The New York State Department of Financial Services (NYDFS) has published proposed amendments to its Cybersecurity Requirements for Financial Services Companies (amendments). The amendments to the agency’s cybersecurity...more
On Oct. 24, the Federal Trade Commission (FTC) issued a proposed decision and order against Drizly LLC and its CEO regarding allegations that the company’s security failures led to a data breach exposing the personal...more
On Aug. 24, 2022, California Attorney General Rob Bonta (AG) announced the first public fine for failure to comply with the California Consumer Privacy Act (CCPA). Beauty products retailer Sephora Inc. agreed in a settlement...more
On July 20, 2022, the House Committee on Energy and Commerce advanced a new federal privacy bill titled the American Data Privacy and Protection Act (ADPPA) to the House floor. Although it is not yet law, many commentators...more
Join us for our Advertising Litigation Quarterly Highlights webinar series. Our Editorial Team will conduct a deep dive on key decisions of interest covered in our recent Advertising Litigation Reports....more
On May 10, 2022, Connecticut became the fifth state to enact a comprehensive privacy law to protect personal data, joining California, Virginia, Colorado and Utah. Although privacy and data security laws have existed in the...more
On March 9, the SEC, by a 3-1 vote, proposed new rules in its most far-reaching effort to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance and incident reporting by public...more
On March 15, 2022, President Joe Biden signed the Cyber Incident Reporting for Critical Infrastructure Act (the Act) into law as part of the $1.5 trillion fiscal 2022 omnibus spending package. The Act will create a mandatory...more
On Feb. 9, 2022, the Securities and Exchange Commission (SEC or Commission) proposed a suite of new rules and amendments concerning cybersecurity risk management for registered investment advisers (advisers) and registered...more
2/14/2022
/ Broker-Dealer ,
Comment Period ,
Cybersecurity ,
Form ADV ,
Investment Adviser ,
Investment Advisers Act of 1940 ,
New Rules ,
Popular ,
Proposed Rules ,
Public Comment ,
Recordkeeping Requirements ,
Registered Investment Advisors ,
Securities and Exchange Commission (SEC)
On Nov. 18, 2021, federal bank regulatory agencies approved a final rule requiring banking organizations to notify regulators of “any significant computer-security incident” as soon as possible and no later than 36 hours...more
On Oct. 6, 2021, Deputy Attorney General Lisa O. Monaco announced the creation of a Department of Justice (DOJ) Civil Cyber-Fraud Initiative (the Initiative). According to the announcement, the Initiative combines the DOJ’s...more
On Sept. 14, 2021, the Securities and Exchange Commission (SEC) entered a cease-and-desist order against App Annie Inc. and its co-founder and former CEO, Bertrand Schmitt, after agreeing to settle securities fraud claims....more
Demonstrating its continued focus on cybersecurity enforcement, the Securities and Exchange Commission (SEC) announced three new actions on Aug. 30 charging eight firms with maintaining deficient cybersecurity policies and...more
On June 25, the U.S. Supreme Court handed down a 5-4 decision in TransUnion v. Ramirez that clarified the injury-in-fact plaintiffs must show to have standing to assert statutory privacy rights in federal court. This follows...more
7/14/2021
/ Article III ,
Class Action ,
Class Members ,
Credit Reporting Agencies ,
Injury-in-Fact ,
SCOTUS ,
Separation of Powers ,
Spokeo v Robins ,
Standing ,
TransUnion ,
TransUnion LLC v Ramirez
On July 7, 2021, Colorado’s governor signed into law the Colorado Privacy Act (CPA), which follows similar privacy laws enacted in California and Virginia and is consistent with an expanding national trend. ...more
On June 4, the European Commission (EC) adopted two sets of standard contractual clauses (SCCs) for use between controllers and processers in the European Economic Area (EEA) and for the transfer of data between EEA and...more
6/17/2021
/ Cybersecurity ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
On June 7, the Department of Justice (DOJ) announced that it seized 63.7 of the 75 bitcoins paid by Colonial Pipeline to ransomware attackers last month. The recovered bitcoins were valued at $2.3 million at the time of...more
6/10/2021
/ Asset Seizure ,
Bitcoin ,
Cyber Attacks ,
Cybersecurity ,
Department of Justice (DOJ) ,
Enforcement Actions ,
FBI ,
Hackers ,
Infrastructure ,
Oil & Gas ,
Pipelines ,
Popular ,
Ransomware ,
Supply Chain
In response to increasing cybersecurity threats, including the SolarWinds and Colonial Pipeline attacks, President Biden issued an Executive Order on May 12, 2021, that enhances cybersecurity requirements for federal...more
Consistent with a growing national trend, Virginia joined California in recently passing consumer privacy legislation with broad national reach. Both the Virginia Consumer Data Protection Act ...more
4/8/2021
/ California Consumer Privacy Act (CCPA) ,
CDPA ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Personal Data ,
Personally Identifiable Information ,
Popular
Ransomware threats and attacks dominated the cyber news cycle in 2020 and into 2021. With the global pandemic and the uptick in remote work and learning, cybercriminals and nation-state hackers have seized on vulnerabilities...more
2/10/2021
/ Cryptocurrency ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Hackers ,
NYDFS ,
Office of Foreign Assets Control (OFAC) ,
Popular ,
Ransomware ,
Risk Management ,
Underwriting
The California Consumer Privacy Act (CCPA) created groundbreaking new rules for how businesses must handle California consumers’ personal data and spurred proposals for similar legislation across the country. ...more
11/12/2020
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Sellers ,
Data-Sharing ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Right to Delete ,
Right To Know ,
State and Local Government
Data privacy compliance emerged as a top-tier issue for businesses across the globe with the implementation of new laws with broad scope and sweeping coverage, including the EU’s General Data Protection Regulation (GDPR),...more
8/3/2020
/ Ballot Measures ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
State and Local Government