Selected Developments in U.S. Law - SEC Proposed Rule Will Require Private Funds to Report Certain Cyber Events On January 26, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new rules to enhance hedge fund...more
2/9/2022
/ China ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Privacy ,
Data Security ,
Data Subject Access Requests ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Malware ,
Multi-Factor Authentication ,
NYDFS ,
Personal Data ,
Popular ,
Ransomware ,
Reporting Requirements ,
Russia ,
Ukraine
Selected Developments in U.S. Law - Department of Defense Suspends the CMMC Pilot Program and CMMC Requirements in DoD Solicitations Pending Major Changes for CMMC 2.0. On November 5, 2021, the Department of Defense...more
11/19/2021
/ Breach Notification Rule ,
California Privacy Rights Act (CPRA) ,
Cryptocurrency ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Breach ,
Department of Defense (DOD) ,
FinCEN ,
Office of Foreign Assets Control (OFAC) ,
Ransomware ,
Reporting Requirements ,
Risk Mitigation
Selected Developments in U.S. Law - Colorado Privacy Act Becomes Third Comprehensive State Privacy Act in the United States - Our Privacy, Cyber & Data Strategy Team highlights some of the similarities and differences between...more
Selected Developments in U.S. Law - NYDFS Issues Report on the SolarWinds Attack and Covered Entities’ Responses Following the SolarWinds cyber espionage attack and the resulting focus on supply chain risk, the New York...more
5/14/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Security ,
FBI ,
NYDFS ,
Phishing Scams ,
Popular ,
Ransomware ,
Safe Harbors ,
Settlement ,
SolarWinds ,
Supply Chain
In early March, the New York Department of Financial Services (NYDFS) announced a settlement involving a $1.5M penalty and mandatory remediation in response to a mortgage lender’s alleged failure to report a cyber breach, and...more
Selected Developments in U.S. Law - Fifth Circuit Decision Raises Cyber Enforcement Complications for the U.S. Department of Health and Human Services As the Biden Administration begins detailing its regulatory and...more
2/18/2021
/ Attorney-Client Privilege ,
Biden Administration ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Ransomware ,
Reporting Requirements ,
Risk Management ,
State Privacy Laws ,
Work-Product Doctrine
Selected Developments in U.S. Law - Japan’s Personal Information Protection Committee Releases Guidance on Contact Tracing Mobile Apps to Combat COVID-19 - On May 1, the Personal Information Protection Committee in Japan...more
Our Data Privacy & Security Team examines how the California Consumer Privacy Act could reset data breach litigation....more
Are You Ready for Canada’s New Privacy Breach Rules? Mandatory privacy breach notification, reporting, and record-keeping obligations under Canada’s federal data protection law, the Personal Information Protection and...more
6/12/2019
/ California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
General Data Protection Regulation (GDPR) ,
Personally Identifiable Information ,
Popular ,
Regulation S-P ,
Securities and Exchange Commission (SEC)
An English-Language Primer on Germany’s GDPR Implementation Statute. Expanding on his recent article for Bloomberg BNA, Alston & Bird associate Dan Felz offers a multipart primer on Germany’s new GDPR implementation statute....more
10/4/2017
/ Article 29 Working Party (WP29) ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
EU ,
Facebook ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Germany ,
Information Commissioner's Office (ICO) ,
NIST ,
Popular ,
UK
Data breach has, unfortunately, become a fact of life. Practically every corporation has experienced some sort of security incident, although most have avoided (to their knowledge) significant network intrusions and loss or...more
Earlier this year, the National Association of Insurance Commissioners’ (NAIC) Cybersecurity Task Force proposed a comprehensive model law that covers, among other things, data security breach reporting. The model law...more
Special Focus on “Safe Harbor 2.0,” Privacy Shield and E.U. Data Transfers: Alston & Bird’s privacy team has been closely following the development of Privacy Shield, the proposed successor to the E.U.-U.S. Safe Harbor...more
5/3/2016
/ Article 29 Working Party (WP29) ,
Big Data ,
Consumer Financial Protection Bureau (CFPB) ,
Cybersecurity ,
Cybersecurity National Action Plan (CNAP) ,
Data Breach ,
Enforcement Actions ,
EU ,
EU-US Privacy Shield ,
Export Controls ,
FCC ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Hackers ,
HIPAA Audits ,
International Data Transfers ,
Internet Service Providers (ISPs) ,
Iran ,
PCI-DSS Standard ,
Personal Data ,
Popular ,
Securities and Exchange Commission (SEC) ,
Turkey ,
US-EU Safe Harbor Framework
Cybercrime and data security incidents are on the rise. Publicized cyber incidents have become so prevalent that it would be difficult to find someone who has not received at least one breach notification letter in the mail....more
Senior Counsel Peter Swire to Debate European Privacy Activist Max Schrems. The debate, set to take place on January 26 in Brussels, will highlight key differences between certain European and U.S. attitudes towards U.S....more
1/11/2016
/ Cloud Computing ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Protection ,
Data Security ,
EU ,
EU Data Protection Laws ,
European Commission ,
FCC ,
Federal Trade Commission (FTC) ,
FTC v Wyndham ,
Germany ,
Incident Response Plans ,
LabMD ,
NIS Directive ,
Popular ,
Schrems I & Schrems II ,
Surveillance ,
US-EU Safe Harbor Framework ,
Vendors ,
Young Lawyers