk Assessment ,
Standard Contractual Clauses ,
Swiss Privacy Shield ,
Switzerland
On Thursday, September 17, Senate Commerce Committee Chairman Roger Wicker (R-MS) and other Committee Republicans introduced a finalized version of their long-awaited data privacy legislation, which was first unveiled as a...more
9/22/2020
/ Consumer Privacy Rights ,
Data Privacy ,
Data Processors ,
Data Transfers ,
Federal Trade Commission (FTC) ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Prior Express Consent ,
Privacy Laws ,
Private Right of Action ,
Proposed Legislation
- In ongoing multidistrict litigation concerning Capital One’s 2019 data breach, Capital One succeeded in defeating a motion to compel disclosure of a privileged root cause analysis conducted by PwC.
- In contrast to an...more
9/21/2020
/ Best Practices ,
Capital One ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Forensic Examination ,
Motion to Compel ,
Multidistrict Litigation ,
Popular ,
Privileged Communication ,
Privileged Documents ,
Work-Product Doctrine
On August 30 the California Consumer Privacy Act (CCPA) Sunset Extension Bill, AB-1281, passed 63-0. The bill, which was introduced in early 2019, has passed through committee and chambers in the state of California,...more
9/14/2020
/ B2B Organizations ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Subjects Rights ,
Employee Privacy Rights ,
Exemptions ,
New Legislation ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws
Whatever your business—whether you are a government entity in charge of mega projects, an oil and gas major responsible for energy security, an investor looking at new investments, managing existing positions or planning...more
Whatever your business—whether you are a government entity in charge of mega projects, an oil and gas major responsible for energy security, an investor looking at new investments, managing existing positions or planning...more