Much has been made of California Governor Gavin Newsom’s recent endorsement of “data dividends”: payments to consumers for the use of their personal data. Common Sense Media, which helped pass the CCPA last year, plans to...more
Illinois, the only state with a statute allowing private actions for unconsented collection of biometric readings, has made plaintiff recovery significantly easier, and defending such cases significantly harder....more
Now a business that was hacked may be successfully sued under state common law by data subjects whose information was compromised in the crime. For the first time, a state supreme court has held that a company that was...more
1/3/2019
/ Breach of Duty ,
Cybersecurity ,
Data Breach ,
Data Security ,
Economic Loss Doctrine ,
Employer Liability Issues ,
Negligence ,
PA Supreme Court ,
Personally Identifiable Information ,
Popular ,
Reasonable Care
A European privacy regulator has spoken on a key facet in its General Data Protection Regulation (GDPR) interpretation. The UK’s enforcement office apparently believes that an EU data subject cannot give consent to a...more
Tacking an entirely new direction from other US states, Ohio has decided to offer defensive legal protection to businesses who have built a cybersecurity regime around well-known industry standards, even where those...more
11/7/2018
/ Blockchain ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Federal Information Security Modernization Act (FISMA) ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
NIST ,
Popular ,
Safe Harbors ,
Smart Contracts
Canada now follows the US trend to require reporting of personal data exposures. Beginning November 1, 2018, a change in the law will require companies subject to Canada’s federal data protection laws to report data breaches...more
The corporate world may be anticipating its biggest change since the SEC Act of 1934. As enormous companies stretch across nations, they are expected to become progressive citizens of the world, not simply money generating...more
The new California Consumer Privacy Act is not the only California privacy law that companies will have to prepare for in 2019. Beginning on January 1, 2020, California will also require a manufacturer of a “connected device”...more
10/10/2018
/ California Consumer Privacy Act (CCPA) ,
Connected Items ,
Data Collection ,
Data Security ,
Governor Brown ,
Internet ,
Internet of Things ,
Manufacturers ,
New Legislation ,
Private Right of Action ,
Smart Devices ,
Software
“New threats and a new era of strategic competition” have prompted the White House to roll out a new National Cyber Strategy. As identified below, the Strategy contains important priority initiatives that will advantage many...more
9/28/2018
/ Critical Infrastructure Sectors ,
Cyber Crimes ,
Cybersecurity ,
Data Security ,
National Security ,
Popular ,
Private Sector ,
Risk Mitigation ,
Technology Sector ,
Telecommunications ,
Transportation Industry
You may be paying for cyber insurance that will not cover the most significant cyber risks faced by your business.
Recent studies call into question whether a company can insure against the unprecedented huge fines for...more
9/20/2018
/ Corporate Counsel ,
Cyber Insurance ,
Cybersecurity ,
Data Protection ,
Data Security ,
EU ,
Extraterritoriality Rules ,
Fines ,
General Data Protection Regulation (GDPR) ,
Member State ,
Popular
In July, we published a client alert answering key questions about the CCPA. However, state lawmakers have made additional changes to the law since then. Below is an updated overview showing the amendments in bold...more
9/7/2018
/ Amended Legislation ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action
We are on the cusp of a revolution. While wealth managers have used computers to streamline complex analysis and to simplify customer service, the next wave of computational tools is already upon us. Artificial intelligence...more
Throughout history, people have waged sectarian fights to protect their beliefs. The Europeans, sitting at a crossroads of two major religions charged with converting the unenlightened, have a particularly combative...more
8/16/2018
/ Cybersecurity ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular
On June 28, 2018, California enacted the California Consumer Privacy Act of 2018 (“CCPA”). CCPA, unlike any other law, requires companies to honor specific privacy rights of California consumers granted under CCPA....more
7/3/2018
/ Consumer Protection Laws ,
Cybersecurity ,
Data Collection ,
Governor Brown ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Portability ,
Privacy Laws ,
Private Right of Action ,
Right to Be Forgotten ,
State and Local Government
Companies have a responsibility to protect the sensitive employee and consumer data they hold, but we do not know how much of their revenues must be spent on this effort before it is considered enough. We do not know what...more
The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or employees in the EU. It...more
5/3/2018
/ Breach Notification Rule ,
Cybersecurity ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information
In February 2014 the U.S. National Institute of Standards in Technology (‘NIST’) published the ?rst NIST Cybersecurity Framework, responding to an Executive Order on improving critical infrastructure cybersecurity issued by...more
4/23/2018
/ Cloud Service Providers (CSPs) ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Data Protection Officers (DPOs) ,
Executive Orders ,
Hackers ,
Internet of Things ,
NIST ,
Point of Sale Terminals ,
Popular ,
Public Safety ,
Regulatory Requirements ,
Risk Management ,
Self-Regulatory Organizations ,
Trump Administration
The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or employees in the EU. It...more
6 Months To Go The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or employees...more
11/30/2017
/ Contract Amendments ,
Cyber Policies ,
Cybersecurity ,
Data Breach ,
Data Controller ,
Data Processors ,
Data Protection Officers (DPOs) ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Vendor Contacts ,
Written Agreements
For retailers, speed and efficiency in supply chains are paramount. With the possibility of a "hard" or "no deal" Brexit, retailers must adapt to a new operating environment. The UK government is exploring the potential for...more
11/15/2017
/ AEO ,
Blockchain ,
Cross-Border Transactions ,
Customs and Border Protection ,
Cybersecurity ,
Distributed Ledger Technology (DLT) ,
General Data Protection Regulation (GDPR) ,
GPS ,
Internet of Things ,
Popular ,
Port Authority ,
Retailers ,
Singapore ,
Theresa May ,
UK Brexit ,
Websites
7 Months To Go -
The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or...more
11/1/2017
/ Contract Amendments ,
Cyber Policies ,
Cybersecurity ,
Data Breach ,
Data Controller ,
Data Processors ,
Data Protection Officers (DPOs) ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Vendor Contacts ,
Written Agreements
Any entity processing personal data on your behalf (i.e., your vendors) must have a written contract in place. The GDPR requires specific language in your vendor contracts. Review steps 1–4 below to bring your vendor...more
10/27/2017
/ Contract Amendments ,
Cybersecurity ,
Data Controller ,
Data Processors ,
EU ,
General Data Protection Regulation (GDPR) ,
Member State ,
Personal Data ,
Third-Party Service Provider ,
Vendors ,
Written Consent
Follow our three-question flowchart to answer the question: “Does GDPR Apply to You?” If “Yes” then you may be required to designate a Data Protection Officer (“DPO”) by May 25, 2018, when the GDPR applies.
Follow our...more
The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or employees in the EU. It...more
Manufacturers have long used patents, licenses and litigation to deter competitive products and restrict secondary markets in their products. The U.S. Supreme Court just dealt these practices a severe blow, confirming that a...more
6/5/2017
/ Appeals ,
Breach of Contract ,
Exports ,
First Sale Doctrine ,
Foreign Sales ,
Imports ,
Impression Products v Lexmark International ,
IP License ,
Kirtsaeng v. John Wiley & Sons ,
Patent Exhaustion ,
Patent Infringement ,
Patent Litigation ,
Patents ,
Resales Agreements ,
SCOTUS ,
Single-Use/No Resale Restriction ,
Stream of Commerce