In this month's edition of our Privacy & Cybersecurity Update, we examine the California attorney general's draft regulations on the California Consumer Privacy Act, the CJEU's clarified rulings on the use of cookies, the...more
11/4/2019
/ California Consumer Privacy Act (CCPA) ,
Cookies ,
Court of Justice of the European Union (CJEU) ,
Crime Insurance Policies ,
Cybersecurity ,
Data Protection ,
Draft Guidance ,
e-Privacy Directive ,
Email ,
Fantasy Sports ,
Food and Drug Administration (FDA) ,
Health Technology ,
Healthcare ,
Medical Devices ,
Medical Software ,
New Amendments ,
Non-Discrimination Rules ,
Notice Requirements ,
Personal Data ,
Popular ,
Regulatory Agenda ,
Regulatory Requirements ,
Right to Delete ,
Spoofing ,
State and Local Government ,
Verification Requirements ,
Vulnerability Assessments
In this month's edition of our Privacy & Cybersecurity Update, we examine five amendments to the California Consumer Privacy Act, the EU Court of Justice's rulings on the "Right to Be Forgotten" and what qualifies as a joint...more
10/2/2019
/ Amended Rules ,
California Consumer Privacy Act (CCPA) ,
Class Action ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Controller ,
Discovery Disputes ,
EU ,
Facial Recognition Technology ,
Marriott ,
Personal Data ,
Personally Identifiable Information ,
Phishing Scams ,
Popular ,
Privacy Laws ,
Right to Be Forgotten ,
UK ,
United States
In this month's edition of our Privacy & Cybersecurity Update, we examine the European Parliament's report on whether and how the use of blockchain technology can comply with the General Data Protection Regulation, as well as...more
9/5/2019
/ Blockchain ,
Consumer Protection Laws ,
Cyber Policies ,
Cybersecurity ,
Data Protection ,
Data Security ,
EU ,
European Parliament ,
False Claims Act (FCA) ,
Federal Contractors ,
General Data Protection Regulation (GDPR) ,
Insurance Industry ,
Misrepresentation ,
NAIC ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Risk Assessment ,
Security Risk Assessments ,
Settlement ,
State Data Breach Notification Statutes ,
State Insurance Administrations ,
Whistleblower Awards ,
Whistleblowers
In this month's edition of our Privacy & Cybersecurity Update, we examine New York's new laws expanding consumer protection for data breaches, the D.C. Circuit's two rulings deepening the split regarding standing in data...more
8/2/2019
/ Article III ,
Biometric Information ,
Consumer Protection Laws ,
Cookies ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Debit and Credit Card Transactions ,
Equifax ,
Fair Credit Reporting Act (FCRA) ,
General Data Protection Regulation (GDPR) ,
Hackers ,
Identity Theft ,
Injury-in-Fact ,
Malware ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
Search Results ,
Settlement ,
Spokeo v Robins ,
Standing ,
State and Local Government ,
State Data Breach Notification Statutes ,
UK
In this month's edition of our Privacy & Cybersecurity Update, we reflect on the GDPR's one-year anniversary while also examining the EU's new Cybersecurity Act. We also take a look at HHS' new guidance on direct liability of...more
7/2/2019
/ Appeals ,
Business Associates ,
Consumer Privacy Rights ,
Credit Cards ,
Cybersecurity ,
Data Breach ,
Data Sellers ,
Dish Network ,
EU Cybersecurity Act ,
European Council ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Internet Service Providers (ISPs) ,
Liability ,
Merchant Fees ,
Opt-Outs ,
Payment Processors ,
Personal Information ,
Personally Identifiable Information ,
Privacy Laws ,
State and Local Government ,
State Data Breach Notification Statutes ,
TCPA
In this month's edition of our Privacy & Cybersecurity Update, we examine expanded data breach notification laws in New Jersey and Washington state, as well as the SEC's risk alert regarding cloud-based storage solutions. We...more
6/3/2019
/ Amended Rules ,
Annual Reports ,
Cloud Storage ,
Cybersecurity ,
Data Breach ,
Data Protection Authority ,
Data Security ,
Federal Trade Commission (FTC) ,
Finland ,
General Data Protection Regulation (GDPR) ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Risk Alert ,
Securities and Exchange Commission (SEC) ,
State Data Breach Notification Statutes ,
UK
In this month's Privacy & Cybersecurity Update, we examine several recent U.K.-related cybersecurity developments and the SEC's risk alert reminding investment advisers and broker-dealers to follow through on implementing...more
5/1/2019
/ Broker-Dealer ,
Canada ,
Commercial General Liability Policies ,
Cyber Insurance ,
Cyber Policies ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data-Sharing ,
Denial of Insurance Coverage ,
Designated Contract Markets (DCMs) ,
ENISA ,
Equifax ,
EU ,
Fines ,
General Data Protection Regulation (GDPR) ,
Government Investigations ,
Hackers ,
Investment Adviser ,
NCSC ,
OCIE ,
PIPEDA ,
Popular ,
Privacy Comissioners ,
Privacy Laws ,
Privacy Policy ,
Putative Class Actions ,
Regulation S-P ,
Risk Alert ,
Securities and Exchange Commission (SEC) ,
Surveys ,
TCPA ,
UK ,
UK Data Protection Act ,
UK ICO ,
Unsolicited Faxes
In this month's edition of our Privacy & Cybersecurity Update, we examine new cybersecurity legislation in California and Massachusetts, the British government's updates to its cybersecurity laws in anticipation of Brexit and...more
4/2/2019
/ California Consumer Privacy Act (CCPA) ,
Class Action ,
Class Certification ,
Credit Reporting Agencies ,
Credit Reports ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
Gramm-Leach-Blilely Act ,
Popular ,
Privacy Laws ,
Public Comment ,
State Data Breach Notification Statutes ,
Thailand ,
UK ,
UK Brexit
In this month's edition, we examine a judge's ruling allowing an investor suit against Equifax, the dismissal of a class action against the insurer CareFirst and President Donald Trump's launch of a federal artificial...more
3/4/2019
/ Artificial Intelligence ,
Class Action ,
Cybersecurity ,
Data Breach ,
Department of Financial Services ,
Dismissals ,
Equifax ,
Facebook ,
Federal Cartel Offices ,
Federal Data Privacy ,
GAO ,
Germany ,
Investors ,
NAIC ,
NYDFS ,
Popular ,
Privacy Laws ,
Proposed Legislation ,
Trump Administration ,
User-Generated Content
In this month's edition, we examine cybersecurity-related state Supreme Court rulings in Pennsylvania, Vermont and Illinois; the Department of Health and Human Services' cybersecurity guidelines for the health care industry;...more
2/2/2019
/ Actual Injuries ,
Adequacy Requirement ,
Annual Reports ,
Attorney General ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Common Law Claims ,
Corporate Counsel ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Protection Acts ,
Data Protection Authority ,
Denial of Insurance Coverage ,
Department of Health and Human Services (HHS) ,
Employee Privacy Rights ,
EU ,
EU-US Privacy Shield ,
IL Supreme Court ,
Japan ,
Neiman Marcus ,
New Guidance ,
PA Supreme Court ,
Phishing Scams ,
Policy Exclusions ,
Public Hearing ,
Security Standards ,
Settlement ,
State Attorneys General ,
Statutory Rights ,
VT Supreme Court
U.S. public companies face a wide array of challenges, from greater market volatility and increasing economic and geopolitical uncertainty to disruptive technologies, artificial intelligence, social media and cybersecurity...more
1/23/2019
/ Activist Investors ,
Board of Directors ,
CEOs ,
Corporate Culture ,
Corporate Governance ,
Corporate Social Responsibility ,
Corporate Strategy ,
Cybersecurity ,
Diversity ,
Popular ,
Proxy Statements ,
Proxy Voting ,
Publicly-Traded Companies ,
Risk Management ,
Risk Mitigation ,
Shareholder Activism
In this month's edition of our Privacy & Cybersecurity Update, we examine the European Commission's second annual review of the Privacy Shield and the Department of Commerce's guidance on how to comply with the Privacy Shield...more
1/4/2019
/ Artificial Intelligence ,
Banking Sector ,
Cybersecurity ,
Data Protection ,
Data Protection Commissioner ,
Ethics ,
EU ,
EU-US Privacy Shield ,
European Central Bank ,
European Commission ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
General Data Protection Regulation (GDPR) ,
Human Rights ,
Identity Theft ,
Payment Systems ,
Popular ,
Privacy Policy ,
Proposed Amendments ,
Public Comment ,
Security Risk Assessments ,
U.S. Commerce Department ,
UK Brexit
In this month's edition of our Privacy & Cybersecurity Update, we examine a declaration on ethical considerations for artificial intelligence, the annual joint review of the Privacy Shield, a new lawsuit from a snack food...more
12/5/2018
/ Administrative Review ,
Artificial Intelligence ,
Banks ,
Cyber Attacks ,
Cyber Lexicon ,
Cybersecurity ,
Data Protection ,
Data Protection Officers (DPOs) ,
Denial of Insurance Coverage ,
EDPS ,
Ethics ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
Financial Institutions ,
Financial Stability Board ,
FSB ,
General Data Protection Regulation (GDPR) ,
Human Rights ,
Insurance Litigation ,
Malware ,
Personal Data ,
Policy Exclusions ,
Popular ,
Privacy Concerns ,
Privacy Laws ,
Property Insurance ,
Ransomware ,
Secretary of Commerce
In this month's Privacy & Cybersecurity Update, we examine recent trends and court decisions, including a new law in Ohio that provides a safe harbor from tort-based data breach claims if the company adopts certain security...more
10/2/2018
/ Affirmative Defenses ,
Amended Rules ,
California Consumer Privacy Act (CCPA) ,
Class Action ,
Computer Fraud Insurance ,
Cybersecurity ,
Data Breach ,
Data Security ,
General Data Protection Regulation (GDPR) ,
Internet of Things ,
Personal Data ,
Popular ,
Privacy Policy ,
Private Right of Action ,
Social Engineering ,
State Attorneys General ,
State Legislatures ,
UK ,
UK ICO
In this month's edition of our Privacy & Cybersecurity Update, we examine Brazil's new data protection regulation, the French data protection authority's warning to two companies of potential GDPR violations and the U.S....more
9/7/2018
/ Appeals ,
Brazil ,
Breach Notification Rule ,
CNIL ,
Computer Fraud Insurance ,
Consent ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection Acts ,
Data Protection Authority ,
Data Protection Officers (DPOs) ,
Data Retention ,
Denial of Insurance Coverage ,
Department of Homeland Security (DHS) ,
Email ,
Enforcement Actions ,
EU ,
European Commission ,
European Economic Area (EEA) ,
Extraterritoriality Rules ,
France ,
Fraudulent Transfers ,
General Data Protection Regulation (GDPR) ,
Geological Data ,
International Data Transfers ,
Japan ,
Japan-EU Economic Partnership Agreement (EPA) ,
NCCIC ,
Personal Data ,
Policy Terms ,
Popular ,
Public Private Partnerships (P3s) ,
Reciprocity Rules ,
Reversal ,
Scams ,
Social Engineering ,
Spoofing ,
Standard Contractual Clauses ,
Warning Letters ,
Wire Fraud
On February 21, 2018, the U.S. Securities and Exchange Commission (SEC) issued an interpretive release providing guidance for public companies relating to disclosures of cybersecurity risks and incidents. Although the...more
2/26/2018
/ Annual Meeting ,
Cybersecurity ,
Disclosure Requirements ,
Form 8-K ,
Materiality ,
New Guidance ,
Popular ,
Proxy Statements ,
Publicly-Traded Companies ,
Regulation FD ,
Securities and Exchange Commission (SEC)
Tax reform, shifting international dynamics, Trump administration goals and a potentially strong market for transactions all seem likely to impact business activity in 2018. Below are 10 areas to explore in our 10th annual...more
1/23/2018
/ #MeToo ,
Acquisitions ,
China ,
Class Action ,
Climate Change ,
Corporate Governance ,
Corporate Social Responsibility ,
Cybersecurity ,
Enforcement Actions ,
EU ,
Financial Regulatory Reform ,
Mergers ,
National Security ,
Regulatory Reform ,
Securities Litigation ,
Tax Reform ,
Trade Secrets ,
Trump Administration ,
UK Brexit
Companies have important decisions to make as they prepare for their 2018 annual meeting and reporting season. We have prepared a checklist of key corporate governance, executive compensation and disclosure matters on which...more
12/4/2017
/ Annual Meeting ,
Auditors ,
Corporate Governance ,
Cybersecurity ,
D&O Insurance ,
Dodd-Frank ,
Executive Compensation ,
Filing Requirements ,
Pay Ratio ,
Proxy Access ,
Proxy Voting Guidelines ,
Publicly-Traded Companies ,
Say-on-Pay ,
Securities and Exchange Commission (SEC) ,
XBRL Filing Requirements
In this month's edition of our Privacy & Cybersecurity Update, we examine new privacy laws in Germany, an FTC settlement with an alleged consumer loan company over unfair and deceptive practices, the dismissal of a data...more
8/2/2017
/ Children's Toys ,
Civil Monetary Penalty ,
Consumer Financial Products ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection ,
Dismissals ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Germany ,
Incident Response Plans ,
Lenders ,
Member State ,
Popular ,
Privacy Laws ,
Risk Mitigation ,
Settlement ,
Standing ,
Unfair or Deceptive Trade Practices
In this edition of our Privacy & Cybersecurity Update, we discuss how the prospect of a new chair and three new commissioners at the FTC may impact the agency's approach to cybersecurity regulation, a new Massachusetts...more
2/4/2017
/ Administrative Appointments ,
Breach Notification Rule ,
Cyber Insurance ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Internet of Things ,
NIST ,
OCR ,
Popular ,
Privacy Policy ,
Public Disclosure ,
Software ,
Swiss Privacy Shield ,
Trump Administration
In this month's edition of our Privacy & Cybersecurity Update, we examine modifications to New York state's proposed cybersecurity regulations for financial institutions, a 5th Circuit ruling that a phishing scam is not...more
1/4/2017
/ Banks ,
Commercial Crime Insurance Polices ,
Consumer Insurance Products ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Department of Financial Services ,
FCC ,
Home Depot ,
Internet of Things ,
Phishing Scams ,
Privacy Laws ,
Trump Administration ,
U.S. Treasury
In this month's Privacy & Cybersecurity Update, we review an 11th Circuit case involving the longstanding battle between the FTC and medical company LabMD, recent NIST guidelines for securing devices connected to the...more
12/2/2016
/ Administrative Appeals ,
Appeals ,
China ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Breach ,
Data Security ,
Federal Trade Commission (FTC) ,
FTC Act ,
Geo-Blocking ,
LabMD ,
LinkedIn ,
NIST ,
Russia ,
Section 5 ,
Third-Party Service Provider ,
Unfair or Deceptive Trade Practices
In this edition of our Privacy & Cybersecurity Update, we take a look at the FCC's new rules for broadband privacy, the FTC's new playbook for data breach response and notification, the NHTSA's voluntary guidance for...more
11/2/2016
/ Actual Injuries ,
Automotive Industry ,
Breach Notification Rule ,
Broadband ,
Cloud Computing ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Driverless Cars ,
EU ,
FCC ,
Federal Bank Regulatory Agencies ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
FTC Guidelines ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Incident Response Plans ,
IP Addresses ,
National Broadband Plan ,
NHTSA ,
Popular ,
Privacy Laws ,
Risk Assessment ,
Risk Mitigation
In this edition of our Privacy & Cybersecurity Update, we examine the Sixth Circuit's decision to allow injury-in-fact to be established by alleging a "substantial risk of harm" in a data breach case, New York state's...more
10/3/2016
/ Article III ,
CFTC ,
Class Action ,
Commodities ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Financial Markets ,
Germany ,
International Data Transfers ,
NIST ,
NYDFS ,
Personal Data ,
Popular ,
Standing ,
UK ,
Young Lawyers
New York state has proposed a new regulation — to go into effect January 1, 2017 — that would require banks, insurance companies and other financial services institutions regulated by the New York State Department of...more
9/15/2016
/ Banks ,
Chief Information Security Officer (CISO) ,
Comment Period ,
Covered Entities ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Protection ,
Data Retention ,
Financial Institutions ,
Gramm-Leach-Blilely Act ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Insurance Industry ,
NYDFS ,
Popular ,
Proposed Regulation ,
Risk Assessment ,
Risk Management