On March 9, 2022 the SEC proposed rule amendments that would require public companies to report detailed information about material cybersecurity incidents affecting their business and about their cybersecurity risk...more
At first glance, a first-in-the-country law recently enacted by New York City may seem fairly straightforward. But its brevity belies its potential impact on employers that recruit or promote within New York City. The law...more
2/3/2022
/ Artificial Intelligence ,
Automation Systems ,
Disclosure Requirements ,
Employer Liability Issues ,
Employment Policies ,
Equal Employment Opportunity Commission (EEOC) ,
Federal Employment Agencies ,
Hiring & Firing ,
Human Resources Professionals ,
Recruitment Policies ,
State Labor Laws
Organizations around the world face substantial and increasing cybersecurity-related threats to operations, reputation, and the bottom line. Cyber risk profiles are changing, particularly in light of the increase in agile...more
6/4/2021
/ Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Electronic Monitoring ,
Employee Monitoring ,
Information Management ,
Metadata ,
Risk Assessment ,
Risk Mitigation ,
Threat Management
On April 14, the Department of Labor’s Employee Benefits Security Administration (EBSA) issued its first cybersecurity-focused guidance related to benefit plans regulated by Employee Retirement Income Security Act (ERISA)....more
On February 4, the New York Department of Financial Services (NYDFS) released Insurance Circular Letter No. 2 (2021), a Cyber Insurance Risk Framework (Framework) for insurers that write cyber insurance....more
2/17/2021
/ Consumer Insurance Products ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Insurance ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Protection ,
Insurance Regulations ,
NYDFS ,
Popular ,
Risk Management ,
State and Local Government
The Court of Justice of the European Union today invalidated the EU-US Privacy Shield and called into question the extent to which EU data exporters could rely on the European Commission’s Standard Contractual Clauses for...more
On 10 July 2019, the Office of the U.S. Trade Representative (USTR) initiated an investigation pursuant to Section 301 of the Trade Act of 1974 into France’s Digital Services Tax (DST) to determine whether the tax is...more
8/20/2019
/ Digital Services Tax ,
Discrimination ,
E-Commerce ,
e-Services ,
France ,
Internet ,
Regulatory Burden ,
Section 301 ,
Stream of Commerce ,
Trade Act of 1974 ,
USTR ,
Websites
On 10 July 2019 the Office of the U.S. Trade Representative (USTR) initiated an investigation pursuant to Section 301 of the Trade Act of 1974 into France's digital services tax to determine whether the tax is discriminatory...more
While eyes focus on the privacy legislative debate now underway in the United States, the development of a new Privacy Framework by the influential National Institute of Standards and Technology (“NIST”) is also worthy of...more
The California Department of Justice has announced a March 8, 2019 deadline for submitting written pre-rulemaking comments on the California Consumer Privacy Act (CCPA). The March 8 deadline is an extension from the...more
The National Science Foundation is seeking public comment on US policy for artificial intelligence, according to the Federal Register Notice of Request for Information (RFI) filed in September 26, 2018. ...more
Words matter. Nowhere is this truer than in legislation, where word choices—often the product of long debate and imperfect compromise—determine the scope and impact of a law. ...more
9/14/2018
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cooperative Compliance Regime ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Digital Service Providers ,
Non-Discrimination Rules ,
Personally Identifiable Information ,
Privacy Laws ,
State and Local Government ,
Third-Party
Groundbreaking. Watershed. Unprecedented. -
We have heard the California Consumer Privacy Act of 2018 (CCPA) called all these things and more since its enactment on June 28, ?2018. Our experience to date has confirmed the...more
9/13/2018
/ California Consumer Privacy Act (CCPA) ,
Clinical Trials ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Use Policies ,
DPPA ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HITECH Act ,
Penalties ,
Personal Data ,
Personally Identifiable Information ,
Preemption ,
Privacy Laws ,
Private Right of Action
A data lake is an infrastructure that permits different data sets from within a group to be combined and analysed together.
To analyse a data lake under GDPR, it is helpful to think of a data lake in two phases, which we...more
8/9/2018
/ Data Collection ,
Data Controller ,
Data Management ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular ,
Privacy Policy ,
Risk Mitigation
“Getting to Data Nirvana” is our four-step approach to help you integrate your legal, regulatory and compliance work streams into your organisation’s overall data strategy.
...more
7/31/2018
/ Compliance ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Personally Identifiable Information ,
Policies and Procedures ,
Regulatory Requirements ,
Risk Management
On June 28, 2018, California’s governor signed Assembly Bill 375, a groundbreaking new data privacy law that some are calling the United States’ answer to the European Union’s General Data Protection Regulation (GDPR). ...more
“Getting to Data Nirvana” is our four-step approach to help you integrate your legal, regulatory and compliance work streams into your organisation’s overall data strategy.
...more
“Getting to Data Nirvana” is our four-step approach to help you integrate your legal, regulatory and compliance work streams into your organisation’s overall data strategy.
The job of the legal and compliance teams is to...more
6/11/2018
/ Competition ,
Data Privacy ,
Information Governance ,
Intellectual Property Protection ,
Litigation Strategies ,
Ownership Rules ,
Personal Data ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Management ,
Strict Compliance
Virtually all industries are being reshaped with the use of Artificial Intelligence and advanced machine-learning.
Everything from healthtech to self-driving vehicles, to education and smart homes, drones and space, social...more
4/4/2018
/ Antitrust Provisions ,
Artificial Intelligence ,
Asia Pacific ,
Connected Cars ,
Connected Items ,
Drones ,
Ethics ,
Export Controls ,
FinTech ,
Intellectual Property Protection ,
Life Sciences ,
Outer Space ,
Popular ,
Regulatory Oversight ,
Robotics ,
Satellites ,
Smart Devices ,
Unmanned Aircraft Systems
Prompted by concern over the increase in the risks and frequency of data breach incidents and other cyber-attacks affecting public companies, the Securities and Exchange Commission recently published interpretive guidance to...more
3/6/2018
/ Cyber Threats ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Financial Statements ,
Insider Trading ,
Interpretive Rule ,
Non-Public Information ,
Publicly-Traded Companies ,
Regulation FD ,
Regulation S-K ,
Risk Management ,
Securities and Exchange Commission (SEC)
It’s been almost a year since the New York State Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) came into effect. Since that time, a series of key dates have marked the implementation of...more
2/28/2018
/ Banking Sector ,
Chief Information Security Officer (CISO) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Information Technology ,
Insurance Industry ,
NYDFS ,
Popular ,
Risk Assessment ,
Risk Management ,
Vulnerability Assessments
Whether malicious or inadvertent, workforce actions cause or contribute to a high percentage of the cyber attacks experienced by organizations. Protecting against such "insider" cyber risk can be challenging, especially given...more
As a follow-up to our previous reports (December 30, 2016 Alert; February 24, 2017 Alert) regarding the cybersecurity regulations issued by the New York State Department of Financial Services (NYDFS), we would like to remind...more
8/10/2017
/ Banking Sector ,
Chief Information Security Officer (CISO) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Information Technology ,
Insurance Industry ,
NYDFS ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
Third-Party Service Provider
Earlier this year, the National Association of Corporate Directors (NACD) released an updated version of its Director’s Handbook on Cyber-Risk Oversight (Handbook). The updates add 16 pages of content to the previously...more
7/19/2017
/ Board of Directors ,
Corporate Counsel ,
Corporate Governance ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Handbooks ,
Information Technology ,
National Association of Corporate Directors (NACD) ,
Risk Management
Malware was recently identified that appears to have been designed and deployed by a nation-state to target and shut down electric grids.
According to published reports, this malware currently appears to be capable of...more