The PIPL imposes extensive obligations on organizations and individuals engaged in "handling" of personal information, which is defined to include "collection, storage, use, processing, transmission, provision, disclosure,...more
9/10/2021
/ China ,
Consumer Privacy Rights ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Extraterritoriality Rules ,
Personal Information ,
Personal Information Protection Law (PIPL) ,
Popular ,
Regulatory Reform ,
Regulatory Requirements
When the DSL goes into effect on September 1, 2021, it will impose certain restrictions on a company's ability to transfer data out of China without the prior approval of Chinese authorities. One significant restriction is...more
8/27/2021
/ China ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Protection ,
Data Security ,
Foreign Official ,
International Data Transfers ,
Multinationals ,
Personal Data ,
Personally Identifiable Information ,
Popular
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
President Biden Issues Cybersecurity Executive Order -
On May 12, 2021, President Biden issued an executive order that placed new standards on the...more
8/10/2021
/ Article III ,
Biden Administration ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Executive Orders ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Technology ,
Mobile Apps ,
Personal Data ,
Popular ,
Ransomware ,
SCOTUS ,
Standing ,
TransUnion LLC v Ramirez
Connecticut has become the third state to enact a cybersecurity safe harbor statute.
On June 16 and July 6, 2021, Connecticut Governor Ned Lamont signed two new cybersecurity laws that continue the national trend of...more
7/12/2021
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
New Legislation ,
Notice Requirements ,
Popular ,
Regulatory Reform ,
Safe Harbors ,
State and Local Government ,
State Data Breach Notification Statutes
Introduction Colorado has joined California and Virginia as the third state with a comprehensive data privacy law. On July 7, 2021, Colorado Governor Polis signed the Act into law, following the Colorado Senate's passage of...more
7/8/2021
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Controller ,
Data Management ,
Data Privacy ,
Data Processors ,
Data Protection ,
Information Governance ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Standards ,
State and Local Government
On June 30, 2021, the New York Department of Financial Services ("NYDFS") identified key cybersecurity measures to prevent and prepare for ransomware attacks. ...more
7/8/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Multi-Factor Authentication ,
New Guidance ,
NYDFS ,
Phishing Scams ,
Ransomware ,
Risk Mitigation
On June 10, 2021, the Standing Committee of the 13th National People's Congress passed the long awaited People's Republic of China (China) Data Security Law ("DSL") after a final read of the third draft. The DSL, which takes...more
6/21/2021
/ China ,
Corporate Counsel ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Processing Rules ,
Data Processors ,
Data Protection ,
Data Security ,
General Data Protection Regulation (GDPR) ,
Information Technology ,
International Data Transfers ,
National Security ,
New Legislation ,
Regulatory Reform
President Biden's Executive Order calls for an extensive reassessment and revamping of the federal government's cybersecurity defenses and incident response capabilities, establishing benchmarks that may inform standards...more
The Biden Administration's Executive Order directs the Department of Commerce and the Federal Trade Commission to establish pilot programs to develop product labels that inform consumers about the cybersecurity capacities of...more
China recently released new drafts of its Data Security Law and its Personal Information Protection Law for public comment; when finalized the two laws will impose significant obligations on how companies collect, process,...more
Cybersecurity risk is evolving and expanding. Traditionally, cybersecurity risk has been equated with cyber attacks and associated legal consequences. That risk is undoubtedly real: All internet connected systems remain...more
The Supreme Court's recent decision in Ford is sure to be framed by some as expanding—perhaps quite significantly—the availability of specific personal jurisdiction under the Due Process Clause. But the decision should not be...more
The New York Department of Financial Services ("NYDFS") fined a mortgage bank $1.5 million for violations of New York's Cybersecurity Regulation, including failure to report a past cyber incident.
On March 3, 2021, the...more
On March 2, 2021, Virginia joined California in enacting a generally applicable consumer data privacy law.
Virginia has become the second U.S. state to enact a comprehensive data privacy law. On March 2, 2021, Governor...more
The Situation: As we advised in our recent Commentary, federal banking regulators have proposed rules requiring a banking organization to provide its primary federal regulator with prompt notification of any...more
United States -
Regulatory—Policy, Best Practices, and Standard -
NIST Unveils Draft Guidance to Protect Critical Infrastructure -
On October 22, 2020, the National Institute of Standards and Technology ("NIST")...more
1/8/2021
/ CNIL ,
Consumer Privacy Rights ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
NIST ,
Personal Data ,
Popular ,
Risk Management
The Situation: On December 18, 2020, the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, and the Board of Governors of the Federal Reserve System (the "Federal Banking Agencies") jointly...more
There are showers, there are squalls, and there are storms. The growth in cybersecurity attacks in Australia, as in much of the world, is a storm and Australian companies need to batten down the hatches. In the period from 1...more
12/16/2020
/ ASIC ,
Australia ,
Class Action ,
Cyber Attacks ,
Cyber Insurance ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Popular ,
Risk Management
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
NIST Releases Revision to Security Standard -
On September 23, the National Institute of Standards and Technology ("NIST") released Revision 5 to...more
The Situation: Less than one year after the California Consumer Privacy Act ("CCPA") became effective, California voters approved the California Privacy Rights Act ("CPRA"), a consumer privacy ballot initiative that amends...more
11/6/2020
/ Advertising ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Popular
The Situation: In an October 1, 2020, Advisory, the U.S. Department of the Treasury's Office of Foreign Assets Control ("OFAC") warned that companies that make or facilitate ransomware payments to threat actors who are...more
On October 12, 2020, the California Attorney General released a third set of proposed modifications to the California Consumer Privacy Act ("CCPA") regulations.
On October 12, 2020, the California Attorney General issued...more
Emerging technology and evolving legal principles collide as artificial intelligence raises more questions than it answers. Privacy, consent/disclosure, repurposing, facial recognition and automated phishing attacks are some...more
8/7/2020
/ Algorithms ,
Artificial Intelligence ,
Big Data ,
Consent ,
Cyber Attacks ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Use Policies ,
Disclosure Requirements ,
Emerging Technology Companies ,
Facial Recognition Technology ,
Phishing Scams
As the United States and other countries gradually ease stay-at-home orders and mandatory lockdowns, data-driven technologies have become increasingly discussed as a potential strategy for tracing and mitigating the further...more
7/13/2020
/ Biometric Information ,
Contact Tracing ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Privacy ,
Employer Liability Issues ,
Employer Responsibilities ,
Federal Trade Commission (FTC) ,
Health and Safety ,
Infectious Diseases ,
Popular ,
Private Sector ,
Re-Opening Guidelines ,
Workplace Safety
The Attorney General requested expedited review by the Office of Administrative Law and asked that the regulations become effective upon filing with the Secretary of State.
On June 1, 2020, the Office of the California...more