Latest Publications

Share:

Cybersecurity in the US

As our world becomes increasingly digital, the importance of cybersecurity has never been more critical. In the first blog post in our series for Cybersecurity Awareness Month, we explored the cybersecurity regulatory...more

Navigating Privacy and Cybersecurity Challenges in Automotive and Mobility Sector

In this first installment of our series on the automotive and mobility sector, Cooley cyber/data/privacy lawyers introduce the key data privacy legal issues facing the automotive and mobility sector and provide an overview of...more

Federal Court Dismisses Bulk of SEC’s Complaint Against SolarWinds in Cyberattack Case

On July 18, 2024, US District Judge Paul Engelmayer of the Southern District of New York issued a detailed 107-page opinion and order dismissing most of the US Securities and Exchange Commission (SEC) case against SolarWinds...more

SEC Reporting Implications for Publicly Traded Companies Impacted by CrowdStrike Defective Software Update

There are a number of US Securities and Exchange Commission (SEC) reporting implications arising from the server-related outages caused by CrowdStrike’s defective software update on July 19, 2024, and their impacts on public...more

SEC Settles Charges Against RR Donnelley Related to Cybersecurity Incident Disclosure and Internal Access Controls

On June 18, 2024, the Securities and Exchange Commission (SEC) announced that it had settled claims against RR Donnelley (RRD) related to a 2021 ransomware and cyber extortion attack. Despite RRD having discovered and...more

Utah, Colorado Pave Way for AI-Specific State Laws – Is Your Company Ready for the Impending Regulation Wave?

The regulation of artificial intelligence (AI) has drawn significant interest from policymakers in the US, particularly at the state level. There has been a recent slew of legislative activity with respect to comprehensive AI...more

CISA Opens Notice and Comment Process on CIRCIA Draft Regulations

On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security published a long-awaited notice of proposed rulemaking (NPRM) pursuant to the Cyber Incident Reporting...more

New Hampshire and New Jersey Pass Comprehensive Consumer Privacy Laws

The proliferation of state consumer privacy laws continues into 2024. On March 6, 2024, New Hampshire Gov. Chris Sununu signed SB255, the New Hampshire Privacy Act (NHPA), making New Hampshire the 14th state to enact a...more

Inundated With Requests Under New Jersey’s Daniel’s Law? 

A flood of class action lawsuits have been filed against companies alleging violations of New Jersey’s Daniel’s Law. The statute – enacted after the son of a New Jersey federal judge was fatally shot by a disgruntled lawyer –...more

California’s Delete Act – Key Takeaways for Data Brokers

On Tuesday, October 10, 2023, California Gov. Gavin Newsom signed into law Senate Bill 362, also known as the Delete Act, which amends certain aspects of California’s existing Data Broker Registration law. By January 1, 2026,...more

China Loosens Cross-Border Data Transfer Controls

On September 28, 2023, the Cyberspace Administration of China (CAC) released draft Provisions on Regulating and Promoting Cross-Border Data Flows (see the Chinese version and the unofficial English translation) for public...more

Key Considerations for Form 8-K Cybersecurity Materiality Determinations

With 8-K reporting obligations for “material” cybersecurity incidents under the new Securities and Exchange Commission (SEC) rules becoming effective as of December 18, 2023, most companies will soon be tasked with making...more

CFPB Announces Plans to Extend FCRA to Data Brokers Through Rulemaking

At an August 15, 2023, White House roundtable, Consumer Financial Protection Bureau (CFPB) Director Rohit Chopra announced plans to issue rules that would extend the Fair Credit Reporting Act (FCRA) to certain “data broker...more

SEC Adopts Comprehensive Cybersecurity Disclosure Requirements

On July 26, 2023, the Securities and Exchange Commission (SEC) voted at an open meeting to adopt final rules to mandate standardized cybersecurity disclosures by public companies. The final rules will...more

White House Releases National Cybersecurity Strategy Implementation Plan

On July 13, 2023, the White House unveiled its National Cybersecurity Strategy Implementation Plan (NCSIP or implementation plan), following the release of the National Cybersecurity Strategy....more

California Attorney General Announces Investigative Sweep Focused on Employment-Related Data

On July 14, 2023, the office of the California attorney general announced an investigative sweep of “large California employers” to request “information on the companies’ compliance with the California Consumer Privacy Act...more

Enforcement of CPRA Regulations Delayed Until 2024

A California court order has delayed enforcement of the implementing regulations for the California Privacy Rights Act of 2020 (CPRA) until March 29, 2024. The California Superior Court of Sacramento County issued the court...more

Washington State’s My Health My Data Act FAQ, Part Two – Requirements 

In Part Two of our FAQ series on Washington state’s My Health My Data (MHMD) Act, we answer questions related to some of the act’s substantive requirements. As we explained in our previous FAQ, given the MHMD’s breadth – both...more

Washington State’s My Health My Data Act FAQ, Part One – Applicability and Scope

In this multipart FAQ series, we break down Washington state’s My Health My Data (MHMD) Act (the “MHMD Act” or “Act”). The MHMD Act is arguably one of the most stringent privacy laws in the US, and it further complicates the...more

FTC Proposes Change in Regulation, Enforcement of Data Collection and Security

Key Takeaways - On August 11, 2022, the Federal Trade Commission announced an advance notice of proposed rulemaking (ANPR) to initiate a process that would allow it to develop and enforce rules on what the FTC has termed...more

Companies Respond to SEC’s Proposed Cybersecurity Disclosure Framework

As we reported in our March 2022 client alert, the Securities and Exchange Commission released proposed cybersecurity reporting rules and solicited feedback through a 60-day comment period. The comment period ended on May 9,...more

Bedoya Confirmation Puts Democrats Back in Control of Privacy, Antitrust Enforcement at FTC

On May 16, 2022, eight months after President Joe Biden announced his intention to nominate Alvaro Bedoya to serve as a commissioner of the Federal Trade Commission, Bedoya was sworn in. The FTC includes five commissioners –...more

Part 3: PIPL’s Localization Requirements and Restrictions on Responding to Foreign Judicial and Enforcement Agencies

China’s Personal Information Protection Law (PIPL) requires that operators of critical information infrastructure (e.g., China Mobile) and personal information processors that process personal information in an amount that...more

Part 2: PIPL and GDPR Compliance Obligations on Cross-Border Transfers of Personal Information

As explained in our previous blog post, in addition to the requirements for adopting a cross-border transfer mechanism, China’s Personal Information Protection Law (PIPL) and the European Union’s General Data Protection...more

Cross-Border Data Transfers: PIPL vs. GDPR vs. CCPA

Multinational companies often encounter questions regarding if and when they can transfer personal information across borders. The People’s Republic of China’s Personal Information Protection Law (PIPL) adds new...more

36 Results
 / 
View per page
Page: of 2

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide