Covered financial institutions now face heightened expectations in relation to cybersecurity governance, risk assessment, and incident reporting.
The New York State Department of Financial Services’ (DFS) amendments (the...more
Covered companies will need to take additional steps to comply with the law in light of the new obligations relating to consumer health data and minors under 18 years old.
On June 6, 2023, the Connecticut legislature...more
7/13/2023
/ Amended Legislation ,
Data Controller ,
Dating Services ,
Effective Date ,
Electronic Protected Health Information (ePHI) ,
Internet Retailers ,
Minors ,
Online Platforms ,
Personal Data ,
PHI ,
Social Media ,
State Privacy Laws ,
Websites
Cybersecurity incidents pose legal challenges for in-house counsel, alongside their technical implications. This overview highlights key aspects that legal departments must know when reacting to data breaches.
...more
The final decision of the Irish Data Protection Commission (IDPC) in relation to the transfers of EU/EEA Facebook user data by Meta Platforms Ireland Limited (Meta Ireland) to its processor, Meta Platforms, Inc., in the US...more
5/23/2023
/ Corporate Fines ,
Data Protection Authority ,
EU Data Protection Laws ,
European Commission ,
European Data Protection Board (EDPB) ,
Facebook ,
FISA ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Standard Contractual Clauses ,
Statutory Violations
The National Highway Traffic Safety Administration’s updated guidance encourages auto industry suppliers and manufacturers to consider cybersecurity a top organizational priority.
On September 9, 2022, the National...more
Companies should take steps now to prepare for the new rules and expectations.
The US government continues to expand regulatory requirements around notification and disclosure of major cyberattacks or incidents. ...more
President Biden signed an executive order to bolster the federal government’s cybersecurity posture on May 12. The order focuses on implementing vital improvements to networks of federal departments and agencies, many of...more
6/9/2021
/ Biden Administration ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Executive Orders ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Government Agencies ,
National Security ,
Notice Requirements ,
Risk Assessment ,
Risk Management
With the new administration poised to take office, public and private companies will need to consider how President Biden’s regulatory, enforcement, and legislative priorities will affect their businesses. During this...more
2/17/2021
/ Administrative Law Judge (ALJ) ,
Antitrust Provisions ,
Biden Administration ,
Broadband ,
CFIUS ,
Climate Change ,
Commodities ,
Congressional Oversight ,
Cybersecurity ,
Data Privacy ,
Energy Policy ,
Energy Sector ,
Environmental Policies ,
FCC ,
Health Care Providers ,
Investigations ,
Legislative Agendas ,
Life Sciences ,
Net Neutrality ,
Regulatory Agenda ,
Sanctions ,
Securities Regulation ,
White Collar Crimes
The European Commission has published draft updated standard contractual clauses in light of the Schrems II decision.
On 12 November 2020, the European Commission (the Commission) published a draft implementing decision,...more
12/8/2020
/ Data Controller ,
Data Processors ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
Personal Data ,
Public Consultations ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
The EDPB takes a strict approach in its recent guidance on international data transfers following Schrems II, posing a difficult challenge for businesses.
On 10 November, the European Data Protection Board (EDPB) released...more
Latham develops new resource to identify considerations for assessing SCC and BCR data transfers in Europe.
Following the Schrems II decision in July 2020, organisations relying on the standard contractual clauses (SCCs) or...more
Eliminating the risk of business email compromise (BEC) attacks requires all parties to a financial transaction to pay close attention to email security, financial controls, and communication protocols.
Key...more
2/21/2020
/ Cyber Threats ,
Department of Justice (DOJ) ,
Electronically Stored Information ,
Email ,
FBI ,
Financial Fraud ,
Financial Transactions ,
Fraud ,
Risk Management ,
Security and Privacy Controls ,
Wire Fraud
US regulators are calling attention to financial firms’ obligations to protect against evolving cybersecurity threats.
On October 2, 2019, the Financial Industry Regulatory Authority (FINRA) issued an information notice to...more
11/26/2019
/ Business E-Mail Compromise (BEC) ,
CFTC ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Financial Industry Regulatory Authority (FINRA) ,
Information Systems Security Program (ISSP) ,
National Futures Association ,
New Guidance
Ninth hearing on Competition and Consumer Protection in the 21st century highlights challenges of addressing persistent threats to data security.
On December 11 and 12, the Federal Trade Commission (the FTC or the...more
Seventh Hearing on Competition and Consumer Protection considers ethical, practical, and legal dimensions of artificial intelligence and machine learning.
On November 13 and 14, the Federal Trade Commission (FTC) held the...more
11/21/2018
/ Algorithms ,
Anti-Competitive ,
Antitrust Violations ,
Artificial Intelligence ,
Consumer Protection Laws ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Legislative Agendas ,
Popular ,
Regulatory Agencies ,
Technology Sector
Sixth hearing on Competition and Consumer Protection in the 21st Century features disagreement over FTC’s enforcement priorities for consumer data.
The Federal Trade Commission (FTC) recently held the sixth hearing in its...more
What directors really need to know about the SEC guidance that has generated so much chatter.
With so much boardroom attention on cybersecurity, directors continue to focus on the Securities and Exchange Commission (SEC)...more
As of December 31, 2017, many United States government contractors face a new compliance requirement involving cybersecurity. This requirement will govern most new Department of Defense (DoD) contracts and, significantly,...more
12/26/2017
/ Bid Protests ,
Breach of Contract ,
Cybersecurity ,
Data Protection ,
Data Security ,
Department of Defense (DOD) ,
DFARS ,
False Claims Act (FCA) ,
Federal Contractors ,
NIST ,
Popular
The DFARS final rule requires contractors to safeguard information systems and imposes investigation and reporting requirements in the case of cyber incidents.
As of December 31, 2017, many United States government...more
Trump Administration’s required cybersecurity assessments provide potential for new round of public-private collaboration.
The Trump Administration recently issued a much anticipated Executive Order (EO) addressing...more
The Trump Administration has issued a much anticipated Executive Order (EO),“Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” directing federal executive agency heads to undertake various...more
Ransomware is not only a growing security threat but a potentially thorny notification issue.
Ransomware is one of the most prevalent cybersecurity threats afflicting businesses today. When an attack hits, a victim...more
Another front recently emerged in the legal battle over whether US law enforcement authorities can use a search warrant issued under the Stored Communications Act (SCA) to obtain data stored overseas. Until now, the battle...more
2/15/2017
/ Corporate Counsel ,
Electronically Stored Information ,
Extraterritoriality Rules ,
Google ,
International Data Transfers ,
Ireland ,
Microsoft ,
MLAT ,
Popular ,
Search Warrant ,
Stored Communications Act ,
Young Lawyers
The revised regulations eliminate many of the categorical requirements in the original proposal and instead adopt a more risk-based approach.
On December 28, 2016, the New York State Department of Financial Services...more
Comments submitted on the proposed regulations criticize the lack of a risk-based approach, overbroad definitions, potential extraterritorial implications, an excessive breach notification threshold and a daunting annual...more