Are You Ready for Canada’s New Privacy Breach Rules?
Mandatory privacy breach notification, reporting, and record-keeping obligations under Canada’s federal data protection law, the Personal Information Protection and Electronic Documents Act, came into force on November 1, 2018.
SEC Issues Risk Alert Noting Common Regulation S-P Compliance Issues
The SEC’s Office of Compliance Inspections and Examinations has issued a risk alert providing an overview of the most common deficiencies or weaknesses in investment adviser and broker-dealer compliance with the Safeguards Rule of Regulation S-P, based on recent examinations.
FTC Announces New Cybersecurity Requirements, Privacy Rule Update
In March, the Federal Trade Commission announced proposed updates to two key privacy and security regulations, the Safeguards Rule and Privacy Rule. Both rules implement regulations under the federal Gramm–Leach–Bliley Act.
The Supreme Court Signals Further Review of Article III Standing
On March 20, the Supreme Court issued an opinion concerning the requirements for Article III standing for statutory violations under the Stored Communications Act. While the Supreme Court did not express an opinion about how this issue should be decided, its ruling signals the Court’s direction to carefully examine Article III standing given mere statutory violations.
Time for a General Federal Privacy Law? Peter Swire Opens the Discussion on Potential Preemptive Effects
In this IAPP article, Alston & Bird senior counsel Peter Swire discusses the potential for a general U.S. privacy law and whether and to what extent this new federal law would “preempt” state privacy protections.
HHS Releases New “Health Industry Cybersecurity Practices”
The Department of Health and Human Services has issued new voluntary cybersecurity guidance for the health care industry, “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients.”
Selected Developments in U.S. State Law
The Coming Regulation of Artificial Intelligence? EU Publishes AI Guidelines
On April 8, 2019, the European Commission High-Level Expert Group on Artificial Intelligence released the final version of its Ethics Guidelines for Trustworthy AI. While the guidelines are not binding law, the creation of the guidelines (including an AI assessment pilot) is a significant development toward potential direct regulation of the implementation of AI.
Google-Style GDPR Fines for Everyone? Bavarian DPA Conducts Website Cookie Practices Sweep, Announces Fines Under Consideration
Recent developments from the Bavarian DPA potentially signal that cookies, user tracking, and online advertising are not a “tech industry issue,” but instead a priority issue for companies irrespective of their industry—and one that can carry the risk of GDPR fines.
EU and Japan Publish a Joint Release on Their Mutual Adequacy Decisions
On January 23, 2019, the Personal Information Protection Commission of Japan and the European Commission jointly announced the adoption of the decisions recognizing each other’s personal data protection systems as equivalent.
Department of Commerce Issues FAQs on UK’s Exit from the EU
The Department of Commerce issued a number of FAQs on the effect of the UK’s impending exit from the EU on Privacy Shield. As these FAQs make clear, there remains significant uncertainty about how the UK’s exit will play out from a transitional perspective, and Privacy Shield participants will need to plan for at least two different scenarios.
Rich Willis and Laura K. Song Share Insights on the Challenges Data Localization Poses for the Payments Industry via Bloomberg BNA
Rich Willis and Laura K. Song co-authored the Bloomberg BNA article “Data Localization Poses Challenges for Payments Industry and Innovation.” The article addresses why the different jurisdictional approaches to data localization may prove the most impactful to payment innovators.
In the News