Key Points -
On June 9, President Biden signed an executive order (“EO”) revoking a series of Trump-era EOs targeting specific Chinese “connected software applications” (“apps”), including TikTok and WeChat.
The EO calls...more
6/23/2021
/ Biden Administration ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Department of Justice (DOJ) ,
Executive Orders ,
Foreign Adversaries ,
Mobile Apps ,
National Security ,
Personal Data ,
Popular ,
Supply Chain
While some states have enacted privacy laws granting consumers the right to bring a private right of action in a data breach context, federal courts have struggled to fit data breach injury into traditional Article III...more
On April 14, 2021, the Department of Labor (DOL) issued its first set of guidance documents related to the cybersecurity of retirement benefit plans covered by the Employee Retirement Income Security Act (ERISA). The...more
On April 21, 2021, the European Commission (Commission) published its draft Regulation on Artificial Intelligence (AI). It follows the strategies outlined in the February 2020 Commission’s White Paper on AI. The draft...more
5/3/2021
/ Artificial Intelligence ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
European Commission ,
Popular ,
Proposed Regulation ,
Registration Requirement ,
Transparency
The U.S. Food and Drug Administration (FDA) announced that the newly-created post of Acting Director of Medical Device Security has been filled by Kevin Fu, a University of Michigan associate professor and founder of the...more
In ongoing multidistrict litigation concerning Capital One’s 2019 data breach, Capital One succeeded in defeating a motion to compel disclosure of a privileged root cause analysis conducted by PwC. In contrast to an earlier...more
3/1/2021
/ Attorney-Client Privilege ,
Capital One ,
Cybersecurity ,
Data Breach ,
Discovery ,
FBI ,
Forensic Examination ,
Motion to Compel ,
Multidistrict Litigation ,
Popular ,
Privileged Communication ,
Work-Product Doctrine
On Friday, December 4, 2020, President Donald Trump signed H.R. 1668, the Internet of Things (IoT) Cybersecurity Improvement Act of 2020, into law. The measure, which was approved by the House of Representatives in September...more
On November 19, 2020, the Abu Dhabi Global Market (ADGM), a financial free-zone in the United Arab Emirates (UAE), announced the issuance of a public consultation paper on its proposed new Data Protection Regulations 2020...more
On Tuesday, November 17, the Senate passed H.R. 1668, the Internet of Things (IoT) Cybersecurity Improvement Act of 2020, by unanimous consent. The bill, which previously passed the House of Representatives in September after...more
Voters in Massachusetts overwhelmingly approved a ballot initiative that gives independent mechanics greater access to vehicle data, a move that vehicle manufacturers have foreshadowed could have significant cyber and privacy...more
11/18/2020
/ Auto Repair Regulations ,
Automotive Industry ,
Ballot Measures ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Motor Vehicles ,
Popular ,
Right to Repair ,
Telematics
The newly passed Proposition 24, the California Privacy Rights Act (CPRA), represents the second time in two years that California has instituted a comprehensive privacy statute that fundamentally changes data privacy...more
On October 1, 2020, the three-month grace period for businesses to comply with the Dubai International Financial Centre (DIFC) Data Protection Law (DIFC Law No. 5 of 2020) (“DPL 2020”) came to an end. Regulating the...more
10/2/2020
/ California Consumer Privacy Act (CCPA) ,
Consent ,
Cybersecurity ,
Data Breach ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Security ,
Data Subjects Rights ,
DIFC ,
Dubai ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Notice Requirements ,
Penalties ,
Personal Data ,
Popular
- In ongoing multidistrict litigation concerning Capital One’s 2019 data breach, Capital One succeeded in defeating a motion to compel disclosure of a privileged root cause analysis conducted by PwC.
- In contrast to an...more
9/21/2020
/ Best Practices ,
Capital One ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Forensic Examination ,
Motion to Compel ,
Multidistrict Litigation ,
Popular ,
Privileged Communication ,
Privileged Documents ,
Work-Product Doctrine
- The OCIE of the SEC highlights that responses to COVID-19 present important regulatory and compliance issues for SEC registrants, including “heightened risks of misconduct” tied to recent market volatility.
- The Risk...more
8/21/2020
/ Asset Management ,
Broker-Dealer ,
Business Continuity Plans ,
Business Operations ,
Compliance ,
Conflicts of Interest ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Protection ,
Fees ,
Financial Transactions ,
Investment Adviser ,
Investment Fraud ,
Investment Management ,
Investors ,
OCIE ,
Personally Identifiable Information ,
Policies and Procedures ,
Popular ,
Remote Working ,
Risk Alert ,
Securities and Exchange Commission (SEC) ,
Supervision
Massachusetts Attorney General (AG) Maura Healey announced the creation of a Data Privacy and Security Division, focusing on protecting consumers from privacy and security breaches and threats. AG Healey named Sara Cable as...more
8/20/2020
/ Consumer Privacy Rights ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Equal Access ,
Internet ,
Personal Data ,
Popular ,
Privacy Laws ,
State Attorneys General
On March 5, 2020, Gov. Phil Scott (VT-R) signed into law amendments to the Security Breach Notice Act (the “Act”). The amendments, which originated in the State Senate as part of an initiative addressing a number of data...more
8/10/2020
/ Amended Legislation ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Governor Scott ,
New Guidance ,
Notice Requirements ,
Personally Identifiable Information ,
Popular ,
State Attorneys General
- In the age of broad corporate teleworking brought on by COVID-19, OCIE of the SEC has observed during recent examinations that investment advisers, broker-dealers and investment companies are subject to an increased threat...more
7/16/2020
/ Broker-Dealer ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Financial Services Industry ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Incident Response Plans ,
Investment Management ,
Malware ,
OCIE ,
Popular ,
Ransomware ,
Risk Alert ,
Securities and Exchange Commission (SEC)
On February 19, 2020, the European Commission (Commission) published proposals for the regulation of Artificial Intelligence (AI) with potentially far-reaching implications both for users and developers worldwide. The...more
3/11/2020
/ Artificial Intelligence ,
Corporate Counsel ,
EU ,
European Commission ,
Legislative Agendas ,
New Legislation ,
Popular ,
Regulatory Agenda ,
Research and Development ,
Technology Sector ,
White Papers
Key Points
- AV 4.0 provides a unified overview of the U.S. government’s involvement in AV policy and development. It shifts federal AV guidance toward a multi-agency, coordinated effort led by the White House.
- The new...more
1/14/2020
/ 5G Network ,
Automotive Industry ,
Cybersecurity ,
Department of Transportation (DOT) ,
Driverless Cars ,
Government Agencies ,
Intellectual Property Protection ,
New Guidance ,
Popular ,
Regulatory Oversight ,
Safety Standards
• In October, the House Energy and Commerce Committee and the Senate Commerce, Science and Transportation Committee unveiled a partial discussion draft of autonomous vehicle (AV) legislation. The draft text addresses safety...more
11/25/2019
/ Automotive Industry ,
Cybersecurity ,
Department of Transportation (DOT) ,
Driverless Cars ,
Legislative Agendas ,
Motor Vehicles ,
NHTSA ,
NTSB ,
Popular ,
Proposed Legislation ,
Safety Standards ,
SCC
With the expansion of privacy legislation—from the General Data Protection Regulation (GDPR) in Europe to the coming California Consumer Privacy Act (CCPA) in the United States—cyber liability insurance is taking on increased...more
11/4/2019
/ California Consumer Privacy Act (CCPA) ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Denial of Insurance Coverage ,
Incident Response Plans ,
Insurance Contracts ,
Insurance Litigation ,
Liability Insurance ,
Litigation Fees & Costs ,
Policies and Procedures ,
Popular ,
Privacy Laws ,
Private Right of Action ,
Risk Mitigation ,
Third-Party Liability
On October 7, the Federal Trade Commission (FTC or the “Commission”) brought together privacy and technology stakeholders for a public workshop aimed at informing updates to regulations promulgated under the Children’s Online...more
10/23/2019
/ Behavioral Advertising ,
California Consumer Privacy Act (CCPA) ,
COPPA ,
Cybersecurity ,
Data Collection ,
Data Security ,
Federal Trade Commission (FTC) ,
FERPA ,
General Data Protection Regulation (GDPR) ,
Online Advertisements ,
Online Safety for Children ,
Parental Consent ,
Personally Identifiable Information ,
Popular ,
Privacy Concerns ,
Public Comment ,
Public Workshops ,
Safe Harbors ,
Website Owner Liability
Data protection authorities (DPAs) in the European Union (EU) continue to scrutinize practices in the adtech sector for compliance with the EU’s General Data Protection Regulation (GDPR) and local data protection and...more
8/6/2019
/ Cookies ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Subjects Rights ,
Data Use Policies ,
Electronic Communications ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marketing ,
Notice Requirements ,
Online Advertisements ,
Personal Data ,
Popular
• New York recently enacted the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, which expands data breach notification requirements and imposes new data security obligations on businesses that own, license or,...more
8/5/2019
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Governor Cuomo ,
HIPAA Breach ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
SHIELD Act ,
State Data Breach Notification Statutes
A year ago, on May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) came into force. With its extraterritorial scope and detailed requirements, the GDPR aimed to change the approach to personal data...more
5/31/2019
/ Consent ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Security ,
Data Subjects Rights ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular ,
Regulatory Oversight ,
Regulatory Standards ,
Telemarketing