Demonstrating its continued focus on cybersecurity enforcement, the Securities and Exchange Commission (SEC) announced three new actions on Aug. 30 charging eight firms with maintaining deficient cybersecurity policies and...more
On July 9, 2021, New York City enacted a new biometric ordinance regulating how businesses handle biometric identifier information. The new law is the first of its kind in New York and requires commercial establishments...more
On June 4, the European Commission (EC) adopted two sets of standard contractual clauses (SCCs) for use between controllers and processers in the European Economic Area (EEA) and for the transfer of data between EEA and...more
6/17/2021
/ Cybersecurity ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
Consistent with a growing national trend, Virginia joined California in recently passing consumer privacy legislation with broad national reach. Both the Virginia Consumer Data Protection Act ...more
4/8/2021
/ California Consumer Privacy Act (CCPA) ,
CDPA ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Personal Data ,
Personally Identifiable Information ,
Popular
On Nov. 11, 2020, the European Data Protection Board (EDPB) published eagerly anticipated guidance in the wake of the July 2020 European Court of Justice’s (ECJ) decision in Schrems II, outlining a process for ensuring data...more
11/23/2020
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
New York is gearing up to enact some of the toughest cybersecurity, privacy and data protection laws in the country. Modeled on the European Union’s General Data Protection Regulation (GDPR) and the California Consumer...more
7/18/2019
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Legislative Agendas ,
Notification Requirements ,
Pending Legislation ,
Personal Data ,
Personally Identifiable Information ,
SHIELD Act ,
State and Local Government ,
State Data Breach Notification Statutes
This Update highlights key legal and policy developments in cybersecurity and privacy law that may impact important trends for 2019 and beyond. A central takeaway from 2018 is that regulators in the U.S. and abroad are...more
1/28/2019
/ California Consumer Privacy Act (CCPA) ,
Carpenter v US ,
CLOUD Act ,
Cybersecurity ,
Data Breach ,
Data Protection ,
EU ,
Facebook ,
General Data Protection Regulation (GDPR) ,
Google ,
Hackers ,
International Data Transfers ,
Marriott ,
Microsoft ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Power Plants ,
Risk Management ,
Russia ,
Securities and Exchange Commission (SEC) ,
Stored Communications Act
On June 28, 2018, the California Consumer Privacy Act of 2018 (CCPA) was signed into law. The bill was drafted and passed quickly, just prior to a deadline for removing a similar initiative from the ballot that would have...more
On Feb. 21, the Securities and Exchange Commission (SEC) released interpretive guidance on public companies’ disclosure practices regarding cybersecurity breaches and risks to the public....more
3/1/2018
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Disclosure Requirements ,
Hackers ,
Insider Trading ,
Investment Adviser ,
New Guidance ,
Personally Identifiable Information ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC)
Dans moins de quatre mois, le 25 mai 2018, le règlement général de l'Union européenne sur la protection des données (« RGPD ») entrera en vigueur et la loi française, actuellement en discussion devant le parlement, qui tient...more
2/5/2018
/ Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
France ,
General Data Protection Regulation (GDPR) ,
Information Technology ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Risk Management
In less than four months, on May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) will enter into full effect, bringing with it an array of new individual rights and regulatory requirements....more