On June 13, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) collaborated with the Joint Cyber Defense Collaborative (JCDC) to hold the federal government’s first tabletop exercise for “AI security...more
For years, the Gramm-Leach-Bliley Act (GLBA) has required financial institutions to maintain reasonable safeguards for consumer data, but has only had limited breach-reporting requirements. To the extent financial...more
6/13/2024
/ Breach Notification Rule ,
Customer Information ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Security ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Popular ,
Reporting Requirements
In mid-July, the Federal Trade Commission (FTC) reportedly opened an investigation into OpenAI, the maker of ChatGPT, sending the company an extensive Civil Investigative Demand (CID). While FTC investigations are normally...more
On July 20, 2023, the Office for Civil Rights (“OCR”) of the U.S. Department of Health and Human Services (“HHS”), and the Federal Trade Commission (“FTC”) published a joint letter sent to approximately 130 hospital systems...more
Corporate legal departments are increasingly receiving requests from business clients to use ChatGPT or similar “generative AI” tools in their operations. These requests can be urgent, with business clients demanding...more
Germany boasts one of the world’s largest, most sophisticated, and international economies. Companies doing business in Germany are thus an increasingly relevant target for cyberattacks....more
At approximately 6:00 p.m. today, March 11, 2020, California Attorney General Xavier Becerra announced a second round of modifications to the draft regulations his office is preparing for the California Consumer Privacy Act...more
3/12/2020
/ Attorney General ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Privacy Laws ,
Proposed Regulation
California Attorney General Xavier Becerra has released updated regulations to the California Consumer Privacy Act (CCPA) that contain a number of material modifications to the initial CCPA regulations released in October...more
2/14/2020
/ Attorney General ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Privacy Laws ,
Right to Delete
Our Privacy & Data Security Team summarizes the portions of California’s proposed regulations for the California Consumer Privacy Act (CCPA) that are likely of material interest to companies across industries and highlights...more
10/15/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Popular ,
Privacy Laws ,
Right to Delete
California passed the California Consumer Privacy Act (CCPA) in September 2018, and the CCPA enters into force on January 1, 2020. One of the CCPA’s core elements is a right for consumers to know when a company is selling...more
Following a two-year grace period, EU General Data Protection Regulation (GDPR) entered into force on May 25, 2018. For many companies, preparing for the GDPR was a multi-year project involving multiple teams and input or...more
The GDPR entered into force on May 25, 2018. One of the GDPR’s core going-forward obligations is the duty to conduct Data Protection Impact Assessments (DPIAs) over processing activities that create a “high risk” to...more
The GDPR entered into force on May 25, 2018. One of the GDPR’s core going-forward obligations is the duty to conduct Data Protection Impact Assessments (DPIAs) over processing activities that create a “high risk” to...more
5/29/2018
/ Article 29 Working Party (WP29) ,
Austria ,
Corporate Counsel ,
Cybersecurity ,
Data Protection ,
Data Protection Authority ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular ,
Young Lawyers
In just under 100 days, the EU General Data Protection Regulation (GDPR) enters into force. One of the major changes the GDPR introduces is a duty for in-scope controllers and processors to maintain written records of their...more
In less than 100 days, the General Data Protection Regulation (GDPR) will go into effect. This means that as of May 25, 2018, each national Supervisory Authority will have the authority to apply and enforce the GDPR....more
About this time last January, the European Parliament released its proposal for a new ePrivacy Regulation. The intent of the ePrivacy Regulation is to replace the current ePrivacy regime – which consists of an ePrivacy...more
Last year, Germany became the first EU member state to pass legislation implementing the EU’s General Data Protection Regulation (GDPR). For companies, national GDPR implementing legislation can be significant....more
On November 16, 2017, the Belgian Senate adopted an “Act on the Establishment of the Data Protection Authority.” Following Austria, Germany, and the UK, Belgium is the fourth EU member state to pass a domestic statute...more
In October of last year, we reported that digital rights advocacy group Digital Rights Ireland (“DRI”) had brought an action to annul the EU-U.S. Privacy Shield. DRI filed its challenge before the General Court of the...more
Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR). On July 6, 2017, Germany did so by passing a statute titled the Data Protection...more
Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR). On July 6, 2017, Germany did so by passing a statute titled the Data Protection...more
Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR). On July 6, 2017, Germany did so by passing a statute titled the Data Protection...more
Following nearly two years of negotiations, the European Parliament and European Council finally reached agreement on the Network and Information Security Directive (“NIS Directive”) in December 2015.1 The Directive will...more