In this month's edition of our Privacy & Cybersecurity Update, we reflect on the GDPR's one-year anniversary while also examining the EU's new Cybersecurity Act. We also take a look at HHS' new guidance on direct liability of...more
7/2/2019
/ Appeals ,
Business Associates ,
Consumer Privacy Rights ,
Credit Cards ,
Cybersecurity ,
Data Breach ,
Data Sellers ,
Dish Network ,
EU Cybersecurity Act ,
European Council ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Internet Service Providers (ISPs) ,
Liability ,
Merchant Fees ,
Opt-Outs ,
Payment Processors ,
Personal Information ,
Personally Identifiable Information ,
Privacy Laws ,
State and Local Government ,
State Data Breach Notification Statutes ,
TCPA
In this month's edition of our Privacy & Cybersecurity Update, we examine expanded data breach notification laws in New Jersey and Washington state, as well as the SEC's risk alert regarding cloud-based storage solutions. We...more
6/3/2019
/ Amended Rules ,
Annual Reports ,
Cloud Storage ,
Cybersecurity ,
Data Breach ,
Data Protection Authority ,
Data Security ,
Federal Trade Commission (FTC) ,
Finland ,
General Data Protection Regulation (GDPR) ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Risk Alert ,
Securities and Exchange Commission (SEC) ,
State Data Breach Notification Statutes ,
UK
In this month's Privacy & Cybersecurity Update, we examine several recent U.K.-related cybersecurity developments and the SEC's risk alert reminding investment advisers and broker-dealers to follow through on implementing...more
5/1/2019
/ Broker-Dealer ,
Canada ,
Commercial General Liability Policies ,
Cyber Insurance ,
Cyber Policies ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data-Sharing ,
Denial of Insurance Coverage ,
Designated Contract Markets (DCMs) ,
ENISA ,
Equifax ,
EU ,
Fines ,
General Data Protection Regulation (GDPR) ,
Government Investigations ,
Hackers ,
Investment Adviser ,
NCSC ,
OCIE ,
PIPEDA ,
Popular ,
Privacy Comissioners ,
Privacy Laws ,
Privacy Policy ,
Putative Class Actions ,
Regulation S-P ,
Risk Alert ,
Securities and Exchange Commission (SEC) ,
Surveys ,
TCPA ,
UK ,
UK Data Protection Act ,
UK ICO ,
Unsolicited Faxes
In this month's edition of our Privacy & Cybersecurity Update, we examine new cybersecurity legislation in California and Massachusetts, the British government's updates to its cybersecurity laws in anticipation of Brexit and...more
4/2/2019
/ California Consumer Privacy Act (CCPA) ,
Class Action ,
Class Certification ,
Credit Reporting Agencies ,
Credit Reports ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
Gramm-Leach-Blilely Act ,
Popular ,
Privacy Laws ,
Public Comment ,
State Data Breach Notification Statutes ,
Thailand ,
UK ,
UK Brexit
In this month's edition, we examine a judge's ruling allowing an investor suit against Equifax, the dismissal of a class action against the insurer CareFirst and President Donald Trump's launch of a federal artificial...more
3/4/2019
/ Artificial Intelligence ,
Class Action ,
Cybersecurity ,
Data Breach ,
Department of Financial Services ,
Dismissals ,
Equifax ,
Facebook ,
Federal Cartel Offices ,
Federal Data Privacy ,
GAO ,
Germany ,
Investors ,
NAIC ,
NYDFS ,
Popular ,
Privacy Laws ,
Proposed Legislation ,
Trump Administration ,
User-Generated Content
In this month's edition, we examine cybersecurity-related state Supreme Court rulings in Pennsylvania, Vermont and Illinois; the Department of Health and Human Services' cybersecurity guidelines for the health care industry;...more
2/2/2019
/ Actual Injuries ,
Adequacy Requirement ,
Annual Reports ,
Attorney General ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Common Law Claims ,
Corporate Counsel ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Protection Acts ,
Data Protection Authority ,
Denial of Insurance Coverage ,
Department of Health and Human Services (HHS) ,
Employee Privacy Rights ,
EU ,
EU-US Privacy Shield ,
IL Supreme Court ,
Japan ,
Neiman Marcus ,
New Guidance ,
PA Supreme Court ,
Phishing Scams ,
Policy Exclusions ,
Public Hearing ,
Security Standards ,
Settlement ,
State Attorneys General ,
Statutory Rights ,
VT Supreme Court
In this month's edition of our Privacy & Cybersecurity Update, we examine the European Commission's second annual review of the Privacy Shield and the Department of Commerce's guidance on how to comply with the Privacy Shield...more
1/4/2019
/ Artificial Intelligence ,
Banking Sector ,
Cybersecurity ,
Data Protection ,
Data Protection Commissioner ,
Ethics ,
EU ,
EU-US Privacy Shield ,
European Central Bank ,
European Commission ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
General Data Protection Regulation (GDPR) ,
Human Rights ,
Identity Theft ,
Payment Systems ,
Popular ,
Privacy Policy ,
Proposed Amendments ,
Public Comment ,
Security Risk Assessments ,
U.S. Commerce Department ,
UK Brexit
In this month's edition of our Privacy & Cybersecurity Update, we examine a declaration on ethical considerations for artificial intelligence, the annual joint review of the Privacy Shield, a new lawsuit from a snack food...more
12/5/2018
/ Administrative Review ,
Artificial Intelligence ,
Banks ,
Cyber Attacks ,
Cyber Lexicon ,
Cybersecurity ,
Data Protection ,
Data Protection Officers (DPOs) ,
Denial of Insurance Coverage ,
EDPS ,
Ethics ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
Financial Institutions ,
Financial Stability Board ,
FSB ,
General Data Protection Regulation (GDPR) ,
Human Rights ,
Insurance Litigation ,
Malware ,
Personal Data ,
Policy Exclusions ,
Popular ,
Privacy Concerns ,
Privacy Laws ,
Property Insurance ,
Ransomware ,
Secretary of Commerce
In this month's Privacy & Cybersecurity Update, we examine recent trends and court decisions, including a new law in Ohio that provides a safe harbor from tort-based data breach claims if the company adopts certain security...more
10/2/2018
/ Affirmative Defenses ,
Amended Rules ,
California Consumer Privacy Act (CCPA) ,
Class Action ,
Computer Fraud Insurance ,
Cybersecurity ,
Data Breach ,
Data Security ,
General Data Protection Regulation (GDPR) ,
Internet of Things ,
Personal Data ,
Popular ,
Privacy Policy ,
Private Right of Action ,
Social Engineering ,
State Attorneys General ,
State Legislatures ,
UK ,
UK ICO
In this month's edition of our Privacy & Cybersecurity Update, we examine Brazil's new data protection regulation, the French data protection authority's warning to two companies of potential GDPR violations and the U.S....more
9/7/2018
/ Appeals ,
Brazil ,
Breach Notification Rule ,
CNIL ,
Computer Fraud Insurance ,
Consent ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection Acts ,
Data Protection Authority ,
Data Protection Officers (DPOs) ,
Data Retention ,
Denial of Insurance Coverage ,
Department of Homeland Security (DHS) ,
Email ,
Enforcement Actions ,
EU ,
European Commission ,
European Economic Area (EEA) ,
Extraterritoriality Rules ,
France ,
Fraudulent Transfers ,
General Data Protection Regulation (GDPR) ,
Geological Data ,
International Data Transfers ,
Japan ,
Japan-EU Economic Partnership Agreement (EPA) ,
NCCIC ,
Personal Data ,
Policy Terms ,
Popular ,
Public Private Partnerships (P3s) ,
Reciprocity Rules ,
Reversal ,
Scams ,
Social Engineering ,
Spoofing ,
Standard Contractual Clauses ,
Warning Letters ,
Wire Fraud
In this month's edition of our Privacy & Cybersecurity Update, we examine new privacy laws in Germany, an FTC settlement with an alleged consumer loan company over unfair and deceptive practices, the dismissal of a data...more
8/2/2017
/ Children's Toys ,
Civil Monetary Penalty ,
Consumer Financial Products ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection ,
Dismissals ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Germany ,
Incident Response Plans ,
Lenders ,
Member State ,
Popular ,
Privacy Laws ,
Risk Mitigation ,
Settlement ,
Standing ,
Unfair or Deceptive Trade Practices
In this edition of our Privacy & Cybersecurity Update, we discuss how the prospect of a new chair and three new commissioners at the FTC may impact the agency's approach to cybersecurity regulation, a new Massachusetts...more
2/4/2017
/ Administrative Appointments ,
Breach Notification Rule ,
Cyber Insurance ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Internet of Things ,
NIST ,
OCR ,
Popular ,
Privacy Policy ,
Public Disclosure ,
Software ,
Swiss Privacy Shield ,
Trump Administration
In this month's edition of our Privacy & Cybersecurity Update, we examine modifications to New York state's proposed cybersecurity regulations for financial institutions, a 5th Circuit ruling that a phishing scam is not...more
1/4/2017
/ Banks ,
Commercial Crime Insurance Polices ,
Consumer Insurance Products ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Department of Financial Services ,
FCC ,
Home Depot ,
Internet of Things ,
Phishing Scams ,
Privacy Laws ,
Trump Administration ,
U.S. Treasury
In this month's Privacy & Cybersecurity Update, we review an 11th Circuit case involving the longstanding battle between the FTC and medical company LabMD, recent NIST guidelines for securing devices connected to the...more
12/2/2016
/ Administrative Appeals ,
Appeals ,
China ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Breach ,
Data Security ,
Federal Trade Commission (FTC) ,
FTC Act ,
Geo-Blocking ,
LabMD ,
LinkedIn ,
NIST ,
Russia ,
Section 5 ,
Third-Party Service Provider ,
Unfair or Deceptive Trade Practices
In this edition of our Privacy & Cybersecurity Update, we take a look at the FCC's new rules for broadband privacy, the FTC's new playbook for data breach response and notification, the NHTSA's voluntary guidance for...more
11/2/2016
/ Actual Injuries ,
Automotive Industry ,
Breach Notification Rule ,
Broadband ,
Cloud Computing ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Driverless Cars ,
EU ,
FCC ,
Federal Bank Regulatory Agencies ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
FTC Guidelines ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Incident Response Plans ,
IP Addresses ,
National Broadband Plan ,
NHTSA ,
Popular ,
Privacy Laws ,
Risk Assessment ,
Risk Mitigation
In this edition of our Privacy & Cybersecurity Update, we examine the Sixth Circuit's decision to allow injury-in-fact to be established by alleging a "substantial risk of harm" in a data breach case, New York state's...more
10/3/2016
/ Article III ,
CFTC ,
Class Action ,
Commodities ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Financial Markets ,
Germany ,
International Data Transfers ,
NIST ,
NYDFS ,
Personal Data ,
Popular ,
Standing ,
UK ,
Young Lawyers
New York state has proposed a new regulation — to go into effect January 1, 2017 — that would require banks, insurance companies and other financial services institutions regulated by the New York State Department of...more
9/15/2016
/ Banks ,
Chief Information Security Officer (CISO) ,
Comment Period ,
Covered Entities ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Protection ,
Data Retention ,
Financial Institutions ,
Gramm-Leach-Blilely Act ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Insurance Industry ,
NYDFS ,
Popular ,
Proposed Regulation ,
Risk Assessment ,
Risk Management
In this edition of our Privacy & Cybersecurity Update, we highlight guidance issued by the Irish data protection authority regarding the use of location data, as well as the FTC's request for comment on its Standards for...more
9/2/2016
/ Attorney General ,
Centers for Medicare & Medicaid Services (CMS) ,
Class Action ,
Consent ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Protection Authority ,
Federal Trade Commission (FTC) ,
Injury-in-Fact ,
Internet Retailers ,
Invasion of Privacy ,
Ireland ,
Location Data ,
Misrepresentation ,
NAIC ,
Nursing Homes ,
Personal Data ,
Privacy Laws ,
Public Comment ,
Right to Privacy ,
Safeguards Rule ,
Settlement ,
Social Media Policy ,
Standing ,
State Data Breach Notification Statutes
In this edition of our Privacy & Cybersecurity Update, we examine the impact of Brexit on EU data protection, court rulings on cyber insurance policy exclusions and coverage gaps, recent statements from the FTC and the...more
6/30/2016
/ Banks ,
Bonds ,
Class Action ,
Corporate Counsel ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Protection Authority ,
Electronic Health Record Incentives ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
Fashion Industry ,
Federal Trade Commission (FTC) ,
FFIEC ,
Fraudulent Transfers ,
Germany ,
Hackers ,
Internet of Things ,
Privacy Laws ,
Spokeo v Robins ,
Standing ,
UK Brexit ,
Young Lawyers
In this edition of our Privacy & Cybersecurity Update, we examine recent developments, including the U.S. Supreme Court's holding in Spokeo that consumer plaintiffs must show "real harm" to sue in federal court, the EU data...more
6/3/2016
/ Antitrust Violations ,
Article III ,
Breach Notification Rule ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Protection Commissioner ,
EU-US Privacy Shield ,
Injury-in-Fact ,
Ireland ,
Privacy Laws ,
Risk of Loss ,
SCOTUS ,
Spokeo v Robins ,
Standing ,
Subrogation
In this edition of our Privacy & Cybersecurity Update, we examine changes to EU privacy and data protection laws, new state laws addressing data breach notifications, Congress' review of cyber insurance, and recent court...more
5/3/2016
/ Class Action ,
Commercial General Liability Policies ,
Corporate Counsel ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Encryption ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
Future Harm ,
General Data Protection Regulation (GDPR) ,
Mobile Health Apps ,
Notice Requirements ,
Standing ,
State Data Breach Notification Statutes ,
Young Lawyers
In this edition of our Privacy & Cybersecurity Update, we examine the FCC's proposed privacy rules for broadband providers; new developments relating to the Privacy Shield, which was created to replace the U.S.-EU Safe Harbor...more
4/4/2016
/ Consumer Financial Protection Bureau (CFPB) ,
Cyber Insurance ,
Cybersecurity ,
Data Protection Authority ,
Data Security ,
Department of Defense (DOD) ,
EU ,
EU-US Privacy Shield ,
FCC ,
Internet Service Providers (ISPs) ,
IRS ,
Phishing Scams ,
Privacy Policy ,
US-EU Safe Harbor Framework
Two days after the original January 31 deadline, the European Union and United States have announced a replacement for the Safe Harbor agreement — the EU-U.S. Privacy Shield — which, if approved, will provide a new framework...more
Consumer Electronics Association Releases Best Practices For Privacy and Security of Personal Wellness Data -
In late October 2015, the Consumer Electronics Association released guiding principles governing the...more
11/30/2015
/ Actual Injuries ,
Commodity Exchange Act (CEA) ,
Cybersecurity ,
Do Not Track ,
EU Data Protection Laws ,
FCC ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
International Data Transfers ,
Privacy Concerns ,
US-EU Safe Harbor Framework
In this edition of our Privacy & Cybersecurity Update, we discuss what companies need to know in the wake of the EU Court of Justice's rejection of the U.S.-EU Safe Harbor framework and take a look at the following important...more
11/3/2015
/ Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Protection ,
Data Protection Authority ,
ECPA ,
EU Data Protection Laws ,
International Data Transfers ,
Mobile Apps ,
New Legislation ,
Personal Data ,
Popular ,
Privacy Policy ,
Safe Harbors ,
Schrems I & Schrems II ,
US-EU Safe Harbor Framework ,
VPPA