Selected U.S. Privacy and Cyber Updates - California Privacy Protection Agency Issues Notice of Modifications to Proposed CPRA Regulations - On November 3, 2022, the California Privacy Protection Agency (CPPA) issued a notice...more
Selected Developments in U.S. Law - U.S. Department of Commerce Announces the Establishment of a Global CBPR Forum On April 21, 2022, Canada, Japan, South Korea, the Philippines, Singapore, Taiwan, and the United States...more
5/11/2022
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Assets ,
Fraud ,
Personal Information ,
Popular ,
Privacy Laws ,
Ransomware
Selected Developments in U.S. Law - SEC Proposed Rule Will Require Private Funds to Report Certain Cyber Events On January 26, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new rules to enhance hedge fund...more
2/9/2022
/ China ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Privacy ,
Data Security ,
Data Subject Access Requests ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Malware ,
Multi-Factor Authentication ,
NYDFS ,
Personal Data ,
Popular ,
Ransomware ,
Reporting Requirements ,
Russia ,
Ukraine
Selected Developments in U.S. Law - NYDFS Issues Report on the SolarWinds Attack and Covered Entities’ Responses Following the SolarWinds cyber espionage attack and the resulting focus on supply chain risk, the New York...more
5/14/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Security ,
FBI ,
NYDFS ,
Phishing Scams ,
Popular ,
Ransomware ,
Safe Harbors ,
Settlement ,
SolarWinds ,
Supply Chain
Selected Developments in U.S. Law - Fifth Circuit Decision Raises Cyber Enforcement Complications for the U.S. Department of Health and Human Services As the Biden Administration begins detailing its regulatory and...more
2/18/2021
/ Attorney-Client Privilege ,
Biden Administration ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Ransomware ,
Reporting Requirements ,
Risk Management ,
State Privacy Laws ,
Work-Product Doctrine
Selected Developments in U.S. Law - Japan’s Personal Information Protection Committee Releases Guidance on Contact Tracing Mobile Apps to Combat COVID-19 - On May 1, the Personal Information Protection Committee in Japan...more
Plaintiffs’ counsel have started to lay the groundwork for a broad private right of action under the California Consumer Privacy Act (CCPA).
The first part of this article provides an overview of how the CCPA addresses...more
Selected Developments in U.S. Law -
NIST Publishes Privacy Framework Version 1.0 -
On January 16, 2020, the National Institute of Standards and Technology (NIST) published Version 1.0 of its Privacy Framework: A Tool for...more
Our Privacy & Data Security Team summarizes the portions of California’s proposed regulations for the California Consumer Privacy Act (CCPA) that are likely of material interest to companies across industries and highlights...more
10/15/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Popular ,
Privacy Laws ,
Right to Delete
Are You Ready for Canada’s New Privacy Breach Rules? Mandatory privacy breach notification, reporting, and record-keeping obligations under Canada’s federal data protection law, the Personal Information Protection and...more
6/12/2019
/ California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
General Data Protection Regulation (GDPR) ,
Personally Identifiable Information ,
Popular ,
Regulation S-P ,
Securities and Exchange Commission (SEC)
Our Privacy & Data Security Group reviews the Eleventh Circuit’s decision narrowing the FTC’s authority to impose broad cybersecurity measures on defendants, but cautions it would be a mistake to interpret the ruling as...more
An English-Language Primer on Germany’s GDPR Implementation Statute. Expanding on his recent article for Bloomberg BNA, Alston & Bird associate Dan Felz offers a multipart primer on Germany’s new GDPR implementation statute....more
10/4/2017
/ Article 29 Working Party (WP29) ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
EU ,
Facebook ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Germany ,
Information Commissioner's Office (ICO) ,
NIST ,
Popular ,
UK
Updates on the EU:
German DPA Publishes First Privacy Shield Guidelines, Requires German-Law Contracts for Transfers. On June 7, 2016, the European Commission adopted the EU-U.S. Privacy Shield. One question that many...more
12/7/2016
/ Centers for Medicare & Medicaid Services (CMS) ,
Charter Communications ,
Consumer Financial Protection Bureau (CFPB) ,
Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Data Protection Authority ,
Data Security ,
Dodd-Frank ,
EU ,
EU-US Privacy Shield ,
European Court of Justice (ECJ) ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Google ,
Governor Cuomo ,
Gramm-Leach-Blilely Act ,
Internet Service Providers (ISPs) ,
NIST ,
NYDFS ,
OCC ,
Risk Management ,
Spokeo ,
Wiretap Act
General Data Protection Regulation (GDPR) Published, Commencing Two-Year Countdown to Application. One of the most important EU legislative initiatives in recent years, and a landmark in privacy regulation worldwide, the GDPR...more
8/23/2016
/ APEC ,
Cross Border Privacy Rules (CBPR) ,
Data Security ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
NIS Directive ,
Personal Data ,
Popular ,
Spokeo v Robins ,
TCPA ,
Warning Letters
Data breach has, unfortunately, become a fact of life. Practically every corporation has experienced some sort of security incident, although most have avoided (to their knowledge) significant network intrusions and loss or...more
Senior Counsel Peter Swire to Debate European Privacy Activist Max Schrems. The debate, set to take place on January 26 in Brussels, will highlight key differences between certain European and U.S. attitudes towards U.S....more
1/11/2016
/ Cloud Computing ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Protection ,
Data Security ,
EU ,
EU Data Protection Laws ,
European Commission ,
FCC ,
Federal Trade Commission (FTC) ,
FTC v Wyndham ,
Germany ,
Incident Response Plans ,
LabMD ,
NIS Directive ,
Popular ,
Schrems I & Schrems II ,
Surveillance ,
US-EU Safe Harbor Framework ,
Vendors ,
Young Lawyers