As our world becomes increasingly digital, the importance of cybersecurity has never been more critical.
In the first blog post in our series for Cybersecurity Awareness Month, we explored the cybersecurity regulatory...more
In this first installment of our series on the automotive and mobility sector, Cooley cyber/data/privacy lawyers introduce the key data privacy legal issues facing the automotive and mobility sector and provide an overview of...more
On July 18, 2024, US District Judge Paul Engelmayer of the Southern District of New York issued a detailed 107-page opinion and order dismissing most of the US Securities and Exchange Commission (SEC) case against SolarWinds...more
There are a number of US Securities and Exchange Commission (SEC) reporting implications arising from the server-related outages caused by CrowdStrike’s defective software update on July 19, 2024, and their impacts on public...more
On June 18, 2024, the Securities and Exchange Commission (SEC) announced that it had settled claims against RR Donnelley (RRD) related to a 2021 ransomware and cyber extortion attack. Despite RRD having discovered and...more
The regulation of artificial intelligence (AI) has drawn significant interest from policymakers in the US, particularly at the state level. There has been a recent slew of legislative activity with respect to comprehensive AI...more
On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security published a long-awaited notice of proposed rulemaking (NPRM) pursuant to the Cyber Incident Reporting...more
The proliferation of state consumer privacy laws continues into 2024. On March 6, 2024, New Hampshire Gov. Chris Sununu signed SB255, the New Hampshire Privacy Act (NHPA), making New Hampshire the 14th state to enact a...more
A flood of class action lawsuits have been filed against companies alleging violations of New Jersey’s Daniel’s Law. The statute – enacted after the son of a New Jersey federal judge was fatally shot by a disgruntled lawyer –...more
On Tuesday, October 10, 2023, California Gov. Gavin Newsom signed into law Senate Bill 362, also known as the Delete Act, which amends certain aspects of California’s existing Data Broker Registration law. By January 1, 2026,...more
On September 28, 2023, the Cyberspace Administration of China (CAC) released draft Provisions on Regulating and Promoting Cross-Border Data Flows (see the Chinese version and the unofficial English translation) for public...more
With 8-K reporting obligations for “material” cybersecurity incidents under the new Securities and Exchange Commission (SEC) rules becoming effective as of December 18, 2023, most companies will soon be tasked with making...more
At an August 15, 2023, White House roundtable, Consumer Financial Protection Bureau (CFPB) Director Rohit Chopra announced plans to issue rules that would extend the Fair Credit Reporting Act (FCRA) to certain “data broker...more
On July 26, 2023, the Securities and Exchange Commission (SEC) voted at an open meeting to adopt final rules to mandate standardized cybersecurity disclosures by public companies. The final rules will...more
8/3/2023
/ Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 10-K ,
Form 8-K ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)
On July 13, 2023, the White House unveiled its National Cybersecurity Strategy Implementation Plan (NCSIP or implementation plan), following the release of the National Cybersecurity Strategy....more
On July 14, 2023, the office of the California attorney general announced an investigative sweep of “large California employers” to request “information on the companies’ compliance with the California Consumer Privacy Act...more
A California court order has delayed enforcement of the implementing regulations for the California Privacy Rights Act of 2020 (CPRA) until March 29, 2024. The California Superior Court of Sacramento County issued the court...more
In Part Two of our FAQ series on Washington state’s My Health My Data (MHMD) Act, we answer questions related to some of the act’s substantive requirements. As we explained in our previous FAQ, given the MHMD’s breadth – both...more
In this multipart FAQ series, we break down Washington state’s My Health My Data (MHMD) Act (the “MHMD Act” or “Act”). The MHMD Act is arguably one of the most stringent privacy laws in the US, and it further complicates the...more
Key Takeaways -
On August 11, 2022, the Federal Trade Commission announced an advance notice of proposed rulemaking (ANPR) to initiate a process that would allow it to develop and enforce rules on what the FTC has termed...more
As we reported in our March 2022 client alert, the Securities and Exchange Commission released proposed cybersecurity reporting rules and solicited feedback through a 60-day comment period. The comment period ended on May 9,...more
On May 16, 2022, eight months after President Joe Biden announced his intention to nominate Alvaro Bedoya to serve as a commissioner of the Federal Trade Commission, Bedoya was sworn in. The FTC includes five commissioners –...more
China’s Personal Information Protection Law (PIPL) requires that operators of critical information infrastructure (e.g., China Mobile) and personal information processors that process personal information in an amount that...more
As explained in our previous blog post, in addition to the requirements for adopting a cross-border transfer mechanism, China’s Personal Information Protection Law (PIPL) and the European Union’s General Data Protection...more
Multinational companies often encounter questions regarding if and when they can transfer personal information across borders. The People’s Republic of China’s Personal Information Protection Law (PIPL) adds new...more