In this month’s edition of our Privacy & Cybersecurity Update, we examine the European Commission’s new Standard Contractual Clauses and the European Data Protection Board’s new recommendations on international data flows. We...more
7/9/2021
/ Computer Fraud and Abuse Act (CFAA) ,
Cybersecurity ,
Data Protection ,
European Commission ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Popular ,
Ransomware ,
Schrems I & Schrems II ,
State Privacy Laws
In the second year of litigation under the California Consumer Protection Act, a flood of cases continues unabated. When businesses subject to the CCPA experience a data breach, they routinely face consumer class actions...more
Recently, many of our clients have received similar requests from the staff of the SEC's Division of Enforcement related to the December 2020 SolarWinds cyberattack. We confirmed with the SEC staff that the request is...more
6/23/2021
/ Amnesty ,
Cyber Attacks ,
Cybersecurity ,
Data Security ,
Enforcement Actions ,
Insider Trading ,
Internal Controls ,
Regulation FD ,
Securities and Exchange Commission (SEC) ,
Securities Violations ,
SolarWinds
In Van Buren v. United States, the Supreme Court’s first opportunity to mark the limits of the Computer Fraud and Abuse Act (CFAA), the Supreme Court significantly curtailed the act’s scope. In a decision on June 3, 2021,...more
President Joe Biden has been fulfilling his promise to prioritize cybersecurity in his administration: He issued several cybersecurity-related executive orders, and federal regulators under his administration also have turned...more
5/4/2021
/ Biden Administration ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Executive Orders ,
False Claims Act (FCA) ,
Office of Foreign Assets Control (OFAC) ,
Regulatory Agenda ,
Supply Chain
In this month's edition of our Privacy & Cybersecurity Update, we examine the Second Circuit's ruling allowing standing for increased risk of identity theft following a data breach, the European Commission's recently released...more
5/3/2021
/ Artificial Intelligence ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Labor (DOL) ,
EBSA ,
EU ,
European Commission ,
IN Supreme Court ,
Ransomware
In this month’s edition, we examine California’s new regulations enhancing opt-out rights in the California Consumer Privacy Act and the state's selections for the California Privacy Protection Agency’s inaugural board. We...more
4/2/2021
/ California Consumer Privacy Act (CCPA) ,
Commercial General Liability Policies ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
FDCPA ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Opt-Outs ,
Personal Data ,
Securities and Exchange Commission (SEC) ,
State Attorneys General ,
State Privacy Laws ,
TCPA
In this month's edition of our Privacy & Cybersecurity Update, we examine the New York Department of Financial Services' issuance of the first-ever cyber insurance risk guidance framework, the Eleventh Circuit's ruling...more
Takeaways
- Boards need to take an active role overseeing cybersecurity measures.
- Directors may be held personally responsible for lapses that result in attacks.
- U.S. money laundering and sanctions rules may prohibit...more
2/17/2021
/ Anti-Money Laundering ,
Board of Directors ,
Corporate Governance ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Directors ,
Popular ,
Ransomware
In this month's edition, we examine the European Commission's Digital Services Act and its potential regulatory impact, the National Institute of Standards and Technology's draft guidance on internet-of-things devices'...more
2/4/2021
/ Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Retention ,
Data Security ,
Digital Services ,
Draft Guidance ,
European Commission ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Internet of Things ,
NIST ,
Popular ,
Privacy Policy
In this month’s edition of our Privacy & Cybersecurity Update, we examine the passage of the ballot initiative that enacts the California Privacy Rights Act, the U.K. Information Commissioner’s Office’s final guidance on data...more
12/2/2020
/ Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
In this month's edition of our Privacy & Cybersecurity Update, we examine the U.S. Treasury's advisories regarding the role of financial intermediaries in ransomware payments, a ruling by the Israeli data protection authority...more
11/3/2020
/ British Airways ,
California Consumer Privacy Act (CCPA) ,
Court of Justice of the European Union (CJEU) ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
Financial Institutions ,
FinCEN ,
International Data Transfers ,
Office of Foreign Assets Control (OFAC) ,
Popular ,
Ransomware ,
State Attorneys General ,
Surveillance
In this month's edition, we examine the Swiss data protection authority's comments on the validity of its data-sharing framework with the U.S., as well as the European Data Protection Board's guidance on joint controllers and...more
10/10/2020
/ Biometric Information Privacy Act ,
Class Action ,
Constitutional Challenges ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Data Protection Authority ,
European Data Protection Board (EDPB) ,
International Data Transfers ,
Joint Control ,
Metadata ,
National Security Agency (NSA) ,
New Guidance ,
Outer Space ,
Personally Identifiable Information ,
Popular ,
Presidential Memorandum ,
Privacy Laws ,
Social Media ,
Swiss Privacy Shield ,
Trump Administration
In this month's edition of our Privacy & Cybersecurity Update, we examine the National Institute of Standards and Technology's four principles of the "explainability" of artificial intelligence and the U.K. Information...more
9/1/2020
/ Anti-Drone Technology ,
Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Compliance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
Drones ,
EU-US Privacy Shield ,
FCC ,
Federal Aviation Administration (FAA) ,
Federal Trade Commission (FTC) ,
Final Rules ,
International Data Transfers ,
NIST ,
Office of Administrative Law ,
Personal Information ,
Popular ,
Privacy Laws ,
Risk Mitigation ,
UK ,
UK ICO
In this month's edition, we examine the Court of Justice of the European Union's decision invalidating the EU-U.S. Privacy Shield framework, as well as the U.S. government's response to the decision. We also examine two...more
8/6/2020
/ Automotive Industry ,
Binding Corporate Rules ,
Broadband Privacy Rules ,
Connected Cars ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Economic Loss Doctrine ,
Enforcement Actions ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
Federal Trade Commission (FTC) ,
First Amendment ,
Free Speech ,
General Data Protection Regulation (GDPR) ,
Hackers ,
Insurance Industry ,
International Data Transfers ,
Internet Service Providers (ISPs) ,
Misrepresentation ,
Negligence ,
NYDFS ,
Online Platforms ,
P2B ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Schrems I & Schrems II ,
Security Breach ,
Standard Contractual Clauses ,
U.S. Commerce Department ,
UK ,
UK Data Protection Act ,
United Nations
On July 3, 2020, the U.S. Department of Justice (DOJ) and U.S. Securities and Exchange Commission (SEC) jointly released the second edition of the “Resource Guide to the U.S. Foreign Corrupt Practices Act,” which was...more
7/17/2020
/ Accounting Controls ,
Acquisitions ,
Co-Conspirators ,
Compliance ,
Conspiracies ,
Department of Justice (DOJ) ,
Disgorgement ,
Due Diligence ,
FCPA Resource Guide ,
Foreign Corrupt Practices Act (FCPA) ,
Foreign Official ,
Instrumentality ,
Intent ,
Meals-Gifts-and Entertainment Rules ,
Mergers ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC) ,
Third Party Payments ,
Travel
In this month's edition of our Privacy & Cybersecurity Update, we examine the California attorney general's final regulations for the California Consumer Privacy Act and a ruling by the Indiana Court of Appeals involving...more
7/6/2020
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Constitutional Challenges ,
Consumer Fraud ,
Cyber Insurance ,
Cybersecurity ,
Data Privacy ,
EU ,
Popular ,
Privacy Laws ,
Ransomware
In this month's edition of our Privacy & Cybersecurity Update, we examine the Seventh Circuit's ruling finding standing for an Illinois Biometric Information Privacy Act claim, the European Data Protection Board's updated...more
6/1/2020
/ Appeals ,
Biometric Information Privacy Act ,
Blocked Mergers ,
Bulk Electric System ,
Business Interruption ,
Consent ,
Cookies ,
Coronavirus/COVID-19 ,
Cyber Insurance ,
Cyber Threats ,
Cybersecurity ,
Data Protection Authority ,
Department of Energy (DOE) ,
Employee Privacy Rights ,
European Data Protection Board (EDPB) ,
Foreign Acquisitions ,
Foreign Adversaries ,
General Data Protection Regulation (GDPR) ,
National Security ,
Policy Exclusions ,
Popular ,
Privacy Laws ,
Remote Working ,
Standing ,
Trump Administration
In this month's edition of our Privacy & Cybersecurity Update, we examine Washington state's new facial recognition law, the U.K. Supreme Court's ruling that an employer is not liable for a data breach caused by a disgruntled...more
5/3/2020
/ Coronavirus/COVID-19 ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Draft Guidance ,
Employee Misconduct ,
Employer Liability Issues ,
Equifax ,
European Commission ,
European Data Protection Board (EDPB) ,
Facial Recognition Technology ,
FSB ,
Mobile Apps ,
New Guidance ,
NYDFS ,
Phishing Scams ,
Popular ,
Privacy Laws ,
Settlement ,
UK Supreme Court
Addressing the Evolving Risks -
Warren Buffett said that “only when the tide goes out do you discover who’s been swimming naked.” Buffett was not talking about compliance programs in a time of crisis, but his wisdom applies...more
5/2/2020
/ Anti-Corruption ,
Anti-Money Laundering ,
BSA/AML ,
Compliance ,
Coronavirus/COVID-19 ,
Corporate Misconduct ,
Cybersecurity ,
Disclosure Requirements ,
Economic Sanctions ,
Enforcement Actions ,
FFIEC ,
Financial Distress ,
Financial Fraud ,
FinCEN ,
Foreign Corrupt Practices Act (FCPA) ,
Market Manipulation ,
Office of Foreign Assets Control (OFAC) ,
Popular ,
Public Health Emergency ,
Publicly-Traded Companies ,
Risk Assessment ,
Risk Mitigation ,
Sanction Violations ,
Securities and Exchange Commission (SEC)
Although U.S.-China bilateral tensions eased to a degree earlier this year with the signing of an interim trade agreement, fundamental differences remained. These differences — such as the role that China’s industrial policy...more
4/2/2020
/ Bilateral Agreements ,
China ,
China Initiative ,
Criminal Prosecution ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
Failure To Disclose ,
False Statements ,
Mail Fraud ,
Trump Administration ,
US Trade Policies ,
Wire Fraud
The spread of the novel coronavirus has upended Americans’ lives in a matter of months. While life outside has ground to a standstill in many regions of the country, much of corporate America is meeting the unique challenges...more
3/29/2020
/ Best Practices ,
Coronavirus/COVID-19 ,
Corporate Executives ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Protection ,
Hackers ,
Incident Response Plans ,
Network Security ,
NIST ,
Phishing Scams ,
Ransomware ,
Remote Working ,
Risk Management ,
Virtual Private Networks
In this month's edition, we examine the California attorney general's proposed modified regulations under the CCPA, the Treasury Department's new CFIUS regulations, and the SEC Office of Compliance Inspections and...more
3/3/2020
/ BPCIA ,
Business Losses ,
California Consumer Privacy Act (CCPA) ,
CFIUS ,
Cyber Insurance ,
Cybersecurity ,
Data Privacy ,
Foreign Investment ,
OCIE ,
Popular ,
Privacy Laws ,
Ransomware ,
Risk Mitigation ,
Securities and Exchange Commission (SEC) ,
Standing ,
State Privacy Laws ,
U.S. Treasury ,
UK ICO
In this month's edition of our Privacy & Cybersecurity Update, we examine the EU advocate general's decision in Schrems II, a federal court's ruling that an insurer owed coverage for a social engineering loss, the Chinese...more
2/6/2020
/ Advocate General ,
China ,
Cybersecurity ,
Cybersecurity Framework ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
GA Supreme Court ,
Hackers ,
Mobile Apps ,
Negligence ,
NIST ,
Personal Data ,
Popular ,
Ransomware ,
Schrems I & Schrems II
In this month's edition of our Privacy & Cybersecurity Update, we take a look at guidance on artificial intelligence released by the U.K. Information Commissioner's Office and the Turing Institute, as well as guidance...more
1/3/2020
/ Artificial Intelligence ,
Consent Order ,
Consumer Insurance Products ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Management ,
Data Protection ,
Draft Guidance ,
Email ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Information Management ,
Insurance Regulations ,
Misleading Statements ,
NAIC ,
Personal Data ,
Popular ,
Regulatory Requirements ,
Settlement Agreements ,
Terms of Service ,
Transparency ,
Voluntary Disclosure