The designation of SEC Commissioner Mark Uyeda as the Acting Chair of the U.S. Securities and Exchange Commission (SEC) on January 21, 2025, has resulted in a number of key policy developments. These developments, which we...more
Our checklist and analysis present matters for companies to consider as they conduct their 2025 annual meetings and file reports to meet upcoming regulatory, shareholder and advisory deadlines. We outline key issues to...more
12/11/2024
/ Annual Meeting ,
Board of Directors ,
Capital Markets ,
Corporate Governance ,
Cybersecurity ,
Disclosure Requirements ,
Environmental Social & Governance (ESG) ,
Executive Compensation ,
Filing Deadlines ,
Financial Regulatory Reform ,
Proxy Season ,
Proxy Voting Guidelines ,
Regulatory Agenda ,
Reporting Requirements ,
Securities and Exchange Commission (SEC) ,
Securities Regulation ,
Shareholder Proposals
In this month’s Privacy & Cybersecurity Update, we examine Delaware’s new comprehensive data privacy law, a joint statement by 12 data protection authorities on data scraping and data protection, a district court ruling on a...more
10/3/2023
/ California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Popular ,
Privacy Laws ,
Risk Assessment ,
Risk Management ,
State and Local Government ,
State Data Privacy Laws ,
State Privacy Laws ,
Web Scraping
In this month’s Privacy & Cybersecurity Update, we analyze the Biden administration’s proposed cybersecurity labeling program for smart devices, NIST’s extensive overhaul of its cybersecurity framework, and data privacy law...more
9/6/2023
/ Biden Administration ,
California ,
California Privacy Rights Act (CPRA) ,
Colorado ,
Compliance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Labeling ,
NIST ,
Popular ,
Privacy Laws ,
Smart Devices ,
State Privacy Laws
In this month’s Privacy & Cybersecurity Update, we examine the newly established data privacy framework between the EU and U.S. and new consumer privacy laws in Oregon and Texas. We also review a court ruling that delayed...more
8/2/2023
/ Biometric Information Privacy Act ,
California ,
California Privacy Rights Act (CPRA) ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Framework ,
Data Privacy ,
Data Transfers ,
Disclosure ,
EU ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
NYDFS ,
Oregon ,
Popular ,
Privacy Laws ,
Proposed Amendments ,
Regulatory Requirements ,
Risk Management ,
Texas
On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) voted 3-2 to adopt final rules that are intended to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance and...more
7/28/2023
/ Compliance ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
New Rules ,
Proposed Rules ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Required Forms ,
Risk Management ,
Securities and Exchange Commission (SEC)
In our June Privacy & Cybersecurity Update, we review new data privacy laws in Colorado, Connecticut, Florida and Montana; Verizon’s annual Data Breach Investigations Report; AM Best’s report on cyber insurance trends; and...more
7/6/2023
/ Biometric Information Privacy Act ,
Consumer Privacy Rights ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Processors ,
Data Protection ,
Employer Liability Issues ,
Employment Litigation ,
Enforcement ,
Investigations ,
Liability ,
Negligence ,
New Amendments ,
New Legislation ,
New Regulations ,
Opt-Outs ,
Popular ,
Privacy Laws ,
State and Local Government ,
State Privacy Laws ,
Technology Sector ,
Verizon
In this month’s Privacy & Cybersecurity Update, we review new consumer privacy laws in Tennessee and Indiana, three GDPR rulings by the Court of Justice of the European Union, updates regarding future California Privacy...more
6/5/2023
/ California Privacy Protection Agency (CPPA) ,
Cyber Insurance ,
Cybersecurity ,
EU ,
European Court of Justice (ECJ) ,
Fraud ,
General Data Protection Regulation (GDPR) ,
Hackers ,
Insureds ,
Liability ,
Privacy Laws ,
State Privacy Laws ,
Wire Fraud
In this month’s Privacy & Cybersecurity Update, we look at Washington state’s passage of the first-ever state-level health data privacy law and the finalized California Consumer Privacy Act regulations. We also examine a...more
5/2/2023
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Food and Drug Administration (FDA) ,
Fraudulent Wire Transfers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Insurance Industry ,
Medical Devices ,
Notice of Proposed Rulemaking (NOPR) ,
Popular ,
Privacy Laws ,
Reproductive Healthcare Issues ,
State Privacy Laws
In this month’s Privacy & Cybersecurity Update, we examine Iowa’s new data privacy law (the sixth state to enact a privacy law), the Biden administration’s new national cybersecurity strategy, the U.K. government’s revised...more
4/4/2023
/ Amended Regulation ,
Biden Administration ,
Consumer Privacy Rights ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Protection ,
National Security ,
Popular ,
Privacy Laws ,
State Privacy Laws ,
UK
In this month’s Privacy & Cybersecurity Update, we analyze recent fines against Meta and their impact on the future of behavioral advertising, the timeline for the California Privacy Rights Act’s regulations to become...more
2/1/2023
/ Advertising ,
California ,
California Privacy Rights Act (CPRA) ,
Class Action ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Breach ,
FCC ,
Fines ,
Investigations ,
Metaverse ,
Popular ,
Privacy Laws ,
Proposed Amendments ,
Reporting Requirements ,
Settlement Agreements ,
State and Local Government ,
State Privacy Laws ,
UK
In this month’s Privacy & Cybersecurity Update, we examine the European Commission’s draft adequacy decision on the EU-U.S. Data Privacy Framework, as well as guidance from the U.K. Information Commissioner’s Office on...more
1/3/2023
/ Biometric Information Privacy Act ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Employee Monitoring ,
EU ,
European Commission ,
International Data Transfers ,
Popular ,
Privacy Laws ,
Risk Assessment ,
UK
On November 15, 2022, Skadden held a webinar titled “Preparing for the 2023 Shareholder Proposal Season.” The panelists were Gianna McCarthy, Director of Corporate Governance for the New York State Common Retirement Fund (NYS...more
12/8/2022
/ Board of Directors ,
Corporate Counsel ,
Corporate Governance ,
Cybersecurity ,
Disclosure Requirements ,
Diversity ,
Diversity and Inclusion Standards (D&I) ,
Environmental Social & Governance (ESG) ,
Executive Compensation ,
Investment ,
New Rules ,
Overboarding ,
Popular ,
Proxy Season ,
Proxy Voting ,
Regulatory Agenda ,
Securities and Exchange Commission (SEC) ,
Shareholder Proposals ,
Shareholders
In this month’s Privacy & Cybersecurity Update, we examine the California Privacy Protection Agency’s revised draft regulations for the California Privacy Rights Act, the Federal Trade Commission’s settlement with a...more
12/6/2022
/ California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Direct Marketing ,
Electronic Communications ,
Enforcement ,
Federal Trade Commission (FTC) ,
Notice Requirements ,
Opt-Outs ,
Personally Identifiable Information ,
Popular ,
Proposed Regulation ,
Regulatory Agenda ,
Rulemaking Process ,
UK
In this month’s Privacy & Cybersecurity Update, we examine President Biden’s executive order to implement an EU-U.S. data privacy framework, the European Commission’s draft Cyber Resilience Act, the U.S. Treasury’s request...more
In this month’s Privacy & Cybersecurity Update, we review California’s settlement of the first-ever enforcement action under the California Consumer Privacy Act, as well as the state’s new child-focused privacy law and...more
In this month’s Privacy & Cybersecurity Update, we review the FTC’s proposed data privacy and cybersecurity rulemaking and the European Data Protection Board’s draft guidelines on the calculation of GDPR administrative fines....more
9/7/2022
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Gramm-Leach-Blilely Act ,
Popular ,
Public Comment ,
Rulemaking Process
In this month’s Privacy & Cybersecurity Update, we examine the FTC’s blog post suggesting an increased focus on protecting consumers’ sensitive data and Plaid’s settlement to resolve a class action arising from its data...more
In this month's Privacy & Cybersecurity Update, we examine California’s draft amended regulations for the California Privacy Rights Act, the introduction of comprehensive federal privacy legislation in Congress and the U.K.’s...more
In this month’s Privacy & Cybersecurity Update, we review Connecticut’s passage of a comprehensive privacy law (making it the fifth state to do so), the newly enacted federal Better Cybercrime Metrics Act, New York’s new law...more
6/3/2022
/ COPPA ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Personal Data ,
Popular ,
State Privacy Laws
In this month’s Privacy & Cybersecurity Update, we examine the FTC chair’s comments suggesting a potential shift in its approach to data privacy regulation, the European Data Protection Board’s request for comment on its...more
5/4/2022
/ Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Food and Drug Administration (FDA) ,
Medical Devices ,
Personal Data ,
Personally Identifiable Information ,
Popular
In this month’s Privacy & Cybersecurity Update, we analyze the U.S. and EU’s joint commitment to create a new data transfer framework to replace the invalidated Privacy Shield, as well as Utah’s new state privacy law and...more
4/5/2022
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
On March 9, 2022, the Securities and Exchange Commission (SEC) proposed rules that are intended to enhance and standardize disclosures regarding cybersecurity risk management, strategy and governance, as well as cybersecurity...more
In this month’s Privacy & Cybersecurity Update, we examine the Illinois Supreme Court’s decision in a case involving workers compensation and the state’s Biometric Information Privacy Act, U.K. data transfer regimes before...more
3/2/2022
/ Biometric Information ,
Biometric Information Privacy Act ,
COPPA ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection Authority ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
IL Supreme Court ,
International Data Transfers ,
Internet of Things ,
NIST ,
Personal Data ,
Popular ,
Standard Contractual Clauses
In this month’s Privacy & Cybersecurity Update, we examine the U.S. Chamber of Commerce’s letter to Congress calling for federal cybersecurity legislation, the New York attorney general’s report on “credential stuffing”...more
2/3/2022
/ Biometric Information Privacy Act ,
Commercial General Liability Policies ,
Consumer Financial Protection Bureau (CFPB) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
FTC Act ,
Medical Devices ,
Personal Information