FTC Announces Proposed Settlement with Software Provider to Settle Allegations that its Inadequate Security Safeguards Led to Cyberattack -
On February 1, 2024, the Federal Trade Commission (“FTC”) announced a proposed...more
As we begin the new year, we offer this special edition with predictions for 2024 from members of the Cyber Bits Partner Committee. Regardless of what happens in 2024, we renew our commitment to keep you informed of the...more
1/8/2024
/ Artificial Intelligence ,
Biometric Information ,
China ,
Consumer Privacy Rights ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement ,
EU ,
Facial Recognition Technology ,
Machine Learning ,
Popular ,
Regulation S-P ,
Risk Management ,
Securities and Exchange Commission (SEC)
The Biden Administration Issues Executive Order on Artificial Intelligence -
On October 30, 2023, President Biden signed an Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence (the “Order”)...more
11/17/2023
/ Artificial Intelligence ,
Biden Administration ,
Chief Information Security Officer (CISO) ,
Cyber Crimes ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Executive Orders ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
NYDFS ,
Ransomware ,
Regulatory Agenda ,
Securities and Exchange Commission (SEC) ,
SolarWinds
At an open meeting on March 15, 2023, the U.S. Securities and Exchange Commission voted unanimously to propose rule amendments to Regulation S-P (Proposed Rule) and published an accompanying release (Release). The Proposed...more
4/18/2023
/ Cybersecurity ,
Data Breach ,
Financial Institutions ,
Fixing America’s Surface Transportation Act (FAST Act) ,
Gramm-Leach-Blilely Act ,
Investment Adviser ,
Investment Company Act of 1940 ,
Personal Information ,
Popular ,
Proposed Amendments ,
Recordkeeping Requirements ,
Regulation S-P ,
Risk Management ,
Safeguards Rule ,
Securities and Exchange Commission (SEC)
What is in store for Privacy and Cybersecurity in 2023 -
As the year ends, we offer this special edition with predictions for 2023 from each member of the Cyber Bits Partner Committee. Regardless of what happens in 2023, we...more
12/30/2022
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Cyber Attacks ,
Cybersecurity ,
Disclosure Requirements ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Infrastructure ,
Investment Adviser ,
Popular ,
Privacy Laws ,
Privacy Legislation ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
State Data Breach Notification Statutes ,
UK ,
Whistleblowers
Less than two months after the California Privacy Protection Agency (“CPPA” or “Agency”) formally took over rulemaking for the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act...more
6/8/2022
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Policy Drafting ,
Popular ,
Regulatory Agenda
On March 9, 2022, the Securities and Exchange Commission (“SEC”) voted three-to-one to propose new and amended rules for public companies that are subject to the reporting requirements of the Securities Exchange Act of 1934...more
3/18/2022
/ Corporate Governance ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Form 8-K ,
Proposed Amendments ,
Publicly-Traded Companies ,
Regulatory Agenda ,
Regulatory Reform ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
At an open meeting on February 9, 2022, the Securities and Exchange Commission voted three-to-one to propose new and amended rules regarding cybersecurity risk management, cyber incident reporting and cyber risk disclosure...more
EU Parliament Adopts Amended Digital Services Act by a Wide Margin -
On January 21, 2022, the members of the EU Parliament approved by a large majority (77%) an amended draft of the Digital Services Act (“DSA”)....more
2/11/2022
/ Cloud Service Providers (CSPs) ,
Cybersecurity ,
Digital Service Providers ,
Digital Services ,
EU ,
Facial Recognition Technology ,
Financial Institutions ,
Google ,
Income Taxes ,
Internet ,
IRS ,
Online Platforms ,
Regulatory Agenda ,
Securities and Exchange Commission (SEC) ,
Tracking Systems ,
Unfair or Deceptive Trade Practices
On January 12, 2022, the French data protection authority (“CNIL“) published guidance on the reuse of personal data by processors for their own purposes (the “Guidance”)....more
1/28/2022
/ CNIL ,
Data Breach ,
Data Management ,
Data Processors ,
Data Protection ,
EU ,
FCC ,
France ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Privacy Laws ,
Regulatory Reform ,
Regulatory Standards
Few things are certain, but it is indisputable that in 2022 data will remain big; data driven technologies will create unparalleled opportunity and risk; the frequency and sophistication of cyberattacks will shatter...more
1/7/2022
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Loss Prevention ,
Data Privacy ,
Data Protection ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Hackers ,
International Data Transfers ,
Machine Learning ,
Popular ,
Ransomware ,
Regulatory Agenda ,
Section 5
The California Attorney General (“AG”), Rob Bonta, recently announced a much-awaited report on the Office of Attorney General’s enforcement of the California Consumer Privacy Act of 2018 (“CCPA”).1 The AG’s press release: (i)...more
On May 11, 2021, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a joint advisory (Advisory) that encourages critical infrastructure (CI) asset owners and...more
On 10 February 2021, over two and a half years after the anticipated adoption of the e-Privacy Regulation, European Member States have agreed to a revised text. Portending a potential break in the three-year impasse, the...more
2/17/2021
/ Cybersecurity ,
Data Protection ,
e-Privacy Directive ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Member State ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Agenda ,
Regulatory Requirements
On November 12, 2020, the European Commission (EC) published a long anticipated draft of new Standard Contractual Clauses (SCCs) for the transfer of personal data from the European Economic Area (EEA) to third countries whose...more
11/17/2020
/ Data Protection ,
Data Transfers ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Regulatory Agenda ,
Rulemaking Process ,
Schrems I & Schrems II ,
Standard Contractual Clauses
On November 3, 2020, California voters passed Proposition 24, the California Privacy Rights Act (CPRA). Crafted to address perceived gaps in the California Consumer Privacy Act (CCPA), the CPRA effectively calcifies the law...more
11/13/2020
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Sellers ,
Data-Sharing ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Right to Delete ,
Right To Know ,
State and Local Government
On October 28, 2020, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) issued a joint cybersecurity advisory (the...more
10/31/2020
/ Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
FBI ,
Health Care Providers ,
Healthcare Facilities ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Hospitals ,
Incident Response Plans ,
Ransomware ,
Risk Management ,
Security Risk Assessments
Key Takeaways -
The EU-U.S. Privacy Shield does not ensure an adequate level of protection of personal data and is therefore not a lawful basis for data transfers to the U.S....more
7/24/2020
/ Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
International Data Transfers ,
Personal Data ,
Privacy Laws ,
Risk Assessment ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework
The Office of Compliance Inspections and Examinations of the Securities and Exchange Commission released cybersecurity and resiliency-related examination observations on January 27, 2020, based on “thousands of examinations...more
2/14/2020
/ Broker-Dealer ,
Clearing Agencies ,
Corporate Governance ,
Cybersecurity ,
Data Loss Prevention ,
Incident Response Plans ,
Investment Adviser ,
OCIE ,
Privacy Policy ,
Publicly-Traded Companies ,
Risk Assessment ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Stock Exchange ,
Vendors
The U.S. Securities and Exchange Commission’s Office of Compliance Inspections and Examinations issued a National Exam Program Risk Alert on May 23, 2019, which identifies security risks and best practices associated with the...more
6/10/2019
/ Broker-Dealer ,
Cloud Storage ,
Customer Information ,
Cybersecurity ,
Financial Industry Regulatory Authority (FINRA) ,
Investment Adviser ,
Investment Advisers Act of 1940 ,
Network Security ,
OCIE ,
Policies and Procedures ,
Popular ,
Risk Alert ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Third-Party Risk ,
Vendors
The Staff of the Office of Compliance Inspections and Examinations (OCIE) of the U.S. Securities and Exchange Commission released a Risk Alert on April 16, 2019, which identifies significant Regulation S-P (Reg. S-P)1...more
4/23/2019
/ Broker-Dealer ,
Compliance ,
Cybersecurity ,
Employee Training ,
Investor Protection ,
OCIE ,
Opt-Outs ,
Personally Identifiable Information ,
Policies and Procedures ,
Popular ,
Privacy Policy ,
Registered Investment Companies (RICs) ,
Regulation S-P ,
Risk Alert ,
Securities and Exchange Commission (SEC)
The German antitrust authority (FCO) has ordered Facebook to stop collecting data outside Facebook’s platform without the user’s “voluntary consent.” The decision breaks new ground because it links data protection and...more
2/8/2019
/ Abuse of Dominance ,
Antitrust Investigations ,
Antitrust Violations ,
Competition Authorities ,
Data Collection ,
Data Protection ,
Facebook ,
Federal Cartel Office (the FCO) ,
General Data Protection Regulation (GDPR) ,
Germany ,
Instagram ,
Monopolization ,
Prior Express Consent ,
WhatsApp ,
Without Consent
In a closely watched data-security case, the U.S. Court of Appeals for the Eleventh Circuit vacated as unenforceable a cease and desist order issued by the U.S. Federal Trade Commission (FTC) against LabMD, Inc. According to...more
6/12/2018
/ Administrative Appeals ,
Administrative Law Judge (ALJ) ,
Appeals ,
Cease and Desist Orders ,
Data Breach ,
Data Security ,
Due Process ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC Act ,
Invasion of Privacy ,
LabMD ,
Lack of Specificity ,
Personally Identifiable Information ,
Popular ,
Reversal ,
Section 5 ,
Unfair or Deceptive Trade Practices ,
Vacated
An immense volume of personal data (or personally identifiable information) is proliferating and flowing throughout the world. Personal data is an incredibly valuable asset to companies but data protection and privacy laws...more
3/13/2018
/ Consent ,
Contract Terms ,
Data Controller ,
Data Mapping ,
Data Protection Officers (DPOs) ,
Employee Training ,
Employer Liability Issues ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Multinationals ,
Notice Requirements ,
Personal Data ,
Personally Identifiable Information ,
Privacy Policy ,
Third-Party Relationships
On remand from the Supreme Court, the U.S. Court of Appeals for the Ninth Circuit has held for the second time that the plaintiff in Robins v. Spokeo, Inc. has standing to proceed in federal court with claims under the Fair...more
8/29/2017
/ Appeals ,
Article III ,
Congressional Intent ,
Data Privacy ,
Determination on Remand ,
Fair Credit Reporting Act (FCRA) ,
False Reporting ,
Future Harm ,
Injury-in-Fact ,
Job Applicants ,
SCOTUS ,
Spokeo v Robins ,
Standing ,
Statutory Rights