Key Points -
The Biden-Harris Administration has issued its long-awaited executive order (EO) regulating artificial intelligence (AI). The order issues directives to over twenty federal agencies, with the deadline for...more
On May 4, 2023, an Idaho federal judge ruled that the Federal Trade Commission (FTC) needs stronger assertions of consumer harm in order for its data privacy suit against data broker/mobile analytics provider Kochava Inc....more
Key Points -
Over the last several years, the class action bar has targeted companies in a wave of putative class actions under state “right of publicity” statutes. Although they vary some around the edges, these statutes...more
This year has seen some substantial new data breach settlements including a $500,000 Federal Trade Commission (FTC) fine against CafePress, a $1.25 million multi-state class action settlement and $5 million New York...more
11/3/2022
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Notification Requirements ,
NYDFS ,
Personally Identifiable Information ,
Popular
The UK government has recently published a Policy Paper setting out its early proposals for what the UK’s regulatory framework in respect of artificial intelligence (AI) might look like (the “Framework”). This follows the...more
The Federal Trade Commission (FTC) reached a settlement with weight loss company WW International (formerly known as Weight Watchers) requiring the company to pay a $1.5 million penalty, delete the personal information of...more
Key Points -
Fourth Circuit points to SEC guidance on “less is more” approach to cybersecurity disclosures, while finding such disclosures did not violate federal securities laws.
Omissions of data vulnerabilities were...more
On October 1, 2021, two Acts overhauling data privacy and cybersecurity in Connecticut took effect—the latest instance of stronger state breach reporting requirements with a safe harbor protection from litigation for...more
10/7/2021
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Notification Requirements ,
Personal Information ,
Popular ,
Safe Harbors ,
State Data Breach Notification Statutes
The newly passed Proposition 24, the California Privacy Rights Act (CPRA), represents the second time in two years that California has instituted a comprehensive privacy statute that fundamentally changes data privacy...more
A coalition of African nations have developed a data protection framework with the goal of centralizing data protection laws and the digital economy across Africa. Currently, five countries, including Nigeria, are testing the...more
10/28/2020
/ Africa ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Transfers ,
Information Security ,
International Data Transfers ,
Multinationals ,
New Guidance ,
Personal Data ,
Personally Identifiable Information
United Kingdom, French and Belgian national security laws (and such laws of other EU Member States) fell under the scrutiny of the Court of Justice of the European Union (CJEU), which on October 6, 2020, ruled on whether such...more
10/14/2020
/ Consumer Privacy Rights ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Retention ,
Data Security ,
Electronic Communications ,
EU ,
General Data Protection Regulation (GDPR) ,
Member State ,
National Security ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
UK
On Friday September 4, 2020, the European Data Protection Board (EDPB), a body consisting of representatives of all the Data Protection Authorities (DPAs) in the European Economic Area, announced that it had formed two new...more
9/14/2020
/ Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Security ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information
- The Washington state Senate has passed its version of a consumer data privacy bill as state lawmakers debate proposed legislation for the Washington Privacy Act, the state’s first data privacy law.
- In their own bill,...more
2/19/2020
/ Consumer Privacy Rights ,
Corporate Counsel ,
Customer-Loyalty Programs ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Facial Recognition Technology ,
Legislative Agendas ,
Opt-Outs ,
Personally Identifiable Information ,
Preemption ,
Privacy Legislation ,
Private Right of Action ,
Proposed Legislation ,
Right to Delete ,
Right-To-Access
• The California Consumer Privacy Act (CCPA) goes into effect on January 1, 2020. The window of opportunity to pass federal privacy legislation to preempt the CCPA in the 116th Congress is rapidly closing.
• Discussions are...more
9/26/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Legislative Agendas ,
Preemption ,
Privacy Laws ,
Private Right of Action
On May 29, 2019, Nevada’s governor approved a new privacy law, Senate Bill 220 (“SB 220”). SB 220 amends existing state law that requires operators of websites and online services (“Operators”) to post privacy notices on...more
9/12/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Rights ,
Data Security ,
Data Use Policies ,
New Legislation ,
Online Platforms ,
Operators ,
Opt-Outs ,
Permanent Injunctions ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Private Right of Action ,
State Data Privacy Laws ,
Statutory Penalties ,
Third-Party Service Provider ,
Websites
• In a rare move, the Delaware Court of Chancery affirmed a buyer’s contractual right to terminate a $4.75 billion merger based on a sudden and sustained decline in the seller’s business.
• The decision provides guidance to...more
• In most TCPA cases, a threshold question is whether a called party has provided prior express consent to receive calls (or texts) using an automatic telephone dialing system.
• While numerous courts have ruled that a party...more
9/6/2018
/ Auto-Dialed Calls ,
Contract Terms ,
Corporate Counsel ,
Debt Collection ,
Debt Collectors ,
Dish Network ,
FCC ,
Prior Express Consent ,
Revocation ,
Robocalling ,
Summary Judgment ,
TCPA ,
Telecommunications ,
Telemarketing ,
Text Messages
• The DOJ has streamlined its process for reviewing CAFA settlement notices.
• The DOJ will likely become more aggressive in reviewing class action settlements for fairness, reasonableness and conformity with DOJ policy...more
• Directors were not entitled to stockholder ratification defense where stockholders only approved the general parameters of director and employee bonuses
• This marks the first time in nearly 60 years that Delaware’s...more
12/22/2017
/ Appeals ,
Board of Directors ,
Bonuses ,
Breach of Duty ,
Corporate Counsel ,
DE Supreme Court ,
Derivative Suit ,
Director Compensation ,
Discretionary Clauses ,
Dismissals ,
Equity Plans ,
Fairness Standard ,
Fiduciary Duty ,
Incentive Compensation ,
New Guidance ,
Ratification ,
Reversal ,
Self-Dealing ,
Shareholder Approval ,
Shareholder Litigation
In its first published opinion applying the Supreme Court’s landmark ruling in Omnicare, Inc. v. Laborers District Council Construction Industry Pension Fund, 135 S. Ct. 1318 (2015), the 2nd Circuit has offered relief to...more
On Monday, April 27, 2015, the Supreme Court agreed to hear an important constitutional case that could dramatically limit the viability of class action lawsuits claiming millions or billions of dollars in statutory damages...more
Last week, SEC Commissioner Luis Aguilar outlined expectations for directors of public companies to manage cybersecurity risk. If you think it is enough that a board of directors reviews annual budgets for privacy and IT...more
The U.S. Securities & Exchange Commission (SEC) provided cybersecurity guidance to the securities industry in the form of a Risk Alert issued by the SEC’s Office of Compliance Inspections and Examinations (OCIE) on April 15,...more
5/15/2014
/ Broker-Dealer ,
Corporate Counsel ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Industry Regulatory Authority (FINRA) ,
FinCEN ,
Investment Adviser ,
NIST ,
OCIE ,
Securities and Exchange Commission (SEC)