Consistent with a growing national trend, Virginia joined California in recently passing consumer privacy legislation with broad national reach. Both the Virginia Consumer Data Protection Act ...more
4/8/2021
/ California Consumer Privacy Act (CCPA) ,
CDPA ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Personal Data ,
Personally Identifiable Information ,
Popular
2020 has been a busy year in privacy law both domestically and around the globe. Some of the most striking developments included enforcement of the California Consumer Privacy Act (CCPA) and passage of the California Privacy...more
1/4/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
Information Governance ,
Personal Data ,
Popular ,
SHIELD Act
On Nov. 11, 2020, the European Data Protection Board (EDPB) published eagerly anticipated guidance in the wake of the July 2020 European Court of Justice’s (ECJ) decision in Schrems II, outlining a process for ensuring data...more
11/23/2020
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
On Oct. 30, 2020, the United Kingdom’s data protection authority, the Information Commissioner’s Office (ICO), in connection with France’s Commission nationale de l’informatique et des libertés (CNIL), announced the largest...more
11/5/2020
/ British Airways ,
CNIL ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Enforcement Actions ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marriott ,
Popular
This past July, a decision by the European Court of Justice (ECJ) struck down the European Union-United States Privacy Shield framework (EU-U.S. Privacy Shield), one mechanism through which companies could transfer personal...more
10/1/2020
/ Binding Corporate Rules ,
Breach of Contract ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Court of Justice (ECJ) ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Agenda ,
Standard Contractual Clauses ,
Switzerland
The Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) has published a risk alert, warning SEC-registered investment advisers, brokers and dealers about the increasing use of...more
10/1/2020
/ Broker-Dealer ,
Cyber Attacks ,
Cybersecurity ,
Data Protection ,
Financial Institutions ,
Investment Adviser ,
OCIE ,
Regulation S-ID ,
Regulation S-P ,
Risk Alert ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
Certain provisions of the New York Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) recently took effect in the state of New York. The act was signed into law by the governor in July 2019, and its data breach...more
At the end of January, the U.S. Securities and Exchange’s Office of Compliance Inspections and Examinations (OCIE) released its “Observations on Cybersecurity and Resiliency Practices” (Observations)....more
2/13/2020
/ Best Practices ,
Bring Your Own Device (BYOD) ,
Business Continuity Plans ,
C-Suite Executives ,
Corporate Governance ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Data Loss Prevention ,
Data Management ,
Data Protection ,
Denial of Service Attacks ,
Disclosure Requirements ,
Incident Response Plans ,
Malware ,
Mobile Device Management ,
Mobile Devices ,
OCIE ,
Policies and Procedures ,
Popular ,
Ransomware ,
Regulatory Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Third-Party Liability ,
Vendors
California’s Consumer Privacy Act (CCPA) went into effect on Jan. 1, 2020. While the CCPA has been interpreted as primarily targeting technology companies and data brokers, it has broad reach and applies to any business that...more
1/29/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Risk Management ,
State and Local Government
The Cayman Islands recently implemented data protection legislation similar to that adopted elsewhere in the world, including the EU’s General Data Protection Regulation (GDPR). The GDPR forced many businesses outside its...more
11/1/2019
/ Breach Notification Rule ,
Cayman Islands ,
Cybersecurity ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Investment Adviser ,
Investment Management ,
New Legislation ,
Personal Data ,
Private Investment Funds
New York is gearing up to enact some of the toughest cybersecurity, privacy and data protection laws in the country. Modeled on the European Union’s General Data Protection Regulation (GDPR) and the California Consumer...more
7/18/2019
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Legislative Agendas ,
Notification Requirements ,
Pending Legislation ,
Personal Data ,
Personally Identifiable Information ,
SHIELD Act ,
State and Local Government ,
State Data Breach Notification Statutes
Evidence gathering differs greatly between common law and civil law jurisdictions. For example, while a U.S. judge may in many instances allow extensive pretrial discovery, a French judge would generally consider nearly any...more
4/5/2019
/ Blocking Statutes ,
CLOUD Act ,
CNIL ,
Cross-Border ,
Data Protection ,
Discovery ,
Evidence ,
Extraterritoriality Rules ,
France ,
General Data Protection Regulation (GDPR) ,
Hague Convention ,
Litigation Strategies ,
Regulatory Standards
This Update highlights key legal and policy developments in cybersecurity and privacy law that may impact important trends for 2019 and beyond. A central takeaway from 2018 is that regulators in the U.S. and abroad are...more
1/28/2019
/ California Consumer Privacy Act (CCPA) ,
Carpenter v US ,
CLOUD Act ,
Cybersecurity ,
Data Breach ,
Data Protection ,
EU ,
Facebook ,
General Data Protection Regulation (GDPR) ,
Google ,
Hackers ,
International Data Transfers ,
Marriott ,
Microsoft ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Power Plants ,
Risk Management ,
Russia ,
Securities and Exchange Commission (SEC) ,
Stored Communications Act
On June 28, 2018, the California Consumer Privacy Act of 2018 (CCPA) was signed into law. The bill was drafted and passed quickly, just prior to a deadline for removing a similar initiative from the ballot that would have...more
On Feb. 21, the Securities and Exchange Commission (SEC) released interpretive guidance on public companies’ disclosure practices regarding cybersecurity breaches and risks to the public....more
3/1/2018
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Disclosure Requirements ,
Hackers ,
Insider Trading ,
Investment Adviser ,
New Guidance ,
Personally Identifiable Information ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC)
On Aug. 7, 2017, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) released a risk alert summarizing the results of its second cybersecurity preparedness examination. ...more
On August 7, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) released a Risk Alert summarizing the results of its second cybersecurity preparedness examination. The...more
Cybersecurity has increasingly moved into the spotlight in recent years, with regulators and financial firms alike clambering to keep pace with rapidly changing demands as threats continue to evolve....more
While the Securities and Exchange Commission (SEC) has garnered significant attention for its increased efforts and focus on regulating and enforcing enhanced cybersecurity measures within the U.S. financial markets, the...more
OCIE Highlights Frequent Topics for Compliance Deficiencies for Investment Advisers -
On Feb. 7, 2017, the Securities and Exchange Commission’s (SEC’s) Office of Compliance Inspections and Examinations (“OCIE”) published...more
3/2/2017
/ Books & Records ,
Chief Compliance Officers ,
Covered Agreement ,
Custody Rule ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Enforcement Actions ,
Ethics ,
EU ,
Filing Requirements ,
Financial Institutions ,
Financial Services Industry ,
Form ADV ,
Insurance Industry ,
Investment Adviser ,
Investment Advisers Act of 1940 ,
NYDFS ,
OCIE ,
Registered Investment Companies (RICs) ,
Regulatory Oversight ,
Reinsurance ,
Risk Alert ,
Rule 204-2 ,
Securities and Exchange Commission (SEC) ,
Strict Compliance