Companies should brace for another surge in California Invasion of Privacy Act (CIPA) claims after two federal court decisions may encourage plaintiffs to file even more claims relating to website analytics tools. No industry...more
9/6/2024
/ Analytics ,
Appeals ,
California ,
California Consumer Privacy Act (CCPA) ,
CIPA ,
Class Action ,
Demand Letter ,
Invasion of Privacy ,
Popular ,
Privacy Laws ,
State and Local Government ,
State Legislatures ,
Websites
Imagine a world in which powerful computers can instantaneously break a company’s standard encryption, threatening the most valuable financial data, intellectual property, personal information, and even national security...more
Technological advances, especially in Artificial Intelligence and quantum computing, will continue to amaze in the coming years. They will open up vast new opportunities while presenting profound regulatory, litigation, and...more
3/1/2024
/ Artificial Intelligence ,
Business Losses ,
Consumer Financial Protection Bureau (CFPB) ,
Coronavirus/COVID-19 ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
NAIC ,
Popular ,
Securities and Exchange Commission (SEC) ,
State Privacy Laws ,
Technology ,
Website Design ,
Websites
Last week the FBI Director, CISA Director, NSA Director, and National Cyber Director testified publicly about current and ongoing threats to US critical infrastructure providers by Chinese state-sponsored entities known as...more
2/9/2024
/ China ,
Congressional Investigations & Hearings ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
FBI ,
National Security Agency (NSA) ,
Popular ,
State Sponsors of Cyberattacks
On November 17, 2023, the United States Treasury Department’s Federal Insurance Office (FIO) and the Volatility and Risk Institute at the NYU Stern School of Business jointly hosted a conference on Catastrophic Cyber Risk and...more
On November 1, 2023, the New York Department of Financial Services (NY DFS) published its highly anticipated final amendments to its influential cybersecurity requirements for financial services companies (Part 500)....more
11/15/2023
/ Chief Information Security Officer (CISO) ,
Compliance ,
Covered Entities ,
Cybersecurity ,
Final Rules ,
Financial Services Industry ,
Incident Response Plans ,
Multi-Factor Authentication ,
NYDFS ,
Policies and Procedures ,
Risk Assessment ,
Risk Management ,
State Data Breach Notification Statutes
On October 30, 2023, the Biden Administration issued the groundbreaking Executive Order 14110 on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (Order), which sets in motion a comprehensive...more
11/13/2023
/ Artificial Intelligence ,
Biden Administration ,
Civil Rights Act ,
Climate Change ,
Competition ,
Cybersecurity ,
Department of Homeland Security (DHS) ,
Department of Labor (DOL) ,
Executive Orders ,
Federal Contractors ,
Government Agencies ,
Innovation ,
Innovative Technology ,
Intellectual Property Protection ,
NIST ,
Popular ,
Privacy Laws ,
Public Policy ,
Regulatory Agenda ,
Technology Sector
On October 19, 2023, the Consumer Financial Protection Bureau (CFPB) issued an advance notice of proposed rulemaking (ANPR) with respect to a new consumer financial data portability rule mandated by Section 1033 of the...more
11/9/2023
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Banking Sector ,
Compliance ,
Compliance Dates ,
Consumer Financial Protection Act (CFPA) ,
Consumer Financial Protection Bureau (CFPB) ,
Data Collection ,
Data Privacy ,
Data Processing Rules ,
Data Protection ,
Data-Sharing ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
Nonbank Firms ,
Personal Data ,
Sensitive Personal Information ,
Third-Party Service Provider
Welcome to the latest edition of Updata – the international update from Eversheds Sutherland’s dedicated Privacy and Cybersecurity team.
Updata provides you with a compilation of privacy and cybersecurity regulatory and...more
11/7/2023
/ Banking Sector ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Subject Access Requests ,
Employee Monitoring ,
Enforcement Actions ,
EU ,
Hong Kong ,
New Legislation ,
Privacy Framework ,
Privacy Laws ,
UK
Why should I read this?
A new UK-US data bridge will be available to businesses in the UK looking to transfer personal data to organizations in the United States certified under the UK Extension to the EU-US Data Privacy...more
9/26/2023
/ Corporate Counsel ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Privacy Framework ,
Privacy Laws ,
Standard Contractual Clauses ,
UK ,
UK GDPR ,
US-EU Safe Harbor Framework
On September 15, 2023, the Consumer Financial Protection Bureau (CFPB) published an outline of expansive rulemaking proposals to modernize the coverage of the Fair Credit Reporting Act (FCRA) to include data brokers, data...more
9/26/2023
/ Artificial Intelligence ,
Comment Period ,
Consumer Financial Protection Bureau (CFPB) ,
Credit Reports ,
Creditors ,
Data Brokers ,
Fair Credit Reporting Act (FCRA) ,
Financial Services Industry ,
Medical Debt ,
Proposed Rules ,
Rulemaking Process ,
SBREFA ,
Small Business ,
Underwriting
On July 26, 2023, the US Securities and Exchange Commission (SEC) released final rules requiring disclosure by public companies of material cybersecurity incidents and policies and procedures related to cybersecurity risk...more
8/2/2023
/ Business Development Companies ,
Compliance ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Foreign Private Issuers ,
Form 10-K ,
Form 20-F ,
Form 8-K ,
Publicly-Traded Companies ,
Regulatory Oversight ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act ,
Third-Party Service Provider
Welcome to the latest edition of Updata – the international update from Eversheds Sutherland’s dedicated Privacy and Cybersecurity team.
Updata provides you with a compilation of privacy and cybersecurity regulatory and...more
Welcome to the latest edition of Updata!
Updata is an international report produced by Eversheds Sutherland’s dedicated Privacy and Cybersecurity team – it provides you with a compilation of key privacy and cybersecurity...more
5/11/2023
/ Adequacy Requirement ,
Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
China ,
Consent ,
Cookies ,
Cybersecurity ,
Czech Republic ,
Disclosure Requirements ,
EU ,
EU Data Protection Laws ,
Germany ,
International Data Transfers ,
Member State ,
New Guidance ,
New Legislation ,
NIST ,
Privacy Laws ,
Singapore ,
South Korea ,
State Privacy Laws ,
UK
US financial services regulators are continuing to enhance cyber reporting requirements in response to increasing geopolitical tensions, emerging technologies, the proliferation of cyber-attacks, and larger market events....more
4/28/2023
/ Broker-Dealer ,
CFTC ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Financial Regulatory Agencies ,
Financial Services Industry ,
Personal Data ,
Publicly-Traded Companies ,
Regulation S-P ,
Reporting Requirements ,
Securities and Exchange Commission (SEC) ,
Sensitive Personal Information
On April 3, the CFPB issued a policy statement intended to provide “a framework to help federal and state enforcers identify when companies engage in abusive conduct.” Conduct violates the abusiveness standard when it either:...more
On March 29, 2023, the Iowa Governor signed into law a consumer data privacy law which enters into force on January 1, 2025.
Entities already complying with other enhanced state privacy laws should not experience any...more
On March 27, 2023, the California Privacy Protection Agency (CPPA) will close its second phase of rulemaking on automated decision-making (ADM) systems under the California Privacy Rights Act (CPRA)— but not before giving...more
The year 2023 will continue to have cybersecurity and data privacy front of mind for General Counsels. With sweeping new US and global laws and regulations coming online and the California Privacy Protection Agency (CPPA)...more
3/3/2023
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Personal Data ,
Personal Information ,
Personally Identifiable Information ,
Privacy Laws ,
Sensitive Personal Information
New York City (NYC) has delayed to April 15, 2023 the enforcement of its first-of-its-type law on bias in artificial intelligence (AI) tools used in employment. Local Law 144 of 2021 prohibits employers in NYC from using...more
2/16/2023
/ Algorithms ,
Artificial Intelligence ,
Bias ,
Corporate Counsel ,
EEO-1 ,
Employer Liability Issues ,
Employment Discrimination ,
Equal Employment Opportunity Commission (EEOC) ,
Hiring & Firing ,
Job Applicants ,
Proposed Rules ,
Unconscious Bias
On Wednesday February 1, 2023, the NAIC Privacy Protections Working Group (the Working Group) released a draft of a new model law for comment, the Insurance Consumer Privacy Protection Model Law (#674) (the Proposal), which...more
2/10/2023
/ California Consumer Privacy Act (CCPA) ,
Data Security ,
General Data Protection Regulation (GDPR) ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Insurance Industry ,
NAIC ,
Personal Information ,
Privacy Laws ,
Privacy Policy ,
Proposed Rules ,
Working Groups
In a groundbreaking decision, the Federal Trade Commission (FTC) announced it was diagnosing GoodRx’s use of tracking pixel codes and analytics, its digital strategy, as not only an unfair or deceptive act or abusive practice...more
2/9/2023
/ Behavioral Advertising ,
Breach Notification Rule ,
California Consumer Privacy Act (CCPA) ,
Class Action ,
Data Breach ,
Data-Sharing ,
Facebook ,
Federal Trade Commission (FTC) ,
Google ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Internal Controls ,
Microsoft ,
Personal Information ,
Pharmacies ,
PHI ,
Sensitive Personal Information ,
Social Networks ,
UDAP ,
Unfair or Deceptive Trade Practices
On January 26, 2023, the National Institute of Standards and Technology (NIST) released its AI Risk Management Framework (AI RMF or Framework.) The AI RMF is a resource for organizations designing, developing, deploying, or...more
Lloyds Market Bulletin Y5381 -
Back in March 2022, we detailed the significant risks to both insureds and insurers posed by unclear cyber insurance policy wordings, with a particular focus on war exclusion clauses in the...more
Recently, US companies are experiencing a surging wave of consumer class action lawsuits alleging businesses and their software providers are violating state anti-wiretapping statutes and invading consumers’ privacy rights...more