Selected U.S. Privacy and Cyber Updates - California Privacy Protection Agency Issues Notice of Modifications to Proposed CPRA Regulations - On November 3, 2022, the California Privacy Protection Agency (CPPA) issued a notice...more
Selected Developments in U.S. Law - U.S. Department of Commerce Announces the Establishment of a Global CBPR Forum On April 21, 2022, Canada, Japan, South Korea, the Philippines, Singapore, Taiwan, and the United States...more
5/11/2022
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Assets ,
Fraud ,
Personal Information ,
Popular ,
Privacy Laws ,
Ransomware
Selected Developments in U.S. Law - SEC Proposed Rule Will Require Private Funds to Report Certain Cyber Events On January 26, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new rules to enhance hedge fund...more
2/9/2022
/ China ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Privacy ,
Data Security ,
Data Subject Access Requests ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Malware ,
Multi-Factor Authentication ,
NYDFS ,
Personal Data ,
Popular ,
Ransomware ,
Reporting Requirements ,
Russia ,
Ukraine
Selected Developments in U.S. Law - Department of Defense Suspends the CMMC Pilot Program and CMMC Requirements in DoD Solicitations Pending Major Changes for CMMC 2.0. On November 5, 2021, the Department of Defense...more
11/19/2021
/ Breach Notification Rule ,
California Privacy Rights Act (CPRA) ,
Cryptocurrency ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Breach ,
Department of Defense (DOD) ,
FinCEN ,
Office of Foreign Assets Control (OFAC) ,
Ransomware ,
Reporting Requirements ,
Risk Mitigation
Selected Developments in U.S. Law - Colorado Privacy Act Becomes Third Comprehensive State Privacy Act in the United States - Our Privacy, Cyber & Data Strategy Team highlights some of the similarities and differences between...more
This month, the Illinois Department of Insurance issued guidance to insurers recommending assessments in response to a Microsoft Exchange vulnerability, detailed in the guidance. In the Bulletin dated May 5, the Department...more
Selected Developments in U.S. Law - NYDFS Issues Report on the SolarWinds Attack and Covered Entities’ Responses Following the SolarWinds cyber espionage attack and the resulting focus on supply chain risk, the New York...more
5/14/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Security ,
FBI ,
NYDFS ,
Phishing Scams ,
Popular ,
Ransomware ,
Safe Harbors ,
Settlement ,
SolarWinds ,
Supply Chain
In early March, the New York Department of Financial Services (NYDFS) announced a settlement involving a $1.5M penalty and mandatory remediation in response to a mortgage lender’s alleged failure to report a cyber breach, and...more
Selected Developments in U.S. Law - Fifth Circuit Decision Raises Cyber Enforcement Complications for the U.S. Department of Health and Human Services As the Biden Administration begins detailing its regulatory and...more
2/18/2021
/ Attorney-Client Privilege ,
Biden Administration ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Ransomware ,
Reporting Requirements ,
Risk Management ,
State Privacy Laws ,
Work-Product Doctrine
Selected Developments in U.S. Law - Alston & Bird Analyzes New California Privacy Rights Act - California voters approved a ballot initiative containing the California Privacy Rights Act of 2020. ...more
11/20/2020
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Justice (DOJ) ,
FinCEN ,
Hackers ,
International Data Transfers ,
Malware ,
Personal Information ,
Ransomware ,
Schrems I & Schrems II
In a letter from Deputy Assistant Secretary James Sullivan, the U.S. Department of Commerce introduced a white paper, “Information on U.S. Privacy Safeguards Relevant to SCCs and Other EU Legal Bases for EU-U.S. Data...more
As the countdown continues to September 20, our International Trade & Regulatory Group examines the ambiguities underlying the unprecedented Executive Orders purporting to ban the use of TikTok and WeChat, questions that may...more
9/16/2020
/ Executive Orders ,
International Emergency Economic Powers Act (IEEPA) ,
Mobile Apps ,
Office of Foreign Assets Control (OFAC) ,
Online Platforms ,
Personal Data ,
Popular ,
Sanctions ,
Social Media ,
Software Developers ,
Surveillance ,
TikTok ,
Trump Administration ,
U.S. Commerce Department ,
WeChat
Selected Developments in U.S. Law - SEC Creates Event and Emerging Risk Examination Team - Following the Office of Compliance Inspections and Examinations’ (OCIE) recent and detailed risk alert on the threat of ransomware,...more
8/14/2020
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Protection ,
Data Transfers ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
OCIE ,
Popular ,
Ransomware ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
UK
Selected Developments in U.S. Law - Japan’s Personal Information Protection Committee Releases Guidance on Contact Tracing Mobile Apps to Combat COVID-19 - On May 1, the Personal Information Protection Committee in Japan...more
Plaintiffs’ counsel have started to lay the groundwork for a broad private right of action under the California Consumer Privacy Act (CCPA).
The first part of this article provides an overview of how the CCPA addresses...more
A global pandemic like the coronavirus (COVID-19) affects economies around the globe – but different countries are using different regimes to combat it. Using India as an example, our Global Sourcing Team asks the questions...more
Governments are increasingly seeking to leverage consumer geolocation data collected by industry as a tool to assist with fighting the spread of COVID-19....more
Selected Developments in U.S. Law -
NIST Publishes Privacy Framework Version 1.0 -
On January 16, 2020, the National Institute of Standards and Technology (NIST) published Version 1.0 of its Privacy Framework: A Tool for...more
After Friday’s announcement of the killing of Major General Qassem Soleimani, a leader of Iran’s Quds Force, several regulators have put industry on high alert of the increased potential for cyber-attack. ...more
Our Privacy & Data Security Team summarizes the portions of California’s proposed regulations for the California Consumer Privacy Act (CCPA) that are likely of material interest to companies across industries and highlights...more
10/15/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Popular ,
Privacy Laws ,
Right to Delete
Our Data Privacy & Security Team examines how the California Consumer Privacy Act could reset data breach litigation....more
Are You Ready for Canada’s New Privacy Breach Rules? Mandatory privacy breach notification, reporting, and record-keeping obligations under Canada’s federal data protection law, the Personal Information Protection and...more
6/12/2019
/ California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
General Data Protection Regulation (GDPR) ,
Personally Identifiable Information ,
Popular ,
Regulation S-P ,
Securities and Exchange Commission (SEC)
Some of the most highly publicized and scrutinized data breaches involve the theft of payment card data. In recent years, the payment card industry has implemented new technologies, most visibly EMV, in an effort to stem the...more
Our Privacy & Data Security Group applies five lessons learned from preparing for Europe’s carefully crafted General Data Protection Regulation to California’s hastily adopted Consumer Privacy Act....more
10/1/2018
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Private Right of Action
Our Privacy & Data Security Group reviews the Eleventh Circuit’s decision narrowing the FTC’s authority to impose broad cybersecurity measures on defendants, but cautions it would be a mistake to interpret the ruling as...more