U.S. Court Axes Most of SEC's SolarWinds Data Breach Suit -
The U.S. District Court for the Southern District of New York recently dismissed much of the U.S. Securities and Exchange Commission’s (“SEC”) suit against...more
8/2/2024
/ Artificial Intelligence ,
Audits ,
Automated Decision Systems (ADS) ,
COPPA ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Dismissals ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Instant Messaging Apps ,
Misleading Statements ,
Regulation Technical Standards (RTS) ,
Risk Assessment ,
ROSCA ,
Securities and Exchange Commission (SEC) ,
Settlement ,
SolarWinds
SEC Fines the New York Stock Exchange’s Parent Company $10 million for Failure to Promptly Notify Its Subsidiaries of Cybersecurity Breach -
On May 22, 2024, the Securities and Exchange Commission (“SEC”) imposed a $10...more
6/14/2024
/ Annual Reports ,
Artificial Intelligence ,
Breach Notification Rule ,
Colorado ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Information Commissioner's Office (ICO) ,
Machine Learning ,
New Legislation ,
NYSE ,
Popular ,
Securities and Exchange Commission (SEC) ,
UK
April 2024 On April 4, 2024, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (“CISA”) published a 447-page Notice of Proposed Rulemaking (“Proposed Rules”) in accordance with the...more
4/19/2024
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Government Agencies ,
Machine Learning ,
OMB ,
Online Safety for Children ,
Privacy Laws ,
Proposed Rules ,
Reporting Requirements ,
UK ,
Voluntary Compliance
FTC Proposes New Protections to Guard Against AI Impersonations of Individuals -
Amidst growing concerns that emerging technology—including AI-generated deepfakes—threaten to increase the prevalence of impersonation fraud,...more
3/1/2024
/ Anti-Terrorism Financing ,
Artificial Intelligence ,
Cybersecurity ,
Deep Fake ,
EU ,
European Convention on Human Rights ,
Federal Trade Commission (FTC) ,
Human Rights ,
Russia ,
Securities and Exchange Commission (SEC) ,
Terms of Service
FTC Announces Proposed Settlement with Software Provider to Settle Allegations that its Inadequate Security Safeguards Led to Cyberattack -
On February 1, 2024, the Federal Trade Commission (“FTC”) announced a proposed...more
Proposed EU-US Data Transfer Agreement Continues to Face Obstacles in Parliament -
As we reported in Issue 29 of Cyber Bits, the European Parliament Committee on Civil Liberties, Justice and Home Affairs (the “EP...more
4/28/2023
/ Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
EU-US Privacy Shield ,
European Commission ,
European Parliament ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
International Data Transfers
FBI Seizes Hive Ransomware Servers—Blocks US$130 Million in Demanded Ransoms -
On January 26, Attorney General Merrick Garland announced that the Department of Justice dismantled the “Hive” ransomware group, which had...more
2/3/2023
/ Biden Administration ,
Big Tech ,
California Consumer Privacy Act (CCPA) ,
Cookie Banners ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Protection ,
Department of Justice (DOJ) ,
Enforcement Actions ,
EU ,
European Data Protection Board (EDPB) ,
Extortion ,
FBI ,
Investigations ,
New Legislation ,
New Regulations ,
Popular ,
Privacy Laws ,
Ransomware
SEC Division of Examinations Issues Risk Alert on Regulation S-ID and Identity Theft Prevention Programs -
On December 5, 2022, the Securities and Exchange Commission (“SEC”) Division of Examinations (“EXAMS”) issued a...more
12/16/2022
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
American Civil Liberties Union (ACLU) ,
Artificial Intelligence ,
Broker-Dealer ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Transfers ,
EDPS ,
EU ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Investment Adviser ,
Minors ,
Online Safety for Children ,
Personal Data ,
Policies and Procedures ,
Proposed Legislation ,
Regulation S-ID ,
Risk Alert ,
Securities and Exchange Commission (SEC) ,
SolarWinds
This OnPoint summarises and draws together the proposals forming part of the EU’s strategies for data, digital and artificial intelligence. This is the first in a series of Dechert OnPoints that will cover these proposals in...more
8/11/2022
/ Artificial Intelligence ,
Cybersecurity ,
Data Management ,
Digital Marketplace ,
Digital Services ,
EU ,
European Digital Strategy ,
Innovative Technology ,
Internet ,
Online Advertisements ,
Popular
California Privacy Protection Agency Proposes CPRA Regulations as the ADPPA Continues to Advance in Congress -
On July 8, 2022, the California Privacy Protection Agency (“CPPA”) filed a Notice of Proposed Rulemaking...more
7/22/2022
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Financial Protection Bureau (CFPB) ,
Consumer Privacy Rights ,
Cyber Attacks ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Digital Markets Strategy ,
Digital Services ,
Fair Credit Reporting Act (FCRA) ,
Proposed Regulation
Clearview AI Settles Biometric Data Privacy Suit with ACLU -
On May 9, 2022, Clearview AI, Inc. (“Clearview”) and the American Civil Liberties Union (“ACLU”) announced an agreement to settle a lawsuit involving Clearview...more
5/27/2022
/ American Civil Liberties Union (ACLU) ,
Americans with Disabilities Act (ADA) ,
Artificial Intelligence ,
Biden Administration ,
Biometric Information ,
Clearview AI ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
European Data Protection Board (EDPB) ,
Facial Recognition Technology ,
Malware ,
Managed Service Providers (MSPs) ,
Popular ,
Regulatory Reform
On February 2, 2022, the Belgian Data Protection Authority (“DPA”) issued a decision finding that the Interactive Advertising Bureau ("IAB”) Europe’s Transparency and Consent Framework (“TCF”) violates key provisions of the...more
2/7/2022
/ Belgium ,
Cybersecurity ,
Data Controller ,
Data Protection ,
Data Protection Authority ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
Fines ,
General Data Protection Regulation (GDPR) ,
Interactive Advertising Bureau ,
International Data Transfers ,
Marketing ,
Personal Data ,
Statutory Violations
A recent UK Court of Appeal decision highlights ongoing uncertainty regarding the jurisdictional reach of the GDPR and invites intervention from the Information Commissioner’s Office. ...more
1/25/2022
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
EU ,
EU Data Protection Laws ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Jurisdiction ,
Personal Data ,
UK
We are delighted by the positive feedback we have received on our first two issues of Dechert Cyber Bits. Thank you for taking the time to send us your comments. In this issue of Cyber Bits, we discuss key developments from...more
11/19/2021
/ Class Action ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Popular ,
Ransomware ,
Vulnerability Assessments
Introduction - The European Commission’s (EC) proposed regulation (Proposed Regulation) for “trustworthy” Artificial Intelligence (AI) systems establishes rules for the development, placement on the EU market, and use of AI....more
In a statement from Facebook’s VP of Global Affairs and Communications, Nick Clegg, the social media giant confirmed that the Irish Data Protection Commission (DPC) has commenced an inquiry into data transfers from the EU to...more
Many workers and employers are adjusting to remote working as a result of the COVID-19 pandemic. That shift has created a unique opportunity for cyber-attackers and criminals – the European Union Agency for Cybersecurity has...more
4/3/2020
/ Coronavirus/COVID-19 ,
Cybersecurity ,
Data Breach ,
Encryption ,
Multi-Factor Authentication ,
Phishing Scams ,
Policies and Procedures ,
Remote Working ,
Risk Management ,
Software ,
Virtual Private Networks
The Queen’s Speech on 21 June 2017 confirmed the government’s plans for a new data protection law ensuring "that the United Kingdom retains its world-class regime protecting personal data". ...more