As of April 1, 2025, all merchants and third-party service providers (TPSPs) involved in processing credit or debit card payments must fully adhere to the enhanced security requirements outlined in the Payment Card Industry...more
Following our recent client alert, learn more about PCI DSS 4.0 coming into effect and its impact on organizations in 2025. Mark Schreiber, Brian Long, and Sam Genovese share further insights from working with clients on...more
The act of predicting what will become the dominating storyline of data privacy and cybersecurity in 2025 is a hazardous enterprise, as one is almost surely to get something wrong. Without fail, every year, regulators and the...more
1/6/2025
/ Artificial Intelligence ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Operational Resilience Act (DORA) ,
Enforcement Actions ,
EU ,
Machine Learning ,
PCI-DSS Standard ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
State Privacy Laws ,
Technology Sector ,
Web Tracking ,
Websites
DOJ DOUBLES DOWN ON CORPORATE ENFORCEMENT WITH NEW WHISTLEBLOWER PROGRAM -
During the 2024 American Bar Association National Institute on White Collar Crime (the 2024 White Collar Conference) earlier in March US Attorney...more
5/9/2024
/ Artificial Intelligence ,
Automotive Industry ,
Corporate Governance ,
Corporate Misconduct ,
Department of Justice (DOJ) ,
EU ,
Intellectual Property Litigation ,
Intellectual Property Protection ,
Labor Regulations ,
Payment Systems ,
PCI-DSS Standard ,
Pilot Programs ,
Regulatory Agenda ,
Unified Patent Court ,
Unions ,
Whistleblower Protection Policies ,
Whistleblowers ,
White Collar Crimes
The healthcare industry – particularly the digital health industry – is increasingly becoming monetized and using an e-commerce model through direct interactions with the customer to accept credit card payments. This...more
The automotive industry is experiencing a shift to an e-commerce model through direct interactions with the customer to accept credit card payments. This innovation allows drivers and passengers to make payments for products...more
Join members of McDermott’s Global Privacy & Cybersecurity team and Alan Gutierrez-Arana of Mazars for the next installment in our PCI DSS 4.0 series. PCI DSS 4.0 brings major changes to payments with an increased focus on...more
5/26/2023
/ Continuing Legal Education ,
Credit Cards ,
Cybersecurity ,
Data Security ,
Debit and Credit Card Transactions ,
Information Security ,
Payment Processors ,
Popular ,
Risk Assessment ,
Risk Management ,
Sensitive Personal Information ,
Third-Party Risk ,
Third-Party Service Provider ,
Webinars
Critical infrastructure and essential services in the United States—especially small or rural service providers—are highly vulnerable to disruptions from cyber attacks. Given the ever-growing need for cybersecurity services...more
On February 3, 2023, after two comment periods and much anticipation, the California Privacy Protection Agency (CPPA) voted to adopt and approve its draft California Consumer Privacy Act (CCPA) regulations. The final...more
Last year, the Payment Card Industry Security Standards Council released version 4.0 of its Data Security Standard (PCI DSS 4.0). The new version, which brings major changes to the payments ecosystem and compliance...more
On March 31, 2022, the Payment Card Industry Security Standards Council released version 4.0 of its Data Security Standard (PCI DSS 4.0). The new version—which brings major changes to the payments ecosystem—places an...more
When US President Joe Biden signed the Infrastructure Investment and Jobs Act (IIJA) into law on November 15, 2021, $2 billion was allocated to strengthen the nation’s cyber defenses. With this heightened focus on cyber risk...more
3/25/2022
/ Continuing Legal Education ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Department of Justice (DOJ) ,
Enforcement Actions ,
False Claims Act (FCA) ,
Federal Trade Commission (FTC) ,
New Regulations ,
Popular ,
Qui Tam ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Webinars ,
Whistleblower Awards ,
Whistleblower Hotlines ,
Whistleblower Protection Policies ,
Whistleblowers
The Apache Log4j vulnerability continues to command significant attention throughout the public and private sectors. In a recent interview, the director of the US Cybersecurity and Infrastructure Security Agency (CISA)...more
As highlighted in our December 10, 2021, article, the Apache Log4j vulnerability is garnering significant attention throughout the public and private sectors. There are reportedly upwards of 100 million devices and servers...more
Complementing the patchwork of state data breach notification laws, a number of federal agencies recently have promulgated sector-specific reporting rules affecting a variety of companies, both directly and indirectly, with...more
12/10/2021
/ Biden Administration ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Executive Orders ,
Personally Identifiable Information ,
Popular ,
Reporting Requirements ,
Risk Management
On June 14, 2021, the US Court of Appeals for the 11th Circuit issued an order withholding issuance of the mandate for its April 21, 2021, holding in Hunstein v. Preferred Collection and Management Services, Inc. In Hunstein,...more
7/8/2021
/ Appeals ,
Consumer Protection Laws ,
Creditors ,
Debt Collection ,
Debt Collectors ,
Debtors ,
Disclosure ,
FDCPA ,
Personal Information ,
Relief Measures ,
Third-Party
The Legal Impact in Europe on Pharmaceutical and Medical Device Companies -
The current crisis mode has triggered legal and commercial issues that affect the pharmaceutical and medical device industry across...more
5/27/2020
/ Coronavirus/COVID-19 ,
Cybersecurity ,
Data Protection ,
EU ,
European Commission ,
European Competition Network (ECN) ,
Exports ,
Force Majeure Clause ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Imports ,
Intellectual Property Protection ,
Manufacturers ,
Medical Devices ,
Pharmaceutical Industry ,
Remote Working ,
UK ,
Wine & Alcohol
Amid the Coronavirus (COVID-19) pandemic, more people than ever before are working remotely from their homes—raising new cyber risks for businesses. Here are six ways that you can protect your employees and your...more
The Coronavirus (COVID-19) continues its spread across the globe and—along with the clear public health and economic concerns—is raising numerous questions regarding privacy and data security. Data protection authorities...more
As the globe grapples with increasing challenges to sustaining “business as usual” in their enterprises, our team of Employment, Employee Benefits, Health and Privacy & Cybersecurity lawyers invite you to join us for...more
3/17/2020
/ Anti-Discrimination Policies ,
Anti-Harassment Policies ,
Anti-Retaliation Provisions ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Data-Sharing ,
Employee Benefits ,
Employment Policies ,
Health and Safety ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Savings Accounts ,
Infectious Diseases ,
Paid Time Off (PTO) ,
Personal Data ,
Public Health ,
Quarantine ,
Remote Working ,
Risk Mitigation ,
Sick Leave ,
Webinars ,
Workplace Safety
PRIVACY, HIPAA, SECURITY AND GDPR -
The introduction and spread of COVID-19 to communities across the globe has created numerous privacy and security compliance questions and challenges. Below, we address several frequently...more
3/13/2020
/ Benefit Plan Sponsors ,
Business Associates ,
Coronavirus/COVID-19 ,
Corporate Counsel ,
Covered Entities ,
Emergency Management Plans ,
Employer Group Health Plans ,
EU ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Infectious Diseases ,
Internal Communications ,
PHI ,
Privacy Laws ,
Required Communications
Key trends are emerging out of the recently proposed CCPA “copycat” legislation across the United States, and Washington State is leading the charge for stricter data privacy legislation. Businesses should closely monitor the...more
For companies seeking to use, license, or otherwise commercialize health data, there are potential inconsistencies among the HIPAA de-identification standard, the CCPA definition of de-identified data, and GDPR requirements...more
2/26/2020
/ Business Associates ,
California Consumer Privacy Act (CCPA) ,
Covered Entities ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Use Policies ,
De-Identified Protected Health Information ,
Electronic Protected Health Information (ePHI) ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
PHI ,
Webinars
Now that CCPA has taken effect, how have California consumers, regulators and plaintiffs’ class action lawyers responded to the new law? We’ll review early developments in the California consumer privacy landscape, address...more
1/23/2020
/ California Consumer Privacy Act (CCPA) ,
Class Action ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Personally Identifiable Information ,
Privacy Laws ,
Regulatory Requirements ,
Risk Mitigation ,
Webinars
Effective as of January 1, 2020, the California Consumer Privacy Act (CCPA) gives broad rights to people on their personal data in the custody of companies. This focus on data rights significantly raises the compliance burden...more
1/16/2020
/ Automation Systems ,
Best Practices ,
California Consumer Privacy Act (CCPA) ,
Compliance ,
Consent ,
Consumer Privacy Rights ,
Continuing Legal Education ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Subject Access Requests ,
Data Subjects Rights ,
Discovery ,
Events ,
Information Security ,
Information Technology ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Regulatory Requirements ,
Risk Assessment ,
Vendor Contacts ,
Vendors