Last week the Biden administration and the European Commission jointly announced a new trans-Atlantic data flow agreement. While no specifics have yet been made public, a recent press release gives the high-level facts of...more
The Federal Trade Commission (FTC) issued a surprisingly strong warning to companies that they may face potential regulatory action if they fail to address known vulnerabilities, focusing in particular on the Log4j...more
Gary Gensler, Chair of the U.S. Securities and Exchange Commission (SEC), signaled a new era of cybersecurity law (and accompanying enforcement) in his keynote address “Cybersecurity and Securities Laws” on January 24, 2022,...more
Public comments to recently published regulations governing compliance with the California Privacy Rights Act (CPRA) show that stakeholders sharply disagree on multiple areas of the CPRA. Seventy submissions totaling nearly...more
On September 21, 2021, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) published an updated sanctions advisory, providing guidance to companies on sanctions compliance obligations related to ransomware...more
12/14/2021
/ Compliance ,
Cryptocurrency ,
Cyber Attacks ,
Cybersecurity ,
Data Security ,
New Guidance ,
Office of Foreign Assets Control (OFAC) ,
Ransomware ,
Sanctions ,
U.S. Treasury ,
Virtual Currency
On October 1, 2021, two Acts overhauling data privacy and cybersecurity in Connecticut took effect—the latest instance of stronger state breach reporting requirements with a safe harbor protection from litigation for...more
10/7/2021
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Notification Requirements ,
Personal Information ,
Popular ,
Safe Harbors ,
State Data Breach Notification Statutes
A number of important new privacy law developments arrived in the month of August, chiefly enactment of the new Illinois Protecting Household Privacy Act, which restricts law enforcement access to data collected from the home...more
On August 30, 2021, the Securities and Exchange Commission announced three enforcement actions against registered investment advisers for alleged cybersecurity failures involving cloud-based email systems. All three actions...more
Recent developments in the tech sector in China, including government directives concerning heightened regulatory scrutiny of tech companies listed or looking to list in the US or on exchanges in other overseas jurisdictions,...more
On April 21, 2021, the European Commission (Commission) published its draft Regulation on Artificial Intelligence (AI). It follows the strategies outlined in the February 2020 Commission’s White Paper on AI. The draft...more
5/3/2021
/ Artificial Intelligence ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
European Commission ,
Popular ,
Proposed Regulation ,
Registration Requirement ,
Transparency
The National Association of Insurance Commissioner (NAIC)’s model data security law (“Model Law”) was recently adopted by Maine and North Dakota. This addition brings the total number to states that have joined the NAIC...more
On Tuesday, April 20, the Senate Commerce, Science and Transportation Committee held a hearing on the Federal Trade Commission’s (FTC) authority to protect consumers.
The hearing featured discussion from lawmakers on the...more
Last month, the Department of the Treasury and the Federal Reserve System issued a joint notice of proposed rulemaking, available here, requiring banking organizations to provide notification no later than 36 hours after a...more
A data analytics company for the mortgage industry is facing allegations of violating the Gramm-Leach Bliley Act (GLBA), stemming from a data breach of a third-party vendor. In its complaint, the Federal Trade Commission...more
On Tuesday, November 17, the Senate passed H.R. 1668, the Internet of Things (IoT) Cybersecurity Improvement Act of 2020, by unanimous consent. The bill, which previously passed the House of Representatives in September after...more
A coalition of African nations have developed a data protection framework with the goal of centralizing data protection laws and the digital economy across Africa. Currently, five countries, including Nigeria, are testing the...more
10/28/2020
/ Africa ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Transfers ,
Information Security ,
International Data Transfers ,
Multinationals ,
New Guidance ,
Personal Data ,
Personally Identifiable Information
United Kingdom, French and Belgian national security laws (and such laws of other EU Member States) fell under the scrutiny of the Court of Justice of the European Union (CJEU), which on October 6, 2020, ruled on whether such...more
10/14/2020
/ Consumer Privacy Rights ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Retention ,
Data Security ,
Electronic Communications ,
EU ,
General Data Protection Regulation (GDPR) ,
Member State ,
National Security ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
UK
On September 15, 2020, the New York Attorney General (NYAG) reached a Consent and Stipulation Agreement (the “Agreement”) with Dunkin’ Brand’s Inc. a year after filing a lawsuit over the company’s response to cyberattacks in...more
10/6/2020
/ Consent Agreements ,
Consumer Privacy Rights ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Security ,
Debit and Credit Card Transactions ,
Dunkin' Donuts ,
Failure to Notify ,
Hackers ,
Information Security ,
Personally Identifiable Information ,
Settlement ,
State Attorneys General ,
State Data Breach Notification Statutes
Two developments in the United Kingdom demonstrate the country’s renewed commitment to a sustainable data strategy with appropriate privacy and security safeguards. First, on September 9, 2020, the U.K. government published a...more
9/30/2020
/ Artificial Intelligence ,
Cyber Threats ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Security ,
Data Storage ,
International Data Transfers ,
Personal Data ,
Research and Development ,
UK
The Federal Data Protection and Information Commissioner (FDPIC) has determined that the Swiss-United States Privacy Shield does not provide an adequate level of data protection for data transfers from Switzerland to the U.S....more
9/30/2020
/ Binding Corporate Rules ,
Data Privacy ,
Data Protection ,
Data Security ,
Encryption ,
EU-US Privacy Shield ,
International Data Transfers ,
Personally Identifiable Information ,
Risk Assessment ,
Standard Contractual Clauses ,
Swiss Privacy Shield ,
Switzerland
On Friday September 4, 2020, the European Data Protection Board (EDPB), a body consisting of representatives of all the Data Protection Authorities (DPAs) in the European Economic Area, announced that it had formed two new...more
9/14/2020
/ Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Security ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information
Massachusetts Attorney General (AG) Maura Healey announced the creation of a Data Privacy and Security Division, focusing on protecting consumers from privacy and security breaches and threats. AG Healey named Sara Cable as...more
8/20/2020
/ Consumer Privacy Rights ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Equal Access ,
Internet ,
Personal Data ,
Popular ,
Privacy Laws ,
State Attorneys General
On March 5, 2020, Gov. Phil Scott (VT-R) signed into law amendments to the Security Breach Notice Act (the “Act”). The amendments, which originated in the State Senate as part of an initiative addressing a number of data...more
8/10/2020
/ Amended Legislation ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Governor Scott ,
New Guidance ,
Notice Requirements ,
Personally Identifiable Information ,
Popular ,
State Attorneys General
On July 21, 2020, the New York Department of Financial Services (DFS) filed a “Statement of Charges and Notice of Hearing” (the “Charges”) against First American Title Insurance Company (the “Company”) alleging violations of...more
8/7/2020
/ Banking Sector ,
Banks ,
Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Financial Services ,
Enforcement Actions ,
Financial Institutions ,
Financial Services Industry ,
Personally Identifiable Information ,
Sensitive Personal Information ,
Websites
Cybersecurity threat actors are targeting information of businesses seeking assistance during this time of crisis. For example, last week the Small Business Administration (SBA) reported a suspected data breach, affecting...more