On November 8, 2024, the California Privacy Protection Agency (the “CPPA”) Board advanced to formal rulemaking the California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments,...more
Publications and Advisories - July 31, 2023 – Dave Brown, Kate Hanniford, Kim Peretti, Julia Mediamolle, Cara Peterman, Sierra Shear, Kristen Bartolotta, and Kezia Osunsade published “Securities Law, Securities Litigation,...more
8/10/2023
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Civil Investigation Demand ,
COPPA ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
Hackers ,
International Data Transfers ,
Online Safety for Children ,
Popular ,
Ransomware ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Standard Contractual Clauses ,
Telehealth
Publications and Advisories - April 5, 2023 – Kate Hanniford and Elinor Hiller published “Healthy Byte: White House and HHS Both Update Their Cybersecurity Guidance.”...more
Publications and Advisories - February 10, 2023 – Kathleen Benway, David Keating, and Sara Pullen Guercio published “Privacy, Cyber & Data Strategy / Consumer Protection/FTC Advisory: Limit Your Health Data Sharing and Call...more
2/15/2023
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
FCC ,
Federal Trade Commission (FTC) ,
Personal Information ,
Popular ,
State Privacy Laws
Selected U.S. Privacy and Cyber Updates - California Privacy Protection Agency Issues Notice of Modifications to Proposed CPRA Regulations - On November 3, 2022, the California Privacy Protection Agency (CPPA) issued a notice...more
Selected Developments in U.S. Law - U.S. Department of Commerce Announces the Establishment of a Global CBPR Forum On April 21, 2022, Canada, Japan, South Korea, the Philippines, Singapore, Taiwan, and the United States...more
5/11/2022
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Assets ,
Fraud ,
Personal Information ,
Popular ,
Privacy Laws ,
Ransomware
Selected Developments in U.S. Law - SEC Proposed Rule Will Require Private Funds to Report Certain Cyber Events On January 26, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new rules to enhance hedge fund...more
2/9/2022
/ China ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Privacy ,
Data Security ,
Data Subject Access Requests ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Malware ,
Multi-Factor Authentication ,
NYDFS ,
Personal Data ,
Popular ,
Ransomware ,
Reporting Requirements ,
Russia ,
Ukraine
Selected Developments in U.S. Law - Department of Defense Suspends the CMMC Pilot Program and CMMC Requirements in DoD Solicitations Pending Major Changes for CMMC 2.0. On November 5, 2021, the Department of Defense...more
11/19/2021
/ Breach Notification Rule ,
California Privacy Rights Act (CPRA) ,
Cryptocurrency ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Breach ,
Department of Defense (DOD) ,
FinCEN ,
Office of Foreign Assets Control (OFAC) ,
Ransomware ,
Reporting Requirements ,
Risk Mitigation
The Data Strategy Webinar Series spotlights cutting-edge issues in privacy and cybersecurity. This session will feature the latest developments regarding SCCs and data transfers out of Europe, including a discussion of...more
Selected Developments in U.S. Law - Colorado Privacy Act Becomes Third Comprehensive State Privacy Act in the United States - Our Privacy, Cyber & Data Strategy Team highlights some of the similarities and differences between...more
Selected Developments in U.S. Law - NYDFS Issues Report on the SolarWinds Attack and Covered Entities’ Responses Following the SolarWinds cyber espionage attack and the resulting focus on supply chain risk, the New York...more
5/14/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Security ,
FBI ,
NYDFS ,
Phishing Scams ,
Popular ,
Ransomware ,
Safe Harbors ,
Settlement ,
SolarWinds ,
Supply Chain
Selected Developments in U.S. Law - Fifth Circuit Decision Raises Cyber Enforcement Complications for the U.S. Department of Health and Human Services As the Biden Administration begins detailing its regulatory and...more
2/18/2021
/ Attorney-Client Privilege ,
Biden Administration ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Ransomware ,
Reporting Requirements ,
Risk Management ,
State Privacy Laws ,
Work-Product Doctrine
Selected Developments in U.S. Law - Alston & Bird Analyzes New California Privacy Rights Act - California voters approved a ballot initiative containing the California Privacy Rights Act of 2020. ...more
11/20/2020
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Justice (DOJ) ,
FinCEN ,
Hackers ,
International Data Transfers ,
Malware ,
Personal Information ,
Ransomware ,
Schrems I & Schrems II
Selected Developments in U.S. Law - SEC Creates Event and Emerging Risk Examination Team - Following the Office of Compliance Inspections and Examinations’ (OCIE) recent and detailed risk alert on the threat of ransomware,...more
8/14/2020
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Protection ,
Data Transfers ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
OCIE ,
Popular ,
Ransomware ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
UK
Selected Developments in U.S. Law - Japan’s Personal Information Protection Committee Releases Guidance on Contact Tracing Mobile Apps to Combat COVID-19 - On May 1, the Personal Information Protection Committee in Japan...more
California Attorney General Xavier Becerra has released updated regulations to the California Consumer Privacy Act (CCPA) that contain a number of material modifications to the initial CCPA regulations released in October...more
2/14/2020
/ Attorney General ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Privacy Laws ,
Right to Delete
Selected Developments in U.S. Law -
NIST Publishes Privacy Framework Version 1.0 -
On January 16, 2020, the National Institute of Standards and Technology (NIST) published Version 1.0 of its Privacy Framework: A Tool for...more
Our Privacy & Data Security Team summarizes the portions of California’s proposed regulations for the California Consumer Privacy Act (CCPA) that are likely of material interest to companies across industries and highlights...more
10/15/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Popular ,
Privacy Laws ,
Right to Delete
On April 30, we detailed several proposed amendments to the California Consumer Privacy Act (the “CCPA”) that were advancing in the State Assembly....more
We may now have more clarity on what the California Consumer Privacy Act (the “CCPA”) will look like when it goes into effect on January 1, 2020. The California Assembly’s Committee on Privacy and Consumer Protection...more
Our Privacy & Data Security Group reviews California’s sweeping new law that establishes an array of privacy rights for state residents and worries for businesses nationwide....more
7/5/2018
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
New Legislation ,
Opt-Outs ,
Personally Identifiable Information ,
Popular ,
Private Right of Action ,
State and Local Government
Last year, Germany became the first EU member state to pass legislation implementing the EU’s General Data Protection Regulation (GDPR). For companies, national GDPR implementing legislation can be significant....more