In this month's Privacy & Cybersecurity Update, we examine recent trends and court decisions, including a new law in Ohio that provides a safe harbor from tort-based data breach claims if the company adopts certain security...more
10/2/2018
/ Affirmative Defenses ,
Amended Rules ,
California Consumer Privacy Act (CCPA) ,
Class Action ,
Computer Fraud Insurance ,
Cybersecurity ,
Data Breach ,
Data Security ,
General Data Protection Regulation (GDPR) ,
Internet of Things ,
Personal Data ,
Popular ,
Privacy Policy ,
Private Right of Action ,
Social Engineering ,
State Attorneys General ,
State Legislatures ,
UK ,
UK ICO
In this month's edition of our Privacy & Cybersecurity Update, we examine Brazil's new data protection regulation, the French data protection authority's warning to two companies of potential GDPR violations and the U.S....more
9/7/2018
/ Appeals ,
Brazil ,
Breach Notification Rule ,
CNIL ,
Computer Fraud Insurance ,
Consent ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection Acts ,
Data Protection Authority ,
Data Protection Officers (DPOs) ,
Data Retention ,
Denial of Insurance Coverage ,
Department of Homeland Security (DHS) ,
Email ,
Enforcement Actions ,
EU ,
European Commission ,
European Economic Area (EEA) ,
Extraterritoriality Rules ,
France ,
Fraudulent Transfers ,
General Data Protection Regulation (GDPR) ,
Geological Data ,
International Data Transfers ,
Japan ,
Japan-EU Economic Partnership Agreement (EPA) ,
NCCIC ,
Personal Data ,
Policy Terms ,
Popular ,
Public Private Partnerships (P3s) ,
Reciprocity Rules ,
Reversal ,
Scams ,
Social Engineering ,
Spoofing ,
Standard Contractual Clauses ,
Warning Letters ,
Wire Fraud
This issue of Skadden’s semiannual Cross-Border Investigations Update takes a close look at recent cases, regulatory activity and other key developments, including the use of legal holds in cross-border investigations,...more
8/29/2018
/ China ,
Civil Monetary Penalty ,
Cooperation ,
Criminal Investigations ,
Cross-Border Transactions ,
Cryptocurrency ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Department of Justice (DOJ) ,
Enforcement Actions ,
EU ,
Fee Reductions ,
General Data Protection Regulation (GDPR) ,
Initial Coin Offering (ICOs) ,
Personal Liability ,
Popular ,
Privileged Communication ,
Serious Fraud Office (SFO) ,
Settlement ,
Trump Administration ,
UK
In this month's edition of our Privacy & Cybersecurity Update, we examine new privacy laws in Germany, an FTC settlement with an alleged consumer loan company over unfair and deceptive practices, the dismissal of a data...more
8/2/2017
/ Children's Toys ,
Civil Monetary Penalty ,
Consumer Financial Products ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection ,
Dismissals ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Germany ,
Incident Response Plans ,
Lenders ,
Member State ,
Popular ,
Privacy Laws ,
Risk Mitigation ,
Settlement ,
Standing ,
Unfair or Deceptive Trade Practices
Cybersecurity has in recent years become an integral component of a board’s role in risk oversight, but directors often find themselves in unfamiliar territory when it comes to formulating policies and oversight processes...more
4/14/2017
/ Board of Directors ,
China ,
Compliance ,
Customer Information ,
Cyber Insurance ,
Cybersecurity ,
Data Security ,
Disclosure Requirements ,
NYDFS ,
Oversight Committee ,
Popular ,
Ransomware ,
Risk Assessment ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
State and Local Government
In this edition of our Privacy & Cybersecurity Update, we discuss how the prospect of a new chair and three new commissioners at the FTC may impact the agency's approach to cybersecurity regulation, a new Massachusetts...more
2/4/2017
/ Administrative Appointments ,
Breach Notification Rule ,
Cyber Insurance ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Internet of Things ,
NIST ,
OCR ,
Popular ,
Privacy Policy ,
Public Disclosure ,
Software ,
Swiss Privacy Shield ,
Trump Administration
In this month's edition of our Privacy & Cybersecurity Update, we examine modifications to New York state's proposed cybersecurity regulations for financial institutions, a 5th Circuit ruling that a phishing scam is not...more
1/4/2017
/ Banks ,
Commercial Crime Insurance Polices ,
Consumer Insurance Products ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Department of Financial Services ,
FCC ,
Home Depot ,
Internet of Things ,
Phishing Scams ,
Privacy Laws ,
Trump Administration ,
U.S. Treasury
In this month's Privacy & Cybersecurity Update, we review an 11th Circuit case involving the longstanding battle between the FTC and medical company LabMD, recent NIST guidelines for securing devices connected to the...more
12/2/2016
/ Administrative Appeals ,
Appeals ,
China ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Breach ,
Data Security ,
Federal Trade Commission (FTC) ,
FTC Act ,
Geo-Blocking ,
LabMD ,
LinkedIn ,
NIST ,
Russia ,
Section 5 ,
Third-Party Service Provider ,
Unfair or Deceptive Trade Practices
In this edition of our Privacy & Cybersecurity Update, we take a look at the FCC's new rules for broadband privacy, the FTC's new playbook for data breach response and notification, the NHTSA's voluntary guidance for...more
11/2/2016
/ Actual Injuries ,
Automotive Industry ,
Breach Notification Rule ,
Broadband ,
Cloud Computing ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Driverless Cars ,
EU ,
FCC ,
Federal Bank Regulatory Agencies ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
FTC Guidelines ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Incident Response Plans ,
IP Addresses ,
National Broadband Plan ,
NHTSA ,
Popular ,
Privacy Laws ,
Risk Assessment ,
Risk Mitigation
In this edition of our Privacy & Cybersecurity Update, we examine the Sixth Circuit's decision to allow injury-in-fact to be established by alleging a "substantial risk of harm" in a data breach case, New York state's...more
10/3/2016
/ Article III ,
CFTC ,
Class Action ,
Commodities ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Financial Markets ,
Germany ,
International Data Transfers ,
NIST ,
NYDFS ,
Personal Data ,
Popular ,
Standing ,
UK ,
Young Lawyers
New York state has proposed a new regulation — to go into effect January 1, 2017 — that would require banks, insurance companies and other financial services institutions regulated by the New York State Department of...more
9/15/2016
/ Banks ,
Chief Information Security Officer (CISO) ,
Comment Period ,
Covered Entities ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Protection ,
Data Retention ,
Financial Institutions ,
Gramm-Leach-Blilely Act ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Insurance Industry ,
NYDFS ,
Popular ,
Proposed Regulation ,
Risk Assessment ,
Risk Management
In this edition of our Privacy & Cybersecurity Update, we highlight guidance issued by the Irish data protection authority regarding the use of location data, as well as the FTC's request for comment on its Standards for...more
9/2/2016
/ Attorney General ,
Centers for Medicare & Medicaid Services (CMS) ,
Class Action ,
Consent ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Protection Authority ,
Federal Trade Commission (FTC) ,
Injury-in-Fact ,
Internet Retailers ,
Invasion of Privacy ,
Ireland ,
Location Data ,
Misrepresentation ,
NAIC ,
Nursing Homes ,
Personal Data ,
Privacy Laws ,
Public Comment ,
Right to Privacy ,
Safeguards Rule ,
Settlement ,
Social Media Policy ,
Standing ,
State Data Breach Notification Statutes
In this edition of our Privacy & Cybersecurity Update, we examine the impact of Brexit on EU data protection, court rulings on cyber insurance policy exclusions and coverage gaps, recent statements from the FTC and the...more
6/30/2016
/ Banks ,
Bonds ,
Class Action ,
Corporate Counsel ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Protection Authority ,
Electronic Health Record Incentives ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
Fashion Industry ,
Federal Trade Commission (FTC) ,
FFIEC ,
Fraudulent Transfers ,
Germany ,
Hackers ,
Internet of Things ,
Privacy Laws ,
Spokeo v Robins ,
Standing ,
UK Brexit ,
Young Lawyers
In this edition of our Privacy & Cybersecurity Update, we examine recent developments, including the U.S. Supreme Court's holding in Spokeo that consumer plaintiffs must show "real harm" to sue in federal court, the EU data...more
6/3/2016
/ Antitrust Violations ,
Article III ,
Breach Notification Rule ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Protection Commissioner ,
EU-US Privacy Shield ,
Injury-in-Fact ,
Ireland ,
Privacy Laws ,
Risk of Loss ,
SCOTUS ,
Spokeo v Robins ,
Standing ,
Subrogation
In this edition of our Privacy & Cybersecurity Update, we examine changes to EU privacy and data protection laws, new state laws addressing data breach notifications, Congress' review of cyber insurance, and recent court...more
5/3/2016
/ Class Action ,
Commercial General Liability Policies ,
Corporate Counsel ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Encryption ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
Future Harm ,
General Data Protection Regulation (GDPR) ,
Mobile Health Apps ,
Notice Requirements ,
Standing ,
State Data Breach Notification Statutes ,
Young Lawyers
In this edition of our Privacy & Cybersecurity Update, we examine the FCC's proposed privacy rules for broadband providers; new developments relating to the Privacy Shield, which was created to replace the U.S.-EU Safe Harbor...more
4/4/2016
/ Consumer Financial Protection Bureau (CFPB) ,
Cyber Insurance ,
Cybersecurity ,
Data Protection Authority ,
Data Security ,
Department of Defense (DOD) ,
EU ,
EU-US Privacy Shield ,
FCC ,
Internet Service Providers (ISPs) ,
IRS ,
Phishing Scams ,
Privacy Policy ,
US-EU Safe Harbor Framework
Consumer Electronics Association Releases Best Practices For Privacy and Security of Personal Wellness Data -
In late October 2015, the Consumer Electronics Association released guiding principles governing the...more
11/30/2015
/ Actual Injuries ,
Commodity Exchange Act (CEA) ,
Cybersecurity ,
Do Not Track ,
EU Data Protection Laws ,
FCC ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
International Data Transfers ,
Privacy Concerns ,
US-EU Safe Harbor Framework
In this edition of our Privacy & Cybersecurity Update, we discuss what companies need to know in the wake of the EU Court of Justice's rejection of the U.S.-EU Safe Harbor framework and take a look at the following important...more
11/3/2015
/ Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Protection ,
Data Protection Authority ,
ECPA ,
EU Data Protection Laws ,
International Data Transfers ,
Mobile Apps ,
New Legislation ,
Personal Data ,
Popular ,
Privacy Policy ,
Safe Harbors ,
Schrems I & Schrems II ,
US-EU Safe Harbor Framework ,
VPPA
“Decision 2000/520 is invalid.” With those four words, the Court of Justice of the European Union (CJEU) sent shock waves through the European and U.S. business communities on October 6, 2015, with a landmark decision finding...more
10/7/2015
/ Cybersecurity ,
Data Protection Authority ,
Edward Snowden ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Facebook ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Ireland ,
National Security ,
National Security Agency (NSA) ,
Personal Data ,
Privacy Laws ,
Right to Privacy ,
Safe Harbors ,
Schrems I & Schrems II ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
Third Circuit Affirms FTC’s Authority Over Cybersecurity:
In the Wyndham case, the Third Circuit affirmed that the FTC has the authority to regulate cybersecurity under Section 5 of the FTC Act, and that the language of...more
9/2/2015
/ Administrative Authority ,
Automobile Recall ,
Brokers ,
Compliance ,
Connected Cars ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Security ,
Federal Trade Commission (FTC) ,
FTC v Wyndham ,
Hackers ,
Metadata ,
National Security Agency (NSA) ,
Privacy Concerns ,
Safe Harbors ,
Section 5 ,
Settlement ,
Target ,
Technology ,
Unfair or Deceptive Trade Practices ,
Visa Inc ,
Wyndham
Seventh Circuit Decision May Make It Easier for Class Action Plaintiffs to Establish Standing in Data Breach Cases -
The Seventh Circuit has issued a decision that could make it much easier for class action plaintiffs to...more
8/4/2015
/ Attorney General ,
Class Action ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Security ,
FCC ,
Federal Trade Commission (FTC) ,
FFIEC ,
Identity Theft ,
Personal Data ,
Security Risk Assessments ,
Standing ,
TCPA
In This Issue:
- USA Freedom Act Brings Changes to Surveillance Program
- Connecticut Enacts Bill Imposing Tighter Data Security Obligations
- Pennsylvania Court Dismisses Data Breach Negligence...more
In This Issue:
- Second Circuit Rules Patriot Act Does Not Authorize Bulk Metadata Collection; Congress Reconsiders Certain Patriot Act Authorities
- SEC Issues Cybersecurity Guidance for Investment Companies...more
6/2/2015
/ Broadband ,
Commercial Bankruptcy ,
Customer Lists ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Enforcement ,
FBI ,
FCC ,
Federal Trade Commission (FTC) ,
Insurance Litigation ,
Internet of Things ,
Investment Adviser ,
Investment Funds ,
Jurisdiction ,
Online Privacy Protection Act ,
Patriot Act ,
Personally Identifiable Information ,
Privacy Laws ,
RadioShack ,
Securities and Exchange Commission (SEC)
In This Issue:
- DOJ Issues Cyber Preparation and Response Guidance
- RadioShack’s Plan to Auction Customer Data Highlights Issues Over Treatment of Such Data as an Asset
- Google v. Vidal-Hall and...more
5/3/2015
/ Commercial Bankruptcy ,
Customer Lists ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Department of Justice (DOJ) ,
FCC ,
Financial Services Authority ,
Google ,
Hulu ,
Information Sharing ,
NAIC ,
Popular ,
RadioShack ,
Third-Party ,
Video Privacy Protection Act
In This Issue
- White House Releases Proposed Privacy Legislation
- Lessons from the Anthem Data Breach
- SEC and FINRA Release Results of Industrywide Cybersecurity Examination Sweeps
- COSO Releases Report on...more
3/2/2015
/ Anthem Blue Cross ,
Automotive Industry ,
Big Data ,
COSO ,
Cybersecurity ,
Data Breach ,
Financial Industry Regulatory Authority (FINRA) ,
Information Sharing ,
Insurance Industry ,
Obama Administration ,
Popular ,
Securities and Exchange Commission (SEC)