U.S. privacy law is undergoing dramatic change on an accelerating pace. New laws across the country address specific industries, certain kinds of data, and various concerning practices. There is international pressure to...more
In this month’s Privacy & Cybersecurity Update, we examine the Illinois Supreme Court’s decision in a case involving workers compensation and the state’s Biometric Information Privacy Act, U.K. data transfer regimes before...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - NIST Releases Revision to Security Standard - On September 23, the National Institute of Standards and Technology ("NIST") released Revision 5 to...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - Cybersecurity Standards Issued for Government Contractors - On January 31, the Office of the Under Secretary of Defense for Acquisition and...more
Do we need a new government agency tasked with protecting the data of American citizens? Senator Kirsten Gillibrand believes that we do. On February 12, 2020, Senator Gillibrand announced her proposed legislation titled “The...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - FTC Submits Comment on the Preliminary Draft for the NIST Privacy Framework - On October 24, 2019, the Federal Trade Commission ("FTC") announced that...more
FBI Issues Updated Ransomware Guidance - A recent report from New Zealand-based cybersecurity firm Emsisoft has revealed the extent to which ransomware is being used in cyberattacks in the United States. The first 9 months...more
On October 23, 2019, the European Commission published its report after its third annual review on the functioning of the EU-U.S. Privacy Shield. The Privacy Shield, which became operational in August 2016, details procedures...more
Amanda Witt represented the U.S. on an extraordinary panel in Dublin yesterday in which the participants – leaders in data protection from both sides of the Atlantic – learned from one another and from their national...more
Inside the Privacy Shield Annual Review - Dozens of senior US and EU government officials were joined by officials from data protection authorities in Austria, Bulgaria, France, Germany and Hungary to discuss whether the...more
French Data Protection Authority Issues Guidelines on Cookie Use - CNIL, France’s data protection authority, has released new rulesfor obtaining consumer consent under the GDPR for companies using cookies and other tracking...more
In this month's edition of our Privacy & Cybersecurity Update, we examine expanded data breach notification laws in New Jersey and Washington state, as well as the SEC's risk alert regarding cloud-based storage solutions. We...more
On May 1, 2019, the Senate Commerce Committee held a hearing on “Consumer Perspectives: Policy Principles for a Federal Data Privacy Framework”—the Committee’s third hearing during this session discussing principles for...more
The implementation of the European Union (EU)’s General Data Protection Regulation (GDPR) has raised a number of questions as to how best to approach cross-border discovery. Friction between legal holds and the “right of...more
The European Data protection Board (“EDPB”), which is composed of representatives of the national data protection authorities, and the European Data Protection Supervisor, adopted its report on the second annual review of the...more
GDPR - European Regulators Fine Uber Over 2016 Data Breach • British and Dutch privacy regulators issued fines totaling approximately $1.2 million against ride-hailing company Uber over its 2016 data breach....more
Three years ago, the European Court of Justice killed the US-EU Safe Harbor Program. In the wake of the decision, American and EU negotiators developed the “Privacy Shield” program to facilitate cross-Atlantic data transfers....more
Federal Trade Commission - Federal Trade Commission Asks for Ability to Fine Companies for Privacy Violations - Speaking before the U.S. House of Representatives’ Subcommittee on Digital Commerce and Consumer Protection, the...more
In this month's edition of our Privacy & Cybersecurity Update, we discuss Poland's potential exemptions from the new EU data law and the Office of the Comptroller of the Currency's recommendations for U.S. banks faced with...more
On January 18th, the Federal Trade Commission (“FTC”) released its Annual Privacy and Data Security Update, recapping its enforcement actions, workshops, and other privacy and data security activities in 2017. Enforcement...more
New York Attorney General Announces Record Number of Data Breach Notices in 2016 - On March 21, 2017, the New York Attorney General's Office announced that it received 1,300 reported data breaches in 2016—a 60 percent...more
Spanish Ministry of Justice Launches Public Consultation on GDPR. On February 7, 2017, the Spanish Ministry of Justice launched a public consultation as a preliminary step before drafting a new bill implementing the General...more
On December 28, 2016, the New York Department of Financial Services ("DFS") released a revised version of a proposed regulation that would require banks, insurance companies, and other financial services institutions...more
In this edition of our Privacy & Cybersecurity Update, we look at a series of recent court rulings regarding standing in privacy cases, most of which suggest plaintiffs will continue to have a difficult time establishing...more
Few issues keep executives awake at night more than Privacy and Data Security. New regulations and threats alike are plentiful, varied, and evolving. The rate of change for cybersecurity and information governance continues...more