The Importance Of Cybersecurity During A Merger & Acquisition Transaction
Like prior weeks’ Updates, this week’s Update features stories on the growing phenomenon of fintech and its effect on the travel industry. Enjoy....more
On April 21, 2022, the United States Court of Appeals for the Fourth Circuit affirmed the dismissal by the United States District Court for the District of Maryland of allegations that Marriott International had violated...more
The Fourth Circuit dismissed an investor’s lawsuit against a hotel chain that had been subject to a data breach, ruling that the company had not made false or misleading public statements about its protection of customer...more
Key Points - Fourth Circuit points to SEC guidance on “less is more” approach to cybersecurity disclosures, while finding such disclosures did not violate federal securities laws. Omissions of data vulnerabilities were...more
Cybersecurity and the related disclosures can be critical issues for any company in today’s environment. This question is at the center of a recent decision by the Fourth Circuit Court of Appeals....more
Investors filed a derivative suit claiming that the company knew about, and failed to mitigate known, existing cybersecurity risks and shortfalls prior to the security breach. In early November, pension funds and...more
After the California Consumer Privacy Act (CCPA) took effect on January 1, 2020, a surge of class action lawsuits predicated on alleged CCPA violations hit businesses. Because of the act’s novelty, it was unclear whether...more
Marriott recently won dismissal of a proposed class action data breach lawsuit alleging several violations, including a violation of the California Consumer Privacy Act (CCPA). The case, Arifur Rahman v. Marriott...more
On January 12, 2021, the federal District Court for the Central District of California dismissed a data breach law suit—including a claim filed under the California Consumer Privacy Act (“CCPA”)—against Marriott...more
Hot on the heels of the £20 million fine issued to British Airways, the Information Commissioner’s Office (“ICO“) has issued Marriott International Inc. (“Marriott“) with a long-awaited penalty notice for its failure to...more
Few will have been surprised that, when the ICO eventually published details of the BA and Marriott fines, the final penalties were very much lower than the £183+ million and £99+ million proposed in the original notices of...more
On 30 October 2020, the UK’s data privacy regulator, the Information Commissioner’s Office (ICO) issued a final penalty notice (Penalty Notice) to fine the hotel chain Marriott International, Inc. (Marriott) for a GDPR data...more
The UK Information Commissioner’s Office (ICO) has recently handed down two of the largest fines relating to a data breach in UK history. In August 2018, British Airways (BA) was subject to a cyberattack which breached the...more
On Oct. 30, 2020, the United Kingdom’s data protection authority, the Information Commissioner’s Office (ICO), in connection with France’s Commission nationale de l’informatique et des libertés (CNIL), announced the largest...more
With it being Halloween, October being National Cybersecurity Awareness Month, and 2019 drawing to an end, let’s take a look at the data privacy breaches giving compliance professionals a fright this year! ...more
In this month's edition of our Privacy & Cybersecurity Update, we examine five amendments to the California Consumer Privacy Act, the EU Court of Justice's rulings on the "Right to Be Forgotten" and what qualifies as a joint...more
While GDPR has been active as a regulation since May 2018, the first fines have just started to hit companies for data breaches. Announced by the ICO on July 8 2019, they intend to fine British Airways £183.39 million for...more
When prospective buyers conduct legal due diligence in merger and acquisition transactions the main focus is typically on the traditional items, such as financials, debt instruments, major contracts and other key metrics...more
On July 9, 2019, the UK Information Commissioner’s Office (ICO) publicly announced its intent to impose a £99M (approximately $123M) GDPR fine on Marriott as a result of its acquisition of Starwood and the subsequent...more
British Data Protection Authority Flexes GDPR Enforcement Muscles - No longer is the bark of sanctions for lax data protection practices worse than its bite. The Information Commissioner’s Office (ICO)—the United Kingdom's...more
Key Takeaways - - The proposed £183 million and £99.2 million fines against British Airways and Marriott, respectively, by the UK’s ICO emphasise: - The need for companies to maintain appropriate data protection practices...more
The ICO issued notices of intent to fine British Airways and Marriott. What happened? On 8 July 2019, the UK Information Commissioner’s Office (ICO) announced a notice of intent to fine British Airways £183.39 million (about...more
The U.K. Information Commissioner’s Office (ICO) announced headline grabbing proposed fines against British Airways and Marriott International, Inc. for alleged violations of the EU’s General Data Protection Regulation...more
As data are quickly becoming significant corporate assets, lawyers need to help companies both maximize the value of their data and protect the business against any associated risks. This is particularly true in M&A...more
Going Deep on the California Consumer Privacy Act - The California Consumer Privacy Act (CCPA) has been called the beginning of America’s GDPR. As the most comprehensive privacy law in the United States, entities doing...more