SEC Fines the New York Stock Exchange’s Parent Company $10 million for Failure to Promptly Notify Its Subsidiaries of Cybersecurity Breach -
On May 22, 2024, the Securities and Exchange Commission (“SEC”) imposed a $10...more
6/14/2024
/ Annual Reports ,
Artificial Intelligence ,
Breach Notification Rule ,
Colorado ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Information Commissioner's Office (ICO) ,
Machine Learning ,
New Legislation ,
NYSE ,
Popular ,
Securities and Exchange Commission (SEC) ,
UK
April 2024 On April 4, 2024, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (“CISA”) published a 447-page Notice of Proposed Rulemaking (“Proposed Rules”) in accordance with the...more
4/19/2024
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Government Agencies ,
Machine Learning ,
OMB ,
Online Safety for Children ,
Privacy Laws ,
Proposed Rules ,
Reporting Requirements ,
UK ,
Voluntary Compliance
FTC Announces Proposed Settlement with Data Aggregator over its Alleged Selling of Precise Location Data -
The Federal Trade Commission (“FTC”), on January 18, 2024, announced a proposed settlement with InMarket Media...more
The Biden Administration Issues Executive Order on Artificial Intelligence -
On October 30, 2023, President Biden signed an Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence (the “Order”)...more
11/17/2023
/ Artificial Intelligence ,
Biden Administration ,
Chief Information Security Officer (CISO) ,
Cyber Crimes ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Executive Orders ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
NYDFS ,
Ransomware ,
Regulatory Agenda ,
Securities and Exchange Commission (SEC) ,
SolarWinds
FTC Finalizes Settlement with 1Health.io For Allegations It Failed to Protect Customers’ DNA Data -
On September 6, 2023, the Federal Trade Commission’s agreement with the genetic testing firm 1Health.io Inc. – formerly...more
9/25/2023
/ Background Checks ,
California ,
California Consumer Privacy Act (CCPA) ,
Consent Agreements ,
Consumer Reporting Agencies ,
Data Brokers ,
Data Collection ,
Data Security ,
Data-Sharing ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
FTC Act ,
Gramm-Leach-Blilely Act ,
Information Commissioner's Office (ICO) ,
Law Enforcement ,
New Legislation ,
Personal Data ,
Personal Information ,
Privacy Policy ,
Settlement ,
UK ,
UK GDPR
SEC Proposes Significant Updates to Regulation S-P and Cyber Risk Management Rule for Market Entities -
At an open meeting on March 15, 2023, the Securities and Exchange Commission (the “Commission) issued a release and...more
3/31/2023
/ Colorado ,
Cybersecurity ,
EU ,
European Court of Justice (ECJ) ,
European Data Protection Board (EDPB) ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Fraud ,
General Data Protection Regulation (GDPR) ,
Privacy Laws ,
Proposed Regulation ,
Scams ,
Securities and Exchange Commission (SEC) ,
Sensitive Personal Information ,
Social Media
Biden Administration to Introduce New National Cyber Strategy for Critical Infrastructure -
The Biden administration is reportedly working on a National Cyber Strategy for critical infrastructure that will advocate a more...more
1/20/2023
/ Biden Administration ,
Chemicals ,
Class Action ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Collection ,
Data Security ,
Energy Sector ,
Facial Recognition Technology ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
National Security ,
NIST ,
Oil & Gas ,
OMB ,
Pipelines ,
Proposed Legislation ,
Public Safety ,
Railways ,
Settlement ,
TSA ,
Water
U.S. Government Releases Guide of ‘Minimum Baseline’ Cybersecurity Practices for Protecting Critical Infrastructure -
The Cybersecurity & Infrastructure Security Agency (“CISA”) has released a guide to help organizations...more
11/11/2022
/ Advisory Board ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
European Commission ,
European Court of Justice (ECJ) ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
International Data Transfers ,
Internet of Things ,
Joint Control ,
New Guidance ,
Popular ,
Transatlantic Trade and Investment Partnership ,
TTP
Pelosi Statement Dims the Lights on ADPPA -
The prospects for the nation’s first comprehensive data privacy law, the American Data Privacy and Protection Act (the “ADPPA” or the “Bill”), dimmed after House Speaker Nancy...more
9/16/2022
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Algorithms ,
Anti-Discrimination Policies ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CNIL ,
Compliance ,
Cryptography ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Homeland Security (DHS) ,
Enforcement ,
EU ,
European Data Protection Board (EDPB) ,
Federal Data Privacy ,
Federal Trade Commission (FTC) ,
Fines ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
NIST ,
Opt-Outs ,
Personal Information ,
Proposed Legislation ,
Settlement ,
Surveillance ,
Third-Party ,
Trade Associations
California Privacy Protection Agency Proposes CPRA Regulations as the ADPPA Continues to Advance in Congress -
On July 8, 2022, the California Privacy Protection Agency (“CPPA”) filed a Notice of Proposed Rulemaking...more
7/22/2022
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Financial Protection Bureau (CFPB) ,
Consumer Privacy Rights ,
Cyber Attacks ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Digital Markets Strategy ,
Digital Services ,
Fair Credit Reporting Act (FCRA) ,
Proposed Regulation
Less than two months after the California Privacy Protection Agency (“CPPA” or “Agency”) formally took over rulemaking for the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act...more
6/8/2022
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Policy Drafting ,
Popular ,
Regulatory Agenda
California Privacy Protection Agency Indicates Delay for Final CPRA Regulations The California Privacy Protection Agency (“Agency”) was established by the California Privacy Rights Act of 2020 (“CPRA”)....more
2/28/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Enforcement Priorities ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Agenda ,
State Attorneys General
At an open meeting on February 9, 2022, the Securities and Exchange Commission voted three-to-one to propose new and amended rules regarding cybersecurity risk management, cyber incident reporting and cyber risk disclosure...more
We are delighted by the positive feedback we have received on our first two issues of Dechert Cyber Bits. Thank you for taking the time to send us your comments. In this issue of Cyber Bits, we discuss key developments from...more
11/19/2021
/ Class Action ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Popular ,
Ransomware ,
Vulnerability Assessments