On August 15, 2023, the Consumer Financial Protection Bureau ("CFPB") announced it was launching a rulemaking aimed at subjecting any company or entity that collects and sells consumer data to the Fair Credit Reporting Act...more
8/28/2023
/ Consumer Financial Protection Bureau (CFPB) ,
Consumer Reporting Agencies ,
Consumer Reports ,
Cybersecurity ,
Data Brokers ,
Data Collection ,
Data Privacy ,
Data Protection ,
Fair Credit Reporting Act (FCRA) ,
Financial Services Industry ,
Personal Data ,
Popular ,
Rulemaking Process
The California Attorney General ("AG") has issued guidance reminding health care providers of their duty to report health care data breaches and to comply with other state and federal data privacy laws....more
9/15/2021
/ Cyber Attacks ,
Data Breach ,
Data Protection ,
Electronic Medical Records ,
Health Care Providers ,
HIPAA Breach ,
Information Technology ,
Network Security ,
New Guidance ,
Popular ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
President Biden Issues Cybersecurity Executive Order -
On May 12, 2021, President Biden issued an executive order that placed new standards on the...more
8/10/2021
/ Article III ,
Biden Administration ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Executive Orders ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Technology ,
Mobile Apps ,
Personal Data ,
Popular ,
Ransomware ,
SCOTUS ,
Standing ,
TransUnion LLC v Ramirez
Introduction Colorado has joined California and Virginia as the third state with a comprehensive data privacy law. On July 7, 2021, Colorado Governor Polis signed the Act into law, following the Colorado Senate's passage of...more
7/8/2021
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Controller ,
Data Management ,
Data Privacy ,
Data Processors ,
Data Protection ,
Information Governance ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Standards ,
State and Local Government
The Development: The U.S. Supreme Court decided TransUnion LLC v. Ramirez, vacating a class-action judgment and holding that much of the class lacked Article III standing to seek damages for statutory violations. ...more
7/1/2021
/ Article III ,
Class Action ,
Class Members ,
Credit Reporting Agencies ,
Credit Reports ,
Fair Credit Reporting Act (FCRA) ,
Injury-in-Fact ,
SCOTUS ,
Standing ,
TransUnion ,
TransUnion LLC v Ramirez
The New York Department of Financial Services ("NYDFS") fined a mortgage bank $1.5 million for violations of New York's Cybersecurity Regulation, including failure to report a past cyber incident.
On March 3, 2021, the...more
On March 2, 2021, Virginia joined California in enacting a generally applicable consumer data privacy law.
Virginia has become the second U.S. state to enact a comprehensive data privacy law. On March 2, 2021, Governor...more
United States -
Regulatory—Policy, Best Practices, and Standard -
NIST Unveils Draft Guidance to Protect Critical Infrastructure -
On October 22, 2020, the National Institute of Standards and Technology ("NIST")...more
1/8/2021
/ CNIL ,
Consumer Privacy Rights ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
NIST ,
Personal Data ,
Popular ,
Risk Management
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
NIST Releases Revision to Security Standard -
On September 23, the National Institute of Standards and Technology ("NIST") released Revision 5 to...more
The Situation: Less than one year after the California Consumer Privacy Act ("CCPA") became effective, California voters approved the California Privacy Rights Act ("CPRA"), a consumer privacy ballot initiative that amends...more
11/6/2020
/ Advertising ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Popular
On October 12, 2020, the California Attorney General released a third set of proposed modifications to the California Consumer Privacy Act ("CCPA") regulations.
On October 12, 2020, the California Attorney General issued...more
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
Cybersecurity Standards Issued for Government Contractors -
On January 31, the Office of the Under Secretary of Defense for Acquisition and...more
4/1/2020
/ 5G Network ,
Artificial Intelligence ,
Canada ,
China ,
CNIL ,
Computer Fraud and Abuse Act (CFAA) ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
Department of Defense (DOD) ,
EU ,
European Commission ,
Executive Orders ,
Federal Trade Commission (FTC) ,
FERC ,
GAO ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Commissioner's Office (ICO) ,
Japan ,
Latin America ,
National Security ,
NIST ,
OCIE ,
OCR ,
Online Safety for Children ,
People's Bank of China ,
Public Health Emergency ,
Securities and Exchange Commission (SEC) ,
Social Media ,
State Attorneys General ,
Telehealth ,
Trump Administration ,
Unmanned Aircraft Systems
The Situation: Four months after releasing the initial draft proposed regulations to the California Consumer Privacy Act ("CCPA") of 2018, the California Attorney General ("Attorney General") issued modifications to these...more
2/21/2020
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Protection ,
Notice Requirements ,
Opt-Outs ,
Privacy Policy ,
Proposed Regulation ,
Public Comment ,
Right To Know ,
State Attorneys General
The California Consumer Privacy Act has put businesses at substantial risk of data breach litigation and litigation from technical noncompliance.
On January 1, 2020, the California Consumer Privacy Act ("CCPA") went into...more
The Situation: On January 1, 2020, the California Consumer Privacy Act of 2018 ("CCPA") goes into effect, with enforcement by the California attorney general ("attorney general") to begin six months after the final...more
10/25/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Employee Privacy Rights ,
New Amendments ,
Privacy Laws ,
Proposed Regulation ,
Public Comment ,
Public Hearing
On October 10, 2019, the California attorney general released long-awaited proposed regulations under the California Consumer Privacy Act ("CCPA"). These regulations provide much-needed guidance on the CCPA requirements,...more
10/15/2019
/ California Consumer Privacy Act (CCPA) ,
Compliance ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Enforcement Actions ,
Minors ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Privacy Policy ,
Public Comment ,
Public Hearing ,
Right to Delete ,
State Attorneys General ,
Verification Requirements
The Situation: In the wake of the Equifax data breach, Massachusetts has amended its data breach law.
The Result: Companies reporting security breaches under the amended data breach law must provide additional information...more
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
NIST Releases Internal Report Regarding IoT Cybersecurity -
In September, the National Institute of Standards and Technology ("NIST") released a draft...more
12/26/2018
/ Civil Monetary Penalty ,
CNIL ,
Consumer Reporting Agencies ,
COPPA ,
Critical Infrastructure Sectors ,
Cross-Border ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Protection ,
Department of Defense (DOD) ,
Disclosure Requirements ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hobbs Act ,
Internal Audit Functions ,
International Data Transfers ,
Internet of Things ,
NIST ,
Popular ,
Power Grid ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act
On the heels of the European Union's General Data Protection law, which went into effect in May 2018, California has enacted the California Consumer Privacy Act ("CCPA")—the result of an 11th-hour compromise between...more
10/24/2018
/ Argentina ,
Asia ,
Australia ,
Belgium ,
Brazil ,
California Consumer Privacy Act (CCPA) ,
Canada ,
Chile ,
China ,
Colombia ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection ,
EU ,
Federal Trade Commission (FTC) ,
France ,
General Data Protection Regulation (GDPR) ,
Germany ,
Hong Kong ,
IRS ,
Italy ,
Japan ,
Mexico ,
Netherlands ,
NIST ,
Paraguay ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Singapore ,
Spain ,
TCPA ,
UK
The Situation: Even before the General Data Protection Regulation ("GDPR") became effective on May 25, there has been a noticeable trend in the enforcement of security obligations through increased sanctions.
The...more
7/6/2018
/ CNIL ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
E-Commerce ,
France ,
General Data Protection Regulation (GDPR) ,
Popular
The Situation: Unanimously passed by the California state legislature, the California Consumer Privacy Act of 2018 introduces the nation's most wide-ranging consumer data privacy laws.
The Result: New consumer protections...more
7/5/2018
/ Consumer Protection Laws ,
Cybersecurity ,
Data Collection ,
Disclosure Requirements ,
General Data Protection Regulation (GDPR) ,
Governor Brown ,
New Legislation ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Portability ,
Right to Be Forgotten ,
State and Local Government
JONES DAY CYBERSECURITY, PRIVACY & DATA PROTECTION ATTORNEY SPOTLIGHT: Richard Martinez -
Europe's new General Data Protection Regulation ("GDPR") is driving an evolution in corporate privacy practices globally. As...more
6/25/2018
/ Article 29 Working Party (WP29) ,
Australia ,
Canada ,
China ,
Cybersecurity ,
Data Breach ,
Data Protection Officers (DPOs) ,
Department of Defense (DOD) ,
Department of Health and Human Services (HHS) ,
Department of Homeland Security (DHS) ,
Enforcement Actions ,
ENISA ,
EU ,
EU Data Protection Laws ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hong Kong ,
Infrastructure ,
IRS ,
Japan ,
Latin America ,
Mexico ,
National Security ,
NIST ,
Personally Identifiable Information ,
Popular ,
Regulatory Oversight ,
Singapore ,
South America ,
State Data Breach Notification Statutes
President Trump has signed into law the Economic Growth, Regulatory Relief, and Consumer Protection Act ("Act"), with the principal goals of promoting U.S. economic growth, recalibrating burdensome rules, and strengthening...more
6/11/2018
/ Banks ,
Dodd-Frank ,
Economic Growth Regulatory Relief and Consumer Protection Act ,
Federal Reserve ,
Financial Institutions ,
Financial Regulatory Reform ,
Financial Services Industry ,
Mortgage Loan Originators ,
Mortgages ,
Popular ,
Trump Administration ,
Volcker Rule
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
United States and China Renew Promise Not to Hack -
On October 4, U.S. and Chinese officials agreed to not engage in targeted hacking. Per a...more
11/21/2017
/ Acquisitions ,
Argentina ,
Article 29 Working Party (WP29) ,
Australia ,
Belgium ,
Biometric Information Privacy Act ,
Blockchain ,
Canada ,
CCTV ,
Chile ,
China ,
CNIL ,
Connected Cars ,
COPPA ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Department of Defense (DOD) ,
Department of Health and Human Services (HHS) ,
Driverless Cars ,
EDPS ,
ENISA ,
Equifax ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
France ,
General Data Protection Regulation (GDPR) ,
Germany ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Initial Coin Offering (ICOs) ,
International Data Transfers ,
Italy ,
Mexico ,
Mobile Apps ,
National Security ,
Netherlands ,
NIST ,
Online Advertisements ,
People's Bank of China ,
Personally Identifiable Information ,
Popular ,
Public Safety ,
Retail Investors ,
Search Engines ,
Securities and Exchange Commission (SEC) ,
Social Media ,
Spain ,
Stored Communications Act ,
TCPA ,
UK ,
Websites
The Situation: The European Court of Justice ("ECJ") is to rule on the validity of EU Standard Contractual Clauses used by companies to transfer personal data outside of the European Union, at the request of Ireland's High...more
10/17/2017
/ Binding Corporate Rules ,
Cybersecurity ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
European Court of Justice (ECJ) ,
Facebook ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework