Consistent with a growing national trend, Virginia joined California in recently passing consumer privacy legislation with broad national reach. Both the Virginia Consumer Data Protection Act ...more
4/8/2021
/ California Consumer Privacy Act (CCPA) ,
CDPA ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Personal Data ,
Personally Identifiable Information ,
Popular
Ransomware threats and attacks dominated the cyber news cycle in 2020 and into 2021. With the global pandemic and the uptick in remote work and learning, cybercriminals and nation-state hackers have seized on vulnerabilities...more
2/10/2021
/ Cryptocurrency ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Hackers ,
NYDFS ,
Office of Foreign Assets Control (OFAC) ,
Popular ,
Ransomware ,
Risk Management ,
Underwriting
2020 has been a busy year in privacy law both domestically and around the globe. Some of the most striking developments included enforcement of the California Consumer Privacy Act (CCPA) and passage of the California Privacy...more
1/4/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
Information Governance ,
Personal Data ,
Popular ,
SHIELD Act
On Nov. 11, 2020, the European Data Protection Board (EDPB) published eagerly anticipated guidance in the wake of the July 2020 European Court of Justice’s (ECJ) decision in Schrems II, outlining a process for ensuring data...more
11/23/2020
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The California Consumer Privacy Act (CCPA) created groundbreaking new rules for how businesses must handle California consumers’ personal data and spurred proposals for similar legislation across the country. ...more
11/12/2020
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Sellers ,
Data-Sharing ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Right to Delete ,
Right To Know ,
State and Local Government
On Oct. 30, 2020, the United Kingdom’s data protection authority, the Information Commissioner’s Office (ICO), in connection with France’s Commission nationale de l’informatique et des libertés (CNIL), announced the largest...more
11/5/2020
/ British Airways ,
CNIL ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Enforcement Actions ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marriott ,
Popular
This past July, a decision by the European Court of Justice (ECJ) struck down the European Union-United States Privacy Shield framework (EU-U.S. Privacy Shield), one mechanism through which companies could transfer personal...more
10/1/2020
/ Binding Corporate Rules ,
Breach of Contract ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Court of Justice (ECJ) ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Agenda ,
Standard Contractual Clauses ,
Switzerland
The Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) has published a risk alert, warning SEC-registered investment advisers, brokers and dealers about the increasing use of...more
10/1/2020
/ Broker-Dealer ,
Cyber Attacks ,
Cybersecurity ,
Data Protection ,
Financial Institutions ,
Investment Adviser ,
OCIE ,
Regulation S-ID ,
Regulation S-P ,
Risk Alert ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
Data privacy compliance emerged as a top-tier issue for businesses across the globe with the implementation of new laws with broad scope and sweeping coverage, including the EU’s General Data Protection Regulation (GDPR),...more
8/3/2020
/ Ballot Measures ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
State and Local Government
Certain provisions of the New York Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) recently took effect in the state of New York. The act was signed into law by the governor in July 2019, and its data breach...more
On April 13, the New York State Department of Financial Services (DFS) issued guidance to its regulated institutions on how to manage cyber-risks connected to remote working, amid a “significant” increase in cybercrime...more
At the end of January, the U.S. Securities and Exchange’s Office of Compliance Inspections and Examinations (OCIE) released its “Observations on Cybersecurity and Resiliency Practices” (Observations)....more
2/13/2020
/ Best Practices ,
Bring Your Own Device (BYOD) ,
Business Continuity Plans ,
C-Suite Executives ,
Corporate Governance ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Data Loss Prevention ,
Data Management ,
Data Protection ,
Denial of Service Attacks ,
Disclosure Requirements ,
Incident Response Plans ,
Malware ,
Mobile Device Management ,
Mobile Devices ,
OCIE ,
Policies and Procedures ,
Popular ,
Ransomware ,
Regulatory Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Third-Party Liability ,
Vendors
California’s Consumer Privacy Act (CCPA) went into effect on Jan. 1, 2020. While the CCPA has been interpreted as primarily targeting technology companies and data brokers, it has broad reach and applies to any business that...more
1/29/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Risk Management ,
State and Local Government
The Cayman Islands recently implemented data protection legislation similar to that adopted elsewhere in the world, including the EU’s General Data Protection Regulation (GDPR). The GDPR forced many businesses outside its...more
11/1/2019
/ Breach Notification Rule ,
Cayman Islands ,
Cybersecurity ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Investment Adviser ,
Investment Management ,
New Legislation ,
Personal Data ,
Private Investment Funds
New York is gearing up to enact some of the toughest cybersecurity, privacy and data protection laws in the country. Modeled on the European Union’s General Data Protection Regulation (GDPR) and the California Consumer...more
7/18/2019
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Legislative Agendas ,
Notification Requirements ,
Pending Legislation ,
Personal Data ,
Personally Identifiable Information ,
SHIELD Act ,
State and Local Government ,
State Data Breach Notification Statutes
This Update highlights key legal and policy developments in cybersecurity and privacy law that may impact important trends for 2019 and beyond. A central takeaway from 2018 is that regulators in the U.S. and abroad are...more
1/28/2019
/ California Consumer Privacy Act (CCPA) ,
Carpenter v US ,
CLOUD Act ,
Cybersecurity ,
Data Breach ,
Data Protection ,
EU ,
Facebook ,
General Data Protection Regulation (GDPR) ,
Google ,
Hackers ,
International Data Transfers ,
Marriott ,
Microsoft ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Power Plants ,
Risk Management ,
Russia ,
Securities and Exchange Commission (SEC) ,
Stored Communications Act
On June 28, 2018, the California Consumer Privacy Act of 2018 (CCPA) was signed into law. The bill was drafted and passed quickly, just prior to a deadline for removing a similar initiative from the ballot that would have...more
On Feb. 21, the Securities and Exchange Commission (SEC) released interpretive guidance on public companies’ disclosure practices regarding cybersecurity breaches and risks to the public....more
3/1/2018
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Disclosure Requirements ,
Hackers ,
Insider Trading ,
Investment Adviser ,
New Guidance ,
Personally Identifiable Information ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC)
On Aug. 7, 2017, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) released a risk alert summarizing the results of its second cybersecurity preparedness examination. ...more
On August 7, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) released a Risk Alert summarizing the results of its second cybersecurity preparedness examination. The...more
While the Securities and Exchange Commission (SEC) has garnered significant attention for its increased efforts and focus on regulating and enforcing enhanced cybersecurity measures within the U.S. financial markets, the...more
Judge Trims Proposed Class Action Over Wendy’s Data Breach -
Torres v. Wendy’s Int’l, LLC, No. 16-cv-0210 (PGB) (DCI) (M.D. Fla. Mar. 21, 2017).
A U.S. district court judge in Florida trimmed a proposed class action...more
5/1/2017
/ Advertising ,
Article III ,
Background Checks ,
Class Action ,
Credit Cards ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Email ,
Fair Credit Reporting Act (FCRA) ,
Fast-Food Industry ,
Federal Trade Commission (FTC) ,
Google ,
Grocery Stores ,
Hackers ,
Hiring & Firing ,
Identity Theft ,
Injury-in-Fact ,
Job Applicants ,
Malware ,
Neiman Marcus ,
Phishing Scams ,
Point of Sale Terminals ,
Retail Market ,
Standing ,
Wendy's
OCIE Highlights Frequent Topics for Compliance Deficiencies for Investment Advisers -
On Feb. 7, 2017, the Securities and Exchange Commission’s (SEC’s) Office of Compliance Inspections and Examinations (“OCIE”) published...more
3/2/2017
/ Books & Records ,
Chief Compliance Officers ,
Covered Agreement ,
Custody Rule ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Enforcement Actions ,
Ethics ,
EU ,
Filing Requirements ,
Financial Institutions ,
Financial Services Industry ,
Form ADV ,
Insurance Industry ,
Investment Adviser ,
Investment Advisers Act of 1940 ,
NYDFS ,
OCIE ,
Registered Investment Companies (RICs) ,
Regulatory Oversight ,
Reinsurance ,
Risk Alert ,
Rule 204-2 ,
Securities and Exchange Commission (SEC) ,
Strict Compliance
Private Fund Advisers, Robo-Advisers, ETFs Among SEC, FINRA Exam Priorities for 2017 -
As the new year begins, U.S. regulators highlighted the areas – some new and some familiar – which will be the focus of their...more
2/2/2017
/ Bail-In Provisions ,
Bank Recovery and Resolution Directive (BRRD) ,
Banks ,
Benefit Plan Sponsors ,
Cybersecurity ,
Department of Financial Services ,
Employee Retirement Income Security Act (ERISA) ,
ETFs ,
EU ,
Financial Industry Regulatory Authority (FINRA) ,
Insurance Industry ,
Investment Adviser ,
NYDFS ,
Private Funds ,
SEC Examination Priorities ,
Securities and Exchange Commission (SEC)
On Dec. 28, 2016, the New York State Department of Financial Services (NYDFS) published a revised version of its “Cybersecurity Requirements for Financial Services Companies” (the “Regulations”). The revised Regulations...more
1/7/2017
/ Banks ,
Chief Information Security Officer (CISO) ,
Covered Entities ,
Cybersecurity ,
Data Retention ,
Delays ,
Department of Financial Services ,
Employee Training ,
Encryption ,
Financial Institutions ,
Incident Response Plans ,
Insurance Industry ,
Proposed Regulation ,
Risk Assessment ,
Third-Party Service Provider