The energy industry faces unique challenges when it comes to cybersecurity and working with vendors on digital transformation projects. Energy is one of the “critical infrastructure sectors” identified in Presidential Policy...more
The European Council adopted the EU Data Act (the Act) on November 27, 2023, representing a major regulatory shift in cloud services and data processing. The Act’s objectives include ensuring fairness in the allocation of...more
The European Union (EU) Commission released its Draft Adequacy Decision for the EU-US Data Privacy Framework on December 13, which, in conjunction with President Biden’s executive order issued on October 7, will further...more
The New York Department of Financial Services (NYDFS) published its proposed amendment to its 23 NYCRR Part 500 (Cybersecurity Rules) on November 9, 2022, following the release of the draft version on July 29, 2022....more
12/9/2022
/ Comment Period ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Regulatory Reform ,
Financial Services Industry ,
Information Technology ,
NYDFS ,
Popular ,
Public Comment ,
Regulatory Agenda ,
Risk Management
In this edition of our Spotlight series, we welcome David Plotinsky to discuss key issues that technology lawyers and professionals should keep in mind regarding tech transactions, foreign investment, and review by the...more
On June 4, 2021, the European Commission adopted its long-anticipated updated Standard Contractual Clauses (New SCCs) for use by organizations transferring personal data outside of the European Economic Area (EEA) to third...more
7/15/2021
/ Cybersecurity ,
Data Protection ,
EU ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
The United Kingdom’s Department for Digital, Culture, Media & Sport (DCMS) is requesting views on supply chain cybersecurity, which it will look to incorporate into its new National Cyber Security Strategy....more
The July 1 enforcement of the California Consumer Privacy Act (CCPA) is one week away. Despite calls by the business community and trade associations to push back the enforcement date to January 2021 due to the coronavirus...more
6/24/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
State and Local Government ,
State Attorneys General
The January 1, 2020, deadline to comply with the California Consumer Privacy Act (CCPA) is fast approaching. Signed into law in the summer of 2018, the CCPA creates a variety of new consumer privacy rights and will require...more
There is no “one size fits all” solution when drafting and negotiating the liability provisions relating to data protection obligations and security incidents. Every contract has unique business drivers that will shape the...more
In Part 1 and Part 2 of this Contract Corner, we discussed the importance of assessing and defining the types of data involved in a services agreement, and highlighted issues to consider with respect to the ownership and...more
In Part 1 of this Contract Corner, we discussed the importance of evaluating the types of data to be processed or accessed by a service provider at the beginning of the contracting process and key considerations to address...more
Drafting and negotiating the data protection provisions in services agreements can be one of the trickier and more time-consuming aspects of the contracting process. One of our prior Contract Corner series from 2014 discussed...more
Data owners and processors are working hard to make sure they have compliance programs in place by the time the European Union’s General Data Protection Regulation (GDPR) goes into force on May 25, 2018. To that end, a new...more
The North American Electric Reliability Corporation (NERC) recently petitioned the Federal Energy Regulatory Commission (FERC) to approve its proposed “Reliability Standards” addressing cybersecurity risks in critical...more
In a positive development for companies relying on transatlantic data transfers, the European Commission (the Commission) recently announced that one year into the program, the EU-US Privacy Shield framework is functioning as...more
By voice vote on February 6, the US House of Representatives passed the Email Privacy Act that would, among other things, require the federal government to obtain a warrant before compelling service providers to hand over...more