While many breathed a sigh of relief when the California legislature provided only a limited private right of action for data breaches under its sweeping new privacy law - the California Consumer Privacy Act (CCPA) -...more
9/5/2019
/ Arbitration ,
California Consumer Privacy Act (CCPA) ,
Civil Code ,
Consumer Privacy Rights ,
Data Breach ,
Enforcement Authority ,
Federal Arbitration Act ,
Personal Information ,
Private Right of Action ,
Right To Cure ,
Risk Management ,
Statutory Damages ,
Unfair Competition Law (UCL)
As difficult as it is to pass laws, especially potentially controversial laws, sunset provisions on national security legislation provide an opportunity to re-assess effectiveness, impacts on privacy, and opportunity...more
While the California Consumer Privacy Act (CCPA) and its potential amendments are still a top concern for businesses, other states are showing that they will not be left behind when it comes to enhanced privacy legislation....more
6/7/2019
/ Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Exemptions ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Legislative Agendas ,
Pending Legislation ,
Personal Data ,
Privacy Laws ,
Private Right of Action ,
Proposed Amendments ,
Proposed Legislation
Companies in all industries and of all sizes are increasingly using biometric data—fingerprints, voiceprints, and facial structure, to name three—as a faster, more reliable, and more economical alternative to passwords and...more
4/12/2019
/ Biometric Information ,
Biometric Information Privacy Act ,
Consent ,
Data Collection ,
Data Privacy ,
Extraterritoriality Rules ,
Facial Recognition Technology ,
Fingerprints ,
Gramm-Leach-Blilely Act ,
IL Supreme Court ,
Notice Requirements ,
Personal Data ,
Private Sector ,
Risk Mitigation ,
Standard of Care
As predicted, the start of 2019 provided scant respite from the frenetic pace of privacy and cybersecurity developments during 2018. This past month alone, in a blizzard of activity, regulators amended regulations and...more
2/5/2019
/ Biometric Information Privacy Act ,
CareFirst ,
Class Action ,
CNIL ,
Corporate Fines ,
Cybersecurity ,
Data Privacy ,
General Data Protection Regulation (GDPR) ,
Google ,
Information Systems Security Program (ISSP) ,
Injury-in-Fact ,
National Futures Association ,
Personal Data ,
Popular ,
State Data Breach Notification Statutes ,
Yahoo!
In a unanimous decision handed down on January 25, 2019, the Illinois Supreme Court reversed a lower court opinion and held that a plaintiff need not show actual harm to seek relief under the Biometric Information and Privacy...more
Companies not based in the European Union (EU) now have additional guidance to help them determine whether they have to comply with the General Data Protection Regulation (GDPR). The European Data Protection Board (EDPB), the...more
For those longing for the heady days of the cryptocurrency free-for-all, this November is proving to be the start of the winter of your discontent.
The US Commodity Futures Trading Commission (CFTC) and the US Securities and...more
12/6/2018
/ Blockchain ,
CFTC ,
Cryptoassets ,
Cryptocurrency ,
Cybersecurity ,
Initial Coin Offering (ICOs) ,
Popular ,
Regulatory Agenda ,
Securities ,
Securities and Exchange Commission (SEC) ,
Smart Contracts ,
Token Sales
As this eventful year for new privacy and cybersecurity regulations winds down, multinational companies still need to look ahead to new regulations that will come online in 2019, including Vietnam’s Law on...more
12/5/2018
/ Breach Notification Rule ,
California Consumer Privacy Act (CCPA) ,
Comment Period ,
Corporate Counsel ,
Covered Entities ,
Cybersecurity ,
Foreign Corporations ,
General Data Protection Regulation (GDPR) ,
Multinationals ,
Pending Legislation ,
Personal Data ,
Popular ,
Vietnam
Two important events occurred in the cryptocurrency space last week. The Chairman of the US Commodity Futures Trading Commission (CFTC) gave a speech regarding regulators’ role in effectively supervising markets in the era...more
11/14/2018
/ Blockchain ,
CFTC ,
Commodities ,
Crypto Exchanges ,
Cryptoassets ,
Cryptocurrency ,
Distributed Ledger Technology (DLT) ,
Enforcement Actions ,
Regulatory Oversight ,
Securities ,
Securities and Exchange Commission (SEC)
As new data privacy regulations spring up around the globe with greater frequency, multinational companies face difficulties not only with complying with a patchwork of requirements, but also with the uncertainty of what...more
Malaysia will soon be joining the growing number of global jurisdictions that are adding specific data breach notification requirements to companies operating in Malaysia, re-emphasizing the need for multinational companies...more
Recently, JPMorgan Chase CEO Jamie Dimon warned that the “biggest vulnerability” for the financial system is the threat of cyber attacks. Hackers, especially those working for nation-states, have grown more sophisticated and...more
The number and severity of cyberattacks are on the rise, and companies simply cannot rely on their governments to protect them. In fact, quite the opposite is true....more
Last week, on September 11, 2018, a number of “firsts” occurred in the prosecution of cryptocurrency-related activities. The Securities and Exchange Commission (SEC) brought its first-ever enforcement action involving a...more
On June 28, 2018, California passed a sweeping new privacy bill, AB 375, now known as the California Consumer Privacy Act of 2018 (CCPA).
The California legislature passed the bill in the morning and the governor signed...more
The General Data Protection Regulation (GDPR) took effect after two years of anticipation and preparation by many, but far from all, affected companies across the world. The GDPR is a new data protection and privacy law that...more
In the aftermath of the April 24, 2018, Securities and Exchange Commission (SEC) statement announcing its penalty against Altaba Inc., formerly Yahoo! Inc. (Yahoo!), for failing to timely report a massive data breach,...more
5/7/2018
/ Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Enforcement Actions ,
Failure To Disclose ,
Securities Act of 1933 ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act ,
Settlement ,
Verizon ,
Yahoo!
With enactment of the Personal Information Protection Act (PIPA), Bermuda can now count itself among the ever-expanding list of jurisdictions with enhanced privacy protections. PIPA, passed on July 27, 2016, and entered into...more
4/13/2018
/ Bermuda ,
Data Breach ,
Data Privacy ,
Data Security ,
Enforcement ,
Fines ,
General Data Protection Regulation (GDPR) ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
International Data Transfers ,
Penalties ,
Personal Data ,
Personal Information Protection Act ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action
As part of the recently enacted federal spending bill, the US Congress has passed a momentous piece of legislation directly affecting providers of electronic communication services like email service providers and social...more
Just two months after an Illinois appellate court dismissed a similar complaint alleging a violation of the Illinois Biometric Information Privacy Act (BIPA), a California federal court found that a claim asserted under BIPA...more
3/13/2018
/ Article III ,
Biometric Information ,
Biometric Information Privacy Act ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Employer Liability Issues ,
Facebook ,
Facial Recognition Technology ,
Injury-in-Fact ,
Popular ,
Standing
On February 21, 2018, the Securities and Exchange Commission issued an interpretive release1 providing important guidance to certain registrants on cybersecurity disclosure. Coming on the heels of dozens of high-profile...more
Companies that collect and store biometric information from their customers and employees received good news from an Illinois appeals court in late December, a much-needed win in an area that has seen a massive rise in class...more
Revising its guidance on internal assessments and highlighting the importance of managing cybersecurity within supply chains, the National Institute of Standards and Technology (NIST) released the second draft of Version 1.1...more
What is the problem?
Belgian researchers have published information about a vulnerability in the most popular WiFi encryption protocol that makes monitoring of all communications possible, except those communications that...more