On July 26, 2023, the Securities and Exchange Commission adopted new rules imposing disclosure requirements regarding cybersecurity risk management, strategy, governance and incidents. The new rules, which became effective...more
9/8/2023
/ Annual Reports ,
Canada ,
Compliance ,
Compliance Dates ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Disclosure Requirements ,
EDGAR ,
Foreign Private Issuers ,
Form 10-K ,
Form 10-Q ,
Form 20-F ,
Form 8-K ,
Publicly-Traded Companies ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Smaller Reporting Companies
Governor Spencer Cox of Utah has now signed into law the Utah Consumer Privacy Act (“UCPA”), which was recently passed unanimously by the Utah legislature, and which will go into effect on December 31, 2023. Utah joins...more
The U.S. Supreme Court’s recent decision in TransUnion LLC v. Ramirez will make it far more difficult for class action plaintiffs to demonstrate the requisite harm to satisfy Article III standing. Although involving a...more
7/1/2021
/ Article III ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Class Action ,
Class Members ,
Credit Reporting Agencies ,
Credit Reports ,
Fair Credit Reporting Act (FCRA) ,
Injury-in-Fact ,
SCOTUS ,
Standing ,
TransUnion ,
TransUnion LLC v Ramirez
State Notifications Deemed to Trigger DFS Reporting of Non-material Breaches -
Two successive Consent Orders have demonstrated the seriousness of non-compliance with New York’s Department of Financial Services financial...more
When the California Consumer Privacy Act (“CCPA”) went into effect on January 1, 2020, most observers expected a flood of CCPA class action lawsuits against companies essentially defenseless against the proscriptive liability...more
Health and retirement benefit plans subject to the Employee Retirement Income Security Act (“ERISA”) have troves of personal information regarding plan participants and their beneficiaries - e.g., participants’ age, marital...more
1/4/2021
/ Benefit Plan Sponsors ,
Corporate Counsel ,
Employee Benefits ,
Employee Retirement Income Security Act (ERISA) ,
ERISA Litigation ,
Fiduciary ,
Fiduciary Duty ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Patient Privacy Rights ,
Personal Information ,
PHI ,
Retirement Plan ,
Risk Management ,
Sensitive Personal Information
Almost as soon as COVID-19 began ravaging the world, countries turned their hopes to mobile apps as a weapon to fight against it. Contact tracing was quickly recognized as a potential tool to monitor, and possibly contain,...more
Since the beginning of the year, industry leaders and counsel advising clients on data security issues have held their collective breath in anticipation of the tsunami of California Consumer Privacy Act (CCPA) lawsuits. The...more
2/18/2020
/ California Consumer Privacy Act (CCPA) ,
Common Law Claims ,
Consumer Privacy Rights ,
Contribution Claims ,
Data Breach ,
Indemnification ,
Negligence ,
Personal Information ,
Privacy Laws ,
Retroactivity ,
Security and Privacy Controls ,
Unfair Competition Law (UCL)
The California Attorney General recently published a report assessing CCPA compliance costs. The report attempts to quantify the monetary value of consumers’ personal data, and estimates the total value of personal data...more
12/3/2019
/ B2B Transactions ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Brokers ,
Data Processors ,
Minors ,
Personal Information ,
Popular ,
Privacy Laws ,
State Attorneys General ,
Subject Access Request (SAR)
On October 11, 2019, the California Attorney General (the “California AG”) issued draft regulations (the “Draft Regulations”) pursuant to his authority under the California Consumer Privacy Act of 2018 (“CCPA”). The...more
10/17/2019
/ Anti-Discrimination Policies ,
California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Covered Entities ,
Minors ,
Notice Requirements ,
Personal Information ,
Privacy Laws ,
Proposed Regulation ,
State Attorneys General
On July 9, 2019, the California Senate Judiciary Committee advanced a number of proposed amendments to the California Consumer Privacy Act (“CCPA” or the “Act”), including changes that would significantly impact the treatment...more
New York continued its active legislative session last week, this time by expanding its data breach notification law. The SHIELD Act (Stop Hacks and Improve Electronic Data Security), signed by Governor Andrew Cuomo on July...more
7/30/2019
/ Credit Reporting Agencies ,
Cybersecurity ,
Damages ,
Data Breach ,
Data Privacy ,
Data Protection ,
Enforcement ,
Equifax ,
General Data Protection Regulation (GDPR) ,
New Legislation ,
Personal Information ,
Popular
The French Data Protection Authority, CNIL, has fined Google $50 Million Euros for Google’s alleged failure to comply with the EU’s sweeping General Data Protection Regulation (GDPR). The enforcement action is significant for...more
1/31/2019
/ CNIL ,
Corporate Fines ,
Data Protection ,
Data Protection Authority ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
France ,
General Data Protection Regulation (GDPR) ,
Google ,
Personal Data ,
Regulatory Violations
On June 28, 2018, the California Legislature unanimously passed, and the Governor immediately signed, a sweeping expansion of data privacy protections for residents of California. Assembly Bill No. 375, entitled the...more
The California Legislature has passed a bill to amend the California Consumer Privacy Act of 2018 (the “CCPA”) that eliminates Attorney General’s gate keeping function, and fixes various drafting errors. Senate Bill No. 1121...more
In what could be a harbinger of things to come for business models negatively impacted by the throttling of data flow under the European Union’s General Data Protection Regulation (“GDPR”), Nielsen Holdings (“Nielsen”) was...more
In what could be a harbinger of things to come for business models negatively impacted by the throttling of data flow under the European Union’s General Data Protection Regulation (“GDPR”), Nielsen Holdings was named in a...more
Back in 1972, California voters added privacy to the state constitution’s list of inalienable rights. On June 28, 2018, the California Legislature enacted and Governor Brown signed the California Consumer Privacy Act of 2018....more
The Federal Trade Commission (“FTC”) has long been considered the agency best suited to regulate data security. The Eleventh Circuit dealt a serious setback to that authority yesterday in LabMD v. FTC, No. 16-16270, striking...more
The US Supreme Court has granted certiorari to review a decision by the Second Circuit Court of Appeals, which reversed a District Court’s refusal to quash a warrant issued by the Department of Justice to Microsoft that would...more
Tax season can be a trying time of the year for any employer, but even more so now. As HR Departments across the country are working hard to distribute W-2 forms to employees, cybercriminals are using increasingly...more
On October 27, 2016, the Federal Communications Commission (“FCC” or “Commission”) adopted sweeping new privacy rules applicable to all telecommunications providers including broadband internet access service (“BIAS”) and...more
In two independent and much-anticipated events, separate EU entities took actions which will continue to complicate the ability of US companies to do business in Europe.
Privacy Shield Provisions Found Lacking by Working...more
The Obama Administration has just released the proposed text of the Personal Data Notification & Protection Act as the latest step in its uniform federal breach notification initiative. Similar legislative efforts in the past...more
In a decision with far-reaching consequences, the European Court of Justice (located in Luxembourg) (“ECJ”) ruled on May 13, 2014, that E.U. citizens can demand that search engines – in this instance Google – must delete...more