In two recent rulings, judges in the U.S. Northern District of California have allowed proposed class actions under the California Consumer Privacy Act (CCPA) to proceed without an allegation of a data breach, departing from...more
Key Points -
- State AGs nationwide are focusing on initiatives in data privacy, cybersecurity, consumer protection and securities fraud.
- Special areas of concern also include AI and online privacy and protections for...more
3/14/2025
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Consumer Protection Laws ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Enforcement Actions ,
Online Safety for Children ,
Securities Fraud ,
State Attorneys General ,
Technology Sector
On May 16, 2024, the Securities and Exchange Commission (SEC) announced the adoption of amendments to Regulation S-P (Reg S-P), which broadly track the changes originally proposed in March 2023. The revised Reg S-P requires...more
Valuable insights into the measures European regulators expect businesses to take to protect data privacy can be found in a report from the European Data Protection Board (EDPB) summarizing decisions under the EU’s General...more
4/15/2024
/ Data Breach ,
Data Controller ,
Data Protection ,
Data Security ,
Enforcement ,
EU ,
European Court of Justice (ECJ) ,
European Data Protection Board (EDPB) ,
Firewalls ,
General Data Protection Regulation (GDPR) ,
Passwords ,
Professional Regulators
On October 30, 2023, the SEC filed a litigated complaint against SolarWinds, a software development company, and Timothy Brown, its chief information security officer (CISO). The SEC alleges that from October 2018, when...more
11/7/2023
/ Compliance ,
Corporate Governance ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Disclosure ,
Enforcement Actions ,
Information Security ,
Information Technology ,
Popular ,
Risk Management ,
Risk Mitigation ,
SolarWinds
In our June Privacy & Cybersecurity Update, we review new data privacy laws in Colorado, Connecticut, Florida and Montana; Verizon’s annual Data Breach Investigations Report; AM Best’s report on cyber insurance trends; and...more
7/6/2023
/ Biometric Information Privacy Act ,
Consumer Privacy Rights ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Processors ,
Data Protection ,
Employer Liability Issues ,
Employment Litigation ,
Enforcement ,
Investigations ,
Liability ,
Negligence ,
New Amendments ,
New Legislation ,
New Regulations ,
Opt-Outs ,
Popular ,
Privacy Laws ,
State and Local Government ,
State Privacy Laws ,
Technology Sector ,
Verizon
In this month’s Privacy & Cybersecurity Update, we analyze recent fines against Meta and their impact on the future of behavioral advertising, the timeline for the California Privacy Rights Act’s regulations to become...more
2/1/2023
/ Advertising ,
California ,
California Privacy Rights Act (CPRA) ,
Class Action ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Breach ,
FCC ,
Fines ,
Investigations ,
Metaverse ,
Popular ,
Privacy Laws ,
Proposed Amendments ,
Reporting Requirements ,
Settlement Agreements ,
State and Local Government ,
State Privacy Laws ,
UK
In this month’s Privacy & Cybersecurity Update, we examine the European Commission’s draft adequacy decision on the EU-U.S. Data Privacy Framework, as well as guidance from the U.K. Information Commissioner’s Office on...more
1/3/2023
/ Biometric Information Privacy Act ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Employee Monitoring ,
EU ,
European Commission ,
International Data Transfers ,
Popular ,
Privacy Laws ,
Risk Assessment ,
UK
In this month's Privacy & Cybersecurity Update, we examine California’s draft amended regulations for the California Privacy Rights Act, the introduction of comprehensive federal privacy legislation in Congress and the U.K.’s...more
In this month’s Privacy & Cybersecurity Update, we review Connecticut’s passage of a comprehensive privacy law (making it the fifth state to do so), the newly enacted federal Better Cybercrime Metrics Act, New York’s new law...more
6/3/2022
/ COPPA ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Personal Data ,
Popular ,
State Privacy Laws
In this month’s Privacy & Cybersecurity Update, we examine the FTC chair’s comments suggesting a potential shift in its approach to data privacy regulation, the European Data Protection Board’s request for comment on its...more
5/4/2022
/ Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Food and Drug Administration (FDA) ,
Medical Devices ,
Personal Data ,
Personally Identifiable Information ,
Popular
In this month’s Privacy & Cybersecurity Update, we examine the FBI’s warning to companies regarding cyberattacks targeting confidential M&A activity, as well as the Cybersecurity and Infrastructure Security Agency’s directive...more
12/1/2021
/ Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
EU ,
European Data Protection Board (EDPB) ,
FBI ,
International Data Transfers ,
Ransomware ,
Robocalling
In this month’s edition of our Privacy & Cybersecurity Update, we examine the FTC’s changes to the Gramm-Leach-Bliley Act’s Safeguards Rule and the CFPB’s order requiring six tech companies to disclose information regarding...more
11/2/2021
/ Consumer Financial Protection Bureau (CFPB) ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
GEICO ,
Gramm-Leach-Blilely Act ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Multidistrict Litigation ,
Putative Class Actions ,
Safeguards Rule
In the second year of litigation under the California Consumer Protection Act, a flood of cases continues unabated. When businesses subject to the CCPA experience a data breach, they routinely face consumer class actions...more
President Joe Biden has been fulfilling his promise to prioritize cybersecurity in his administration: He issued several cybersecurity-related executive orders, and federal regulators under his administration also have turned...more
5/4/2021
/ Biden Administration ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Executive Orders ,
False Claims Act (FCA) ,
Office of Foreign Assets Control (OFAC) ,
Regulatory Agenda ,
Supply Chain
In this month's edition of our Privacy & Cybersecurity Update, we examine the Second Circuit's ruling allowing standing for increased risk of identity theft following a data breach, the European Commission's recently released...more
5/3/2021
/ Artificial Intelligence ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Labor (DOL) ,
EBSA ,
EU ,
European Commission ,
IN Supreme Court ,
Ransomware
Takeaways
- Boards need to take an active role overseeing cybersecurity measures.
- Directors may be held personally responsible for lapses that result in attacks.
- U.S. money laundering and sanctions rules may prohibit...more
2/17/2021
/ Anti-Money Laundering ,
Board of Directors ,
Corporate Governance ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Directors ,
Popular ,
Ransomware
In this month's edition of our Privacy & Cybersecurity Update, we examine the U.S. Treasury's advisories regarding the role of financial intermediaries in ransomware payments, a ruling by the Israeli data protection authority...more
11/3/2020
/ British Airways ,
California Consumer Privacy Act (CCPA) ,
Court of Justice of the European Union (CJEU) ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
Financial Institutions ,
FinCEN ,
International Data Transfers ,
Office of Foreign Assets Control (OFAC) ,
Popular ,
Ransomware ,
State Attorneys General ,
Surveillance
In this month's edition, we examine the Court of Justice of the European Union's decision invalidating the EU-U.S. Privacy Shield framework, as well as the U.S. government's response to the decision. We also examine two...more
8/6/2020
/ Automotive Industry ,
Binding Corporate Rules ,
Broadband Privacy Rules ,
Connected Cars ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Economic Loss Doctrine ,
Enforcement Actions ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
Federal Trade Commission (FTC) ,
First Amendment ,
Free Speech ,
General Data Protection Regulation (GDPR) ,
Hackers ,
Insurance Industry ,
International Data Transfers ,
Internet Service Providers (ISPs) ,
Misrepresentation ,
Negligence ,
NYDFS ,
Online Platforms ,
P2B ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Schrems I & Schrems II ,
Security Breach ,
Standard Contractual Clauses ,
U.S. Commerce Department ,
UK ,
UK Data Protection Act ,
United Nations
In this month's edition of our Privacy & Cybersecurity Update, we examine Washington state's new facial recognition law, the U.K. Supreme Court's ruling that an employer is not liable for a data breach caused by a disgruntled...more
5/3/2020
/ Coronavirus/COVID-19 ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Draft Guidance ,
Employee Misconduct ,
Employer Liability Issues ,
Equifax ,
European Commission ,
European Data Protection Board (EDPB) ,
Facial Recognition Technology ,
FSB ,
Mobile Apps ,
New Guidance ,
NYDFS ,
Phishing Scams ,
Popular ,
Privacy Laws ,
Settlement ,
UK Supreme Court
The spread of the novel coronavirus has upended Americans’ lives in a matter of months. While life outside has ground to a standstill in many regions of the country, much of corporate America is meeting the unique challenges...more
3/29/2020
/ Best Practices ,
Coronavirus/COVID-19 ,
Corporate Executives ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Protection ,
Hackers ,
Incident Response Plans ,
Network Security ,
NIST ,
Phishing Scams ,
Ransomware ,
Remote Working ,
Risk Management ,
Virtual Private Networks
In this month's edition, we examine the landmark data breach class action in the English High Court against Equifax, the FTC's complaint against data colocation company RagingWire and a Utah business-to-business company's...more
12/4/2019
/ Commercial General Liability Policies ,
Cybersecurity ,
Data Breach ,
Denial of Insurance Coverage ,
Equifax ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
International Arbitration ,
Misrepresentation ,
Popular ,
Privacy Laws ,
Settlement ,
Target ,
UK
In this month's edition of our Privacy & Cybersecurity Update, we examine New York's new laws expanding consumer protection for data breaches, the D.C. Circuit's two rulings deepening the split regarding standing in data...more
8/2/2019
/ Article III ,
Biometric Information ,
Consumer Protection Laws ,
Cookies ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Debit and Credit Card Transactions ,
Equifax ,
Fair Credit Reporting Act (FCRA) ,
General Data Protection Regulation (GDPR) ,
Hackers ,
Identity Theft ,
Injury-in-Fact ,
Malware ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
Search Results ,
Settlement ,
Spokeo v Robins ,
Standing ,
State and Local Government ,
State Data Breach Notification Statutes ,
UK
In this month's edition of our Privacy & Cybersecurity Update, we reflect on the GDPR's one-year anniversary while also examining the EU's new Cybersecurity Act. We also take a look at HHS' new guidance on direct liability of...more
7/2/2019
/ Appeals ,
Business Associates ,
Consumer Privacy Rights ,
Credit Cards ,
Cybersecurity ,
Data Breach ,
Data Sellers ,
Dish Network ,
EU Cybersecurity Act ,
European Council ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Internet Service Providers (ISPs) ,
Liability ,
Merchant Fees ,
Opt-Outs ,
Payment Processors ,
Personal Information ,
Personally Identifiable Information ,
Privacy Laws ,
State and Local Government ,
State Data Breach Notification Statutes ,
TCPA
In this month's edition of our Privacy & Cybersecurity Update, we examine expanded data breach notification laws in New Jersey and Washington state, as well as the SEC's risk alert regarding cloud-based storage solutions. We...more
6/3/2019
/ Amended Rules ,
Annual Reports ,
Cloud Storage ,
Cybersecurity ,
Data Breach ,
Data Protection Authority ,
Data Security ,
Federal Trade Commission (FTC) ,
Finland ,
General Data Protection Regulation (GDPR) ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Risk Alert ,
Securities and Exchange Commission (SEC) ,
State Data Breach Notification Statutes ,
UK