X Agrees to Stop Processing EU Data to Train its Grok AI -
Ireland’s Data Protection Commission (“DPC”) recently filed an urgent High Court application against X (formerly Twitter) for using the personal data of European...more
9/13/2024
/ Artificial Intelligence ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Data Security ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
Fines ,
Ireland ,
Liability ,
Personal Data ,
Sensitive Personal Information ,
Twitter ,
Uber
U.S. Court Axes Most of SEC's SolarWinds Data Breach Suit -
The U.S. District Court for the Southern District of New York recently dismissed much of the U.S. Securities and Exchange Commission’s (“SEC”) suit against...more
8/2/2024
/ Artificial Intelligence ,
Audits ,
Automated Decision Systems (ADS) ,
COPPA ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Dismissals ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Instant Messaging Apps ,
Misleading Statements ,
Regulation Technical Standards (RTS) ,
Risk Assessment ,
ROSCA ,
Securities and Exchange Commission (SEC) ,
Settlement ,
SolarWinds
SEC Fines the New York Stock Exchange’s Parent Company $10 million for Failure to Promptly Notify Its Subsidiaries of Cybersecurity Breach -
On May 22, 2024, the Securities and Exchange Commission (“SEC”) imposed a $10...more
6/14/2024
/ Annual Reports ,
Artificial Intelligence ,
Breach Notification Rule ,
Colorado ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Information Commissioner's Office (ICO) ,
Machine Learning ,
New Legislation ,
NYSE ,
Popular ,
Securities and Exchange Commission (SEC) ,
UK
DORA became law in December 2022 but provides for a grace period until 17 January 2025 for organisations to put in place the necessary measures to comply.
The new rules will require engagement from both an operational and...more
3/7/2024
/ Asset Management ,
Audits ,
Cryptoassets ,
Cybersecurity ,
Enforcement ,
EU ,
European Commission ,
European Supervisory Authorities (ESAs) ,
General Data Protection Regulation (GDPR) ,
New Rules ,
Penalties ,
Reporting Requirements ,
Risk Management ,
Third-Party Risk ,
UCITS
FTC Proposes New Protections to Guard Against AI Impersonations of Individuals -
Amidst growing concerns that emerging technology—including AI-generated deepfakes—threaten to increase the prevalence of impersonation fraud,...more
3/1/2024
/ Anti-Terrorism Financing ,
Artificial Intelligence ,
Cybersecurity ,
Deep Fake ,
EU ,
European Convention on Human Rights ,
Federal Trade Commission (FTC) ,
Human Rights ,
Russia ,
Securities and Exchange Commission (SEC) ,
Terms of Service
NSA and CISA Release Report on “Top Ten” Cybersecurity Misconfigurations; CISA Calls for Software Manufacturers to Implement Best Practices -
On October 5, 2023, the United States National Security Agency (NSA) and...more
10/20/2023
/ Artificial Intelligence ,
Cybersecurity ,
Data Breach ,
Data Transfers ,
European Data Protection Board (EDPB) ,
Federal Trade Commission (FTC) ,
Fines ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Investigations ,
Law Enforcement ,
Manufacturers ,
National Security Agency (NSA) ,
Personal Data ,
Popular ,
Settlement ,
Software ,
UK ICO
SEC Finalizes Cybersecurity Disclosure Rules for Public Companies -
On July 26, 2023, the Securities and Exchange Commission (“SEC”) voted to adopt new rules requiring public companies to make certain disclosures...more
8/4/2023
/ California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Enforcement ,
Federal Trade Commission (FTC) ,
Final Rules ,
Foreign Private Issuers ,
Form 8-K ,
Hospitals ,
Investment Company Act of 1940 ,
Mobile Apps ,
Securities and Exchange Commission (SEC) ,
Telehealth ,
Tracking Systems ,
Websites
California Court Pauses Enforcement of Most Recent CCPA Regulations until March 2024 -
On June 30, 2023, the Superior Court of California, County of Sacramento (California Chamber Of Commerce v. California Privacy...more
7/21/2023
/ Biden Administration ,
California ,
California Consumer Privacy Act (CCPA) ,
Cross-Border ,
Cybersecurity ,
Data Privacy ,
Enforcement ,
EU ,
European Commission ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
NYDFS ,
Presidential Nominations ,
Privacy Framework ,
Proposed Regulation ,
Regulatory Agenda
The Department of Health and Social Care in the United Kingdom has published a proposed update to its policy regarding access to National Health Service (NHS) data for research purposes. The proposed update focuses on the...more
Biden Administration to Introduce New National Cyber Strategy for Critical Infrastructure -
The Biden administration is reportedly working on a National Cyber Strategy for critical infrastructure that will advocate a more...more
1/20/2023
/ Biden Administration ,
Chemicals ,
Class Action ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Collection ,
Data Security ,
Energy Sector ,
Facial Recognition Technology ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
National Security ,
NIST ,
Oil & Gas ,
OMB ,
Pipelines ,
Proposed Legislation ,
Public Safety ,
Railways ,
Settlement ,
TSA ,
Water
The High Court has granted the victim of a cyberattack a permanent injunction against cyberattackers without the victim organisation having to reveal its identity. Generally, a claimant's identity is public in court...more
SEC Chair Gensler Indicates Commission is Looking to Update SEC’s Regulation S-P -
On September 28, 2022, Securities and Exchange Commission (“SEC” or the “Commission”) Chairman Gary Gensler appeared via video at the...more
10/14/2022
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Algorithms ,
Anti-Discrimination Policies ,
Artificial Intelligence ,
Biden Administration ,
Broker-Dealer ,
Cloud Service Providers (CSPs) ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
Foreign Trade Regulations ,
Gramm-Leach-Blilely Act ,
Hackers ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Investment Adviser ,
Investment Companies ,
Privacy Framework ,
Regulation S-P ,
Request For Information ,
Right of Access ,
Securities and Exchange Commission (SEC) ,
Subject Access Request (SAR) ,
Title V ,
U.S. Commerce Department ,
Uber ,
UK ,
UK GDPR
The Dubai International Financial Centre’s ("DIFC") data protection authority has published its proposals for updated tools and guidance on international data transfers. A consultation on these proposals by the DIFC...more
5/5/2022
/ Cybersecurity ,
Data Protection ,
Data Protection Authority ,
Data Security ,
Dubai ,
International Data Transfers ,
Personally Identifiable Information ,
Popular ,
Regulatory Agenda ,
Regulatory Reform ,
Standard Contractual Clauses ,
United Arab Emirates (UAE)
SEC Proposes New Cybersecurity Rules for Public Companies -
On March 9, 2022, the Securities and Exchange Commission (“SEC”) announced proposed amendments to its rules on cybersecurity. The proposed rules aim to “enhance and...more
3/25/2022
/ Cookie Banners ,
COPPA ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Disclosure Requirements ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Mobile Apps ,
Popular ,
Privacy Concerns ,
Publicly-Traded Companies ,
Regulatory Agenda ,
Regulatory Reform ,
Regulatory Violations ,
Securities and Exchange Commission (SEC)
SEC Proposes and Seeks Comments on New Cybersecurity Rules -
At an open meeting on February 9, 2022, the Securities and Exchange Commission (“SEC”) voted three-to-one to propose new and amended rules regarding cybersecurity...more
2/25/2022
/ Asset Management ,
Cybersecurity ,
Data Collection ,
Disclosure Requirements ,
EDPS ,
International Data Transfers ,
Personal Data ,
Policies and Procedures ,
Popular ,
Registered Investment Advisors ,
Registered Investment Companies (RICs) ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Spyware
A recent UK Court of Appeal decision highlights ongoing uncertainty regarding the jurisdictional reach of the GDPR and invites intervention from the Information Commissioner’s Office. ...more
1/25/2022
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
EU ,
EU Data Protection Laws ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Jurisdiction ,
Personal Data ,
UK
We are delighted by the positive feedback we have received on our first two issues of Dechert Cyber Bits. Thank you for taking the time to send us your comments. In this issue of Cyber Bits, we discuss key developments from...more
11/19/2021
/ Class Action ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Popular ,
Ransomware ,
Vulnerability Assessments
The Information Commissioner’s Office (ICO), the UK’s data protection authority, has recently published updated guidance on an individual’s right to access their personal data. This OnPoint considers the key issues arising...more
In a statement from Facebook’s VP of Global Affairs and Communications, Nick Clegg, the social media giant confirmed that the Irish Data Protection Commission (DPC) has commenced an inquiry into data transfers from the EU to...more