X Agrees to Stop Processing EU Data to Train its Grok AI -
Ireland’s Data Protection Commission (“DPC”) recently filed an urgent High Court application against X (formerly Twitter) for using the personal data of European...more
9/13/2024
/ Artificial Intelligence ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Data Security ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
Fines ,
Ireland ,
Liability ,
Personal Data ,
Sensitive Personal Information ,
Twitter ,
Uber
U.S. Court Axes Most of SEC's SolarWinds Data Breach Suit -
The U.S. District Court for the Southern District of New York recently dismissed much of the U.S. Securities and Exchange Commission’s (“SEC”) suit against...more
8/2/2024
/ Artificial Intelligence ,
Audits ,
Automated Decision Systems (ADS) ,
COPPA ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Dismissals ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Instant Messaging Apps ,
Misleading Statements ,
Regulation Technical Standards (RTS) ,
Risk Assessment ,
ROSCA ,
Securities and Exchange Commission (SEC) ,
Settlement ,
SolarWinds
SEC Fines the New York Stock Exchange’s Parent Company $10 million for Failure to Promptly Notify Its Subsidiaries of Cybersecurity Breach -
On May 22, 2024, the Securities and Exchange Commission (“SEC”) imposed a $10...more
6/14/2024
/ Annual Reports ,
Artificial Intelligence ,
Breach Notification Rule ,
Colorado ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Information Commissioner's Office (ICO) ,
Machine Learning ,
New Legislation ,
NYSE ,
Popular ,
Securities and Exchange Commission (SEC) ,
UK
April 2024 On April 4, 2024, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (“CISA”) published a 447-page Notice of Proposed Rulemaking (“Proposed Rules”) in accordance with the...more
4/19/2024
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Government Agencies ,
Machine Learning ,
OMB ,
Online Safety for Children ,
Privacy Laws ,
Proposed Rules ,
Reporting Requirements ,
UK ,
Voluntary Compliance
FTC Proposes New Protections to Guard Against AI Impersonations of Individuals -
Amidst growing concerns that emerging technology—including AI-generated deepfakes—threaten to increase the prevalence of impersonation fraud,...more
3/1/2024
/ Anti-Terrorism Financing ,
Artificial Intelligence ,
Cybersecurity ,
Deep Fake ,
EU ,
European Convention on Human Rights ,
Federal Trade Commission (FTC) ,
Human Rights ,
Russia ,
Securities and Exchange Commission (SEC) ,
Terms of Service
FTC Announces Proposed Settlement with Software Provider to Settle Allegations that its Inadequate Security Safeguards Led to Cyberattack -
On February 1, 2024, the Federal Trade Commission (“FTC”) announced a proposed...more
The Biden Administration Issues Executive Order on Artificial Intelligence -
On October 30, 2023, President Biden signed an Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence (the “Order”)...more
11/17/2023
/ Artificial Intelligence ,
Biden Administration ,
Chief Information Security Officer (CISO) ,
Cyber Crimes ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Executive Orders ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
NYDFS ,
Ransomware ,
Regulatory Agenda ,
Securities and Exchange Commission (SEC) ,
SolarWinds
The SEC adopted new rules requiring public companies to (i) disclose material cybersecurity incidents on Form 8-K within four business days of determining that an incident is material, and (ii) periodically disclose their...more
8/8/2023
/ Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Form 10-K ,
Form 8-K ,
Investment Company Act of 1940 ,
Popular ,
Proposed Rules ,
Publicly-Traded Companies ,
Regulation S-K ,
Risk Management ,
Securities and Exchange Commission (SEC)
SEC Finalizes Cybersecurity Disclosure Rules for Public Companies -
On July 26, 2023, the Securities and Exchange Commission (“SEC”) voted to adopt new rules requiring public companies to make certain disclosures...more
8/4/2023
/ California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Enforcement ,
Federal Trade Commission (FTC) ,
Final Rules ,
Foreign Private Issuers ,
Form 8-K ,
Hospitals ,
Investment Company Act of 1940 ,
Mobile Apps ,
Securities and Exchange Commission (SEC) ,
Telehealth ,
Tracking Systems ,
Websites
At an open meeting on March 15, 2023, the U.S. Securities and Exchange Commission voted three to two to propose a new rule, form and amendments (together, “Proposed Rule”) and published an accompanying release (“Release”)...more
5/11/2023
/ Cybersecurity ,
Disclosure Requirements ,
Incident Response Plans ,
MSBSPs ,
New Rules ,
Policies and Procedures ,
Popular ,
Recordkeeping Requirements ,
Risk Assessment ,
Risk Management ,
SBSD ,
Securities and Exchange Commission (SEC)
Proposed EU-US Data Transfer Agreement Continues to Face Obstacles in Parliament -
As we reported in Issue 29 of Cyber Bits, the European Parliament Committee on Civil Liberties, Justice and Home Affairs (the “EP...more
4/28/2023
/ Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
EU-US Privacy Shield ,
European Commission ,
European Parliament ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
International Data Transfers
At an open meeting on March 15, 2023, the U.S. Securities and Exchange Commission voted unanimously to propose rule amendments to Regulation S-P (Proposed Rule) and published an accompanying release (Release). The Proposed...more
4/18/2023
/ Cybersecurity ,
Data Breach ,
Financial Institutions ,
Fixing America’s Surface Transportation Act (FAST Act) ,
Gramm-Leach-Blilely Act ,
Investment Adviser ,
Investment Company Act of 1940 ,
Personal Information ,
Popular ,
Proposed Amendments ,
Recordkeeping Requirements ,
Regulation S-P ,
Risk Management ,
Safeguards Rule ,
Securities and Exchange Commission (SEC)
FBI Seizes Hive Ransomware Servers—Blocks US$130 Million in Demanded Ransoms -
On January 26, Attorney General Merrick Garland announced that the Department of Justice dismantled the “Hive” ransomware group, which had...more
2/3/2023
/ Biden Administration ,
Big Tech ,
California Consumer Privacy Act (CCPA) ,
Cookie Banners ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Protection ,
Department of Justice (DOJ) ,
Enforcement Actions ,
EU ,
European Data Protection Board (EDPB) ,
Extortion ,
FBI ,
Investigations ,
New Legislation ,
New Regulations ,
Popular ,
Privacy Laws ,
Ransomware
SEC Division of Examinations Issues Risk Alert on Regulation S-ID and Identity Theft Prevention Programs -
On December 5, 2022, the Securities and Exchange Commission (“SEC”) Division of Examinations (“EXAMS”) issued a...more
12/16/2022
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
American Civil Liberties Union (ACLU) ,
Artificial Intelligence ,
Broker-Dealer ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Transfers ,
EDPS ,
EU ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Investment Adviser ,
Minors ,
Online Safety for Children ,
Personal Data ,
Policies and Procedures ,
Proposed Legislation ,
Regulation S-ID ,
Risk Alert ,
Securities and Exchange Commission (SEC) ,
SolarWinds
SEC Chair Gensler Indicates Commission is Looking to Update SEC’s Regulation S-P -
On September 28, 2022, Securities and Exchange Commission (“SEC” or the “Commission”) Chairman Gary Gensler appeared via video at the...more
10/14/2022
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Algorithms ,
Anti-Discrimination Policies ,
Artificial Intelligence ,
Biden Administration ,
Broker-Dealer ,
Cloud Service Providers (CSPs) ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
Foreign Trade Regulations ,
Gramm-Leach-Blilely Act ,
Hackers ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Investment Adviser ,
Investment Companies ,
Privacy Framework ,
Regulation S-P ,
Request For Information ,
Right of Access ,
Securities and Exchange Commission (SEC) ,
Subject Access Request (SAR) ,
Title V ,
U.S. Commerce Department ,
Uber ,
UK ,
UK GDPR
Pelosi Statement Dims the Lights on ADPPA -
The prospects for the nation’s first comprehensive data privacy law, the American Data Privacy and Protection Act (the “ADPPA” or the “Bill”), dimmed after House Speaker Nancy...more
9/16/2022
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Algorithms ,
Anti-Discrimination Policies ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CNIL ,
Compliance ,
Cryptography ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Homeland Security (DHS) ,
Enforcement ,
EU ,
European Data Protection Board (EDPB) ,
Federal Data Privacy ,
Federal Trade Commission (FTC) ,
Fines ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
NIST ,
Opt-Outs ,
Personal Information ,
Proposed Legislation ,
Settlement ,
Surveillance ,
Third-Party ,
Trade Associations
Federal Privacy Bill (ADPPA) is Sent to the House Floor but Obstacles to its Passage Remain -
On July 20, 2022, the House Committee on Energy and Commerce (“the Committee”) voted 53-2 in favor of advancing The American Data...more
8/5/2022
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Department of Homeland Security (DHS) ,
FCC ,
Geolocation ,
Popular ,
Proposed Legislation ,
Regulatory Agenda ,
Regulatory Reform ,
T-Mobile ,
Vulnerability Assessments
Less than two months after the California Privacy Protection Agency (“CPPA” or “Agency”) formally took over rulemaking for the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act...more
6/8/2022
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Policy Drafting ,
Popular ,
Regulatory Agenda
WARNING: U.S. Federal Government Continues to Warn the Private Sector to Prepare Itself for Russian Cyberattacks -
The White House, the Cybersecurity and Infrastructure Security Agency (“CISA”), and other federal agencies...more
4/8/2022
/ Consumer Privacy Rights ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Personal Data ,
Popular ,
Social Media ,
State Privacy Laws
The U.S. and many other nations recently imposed unprecedented sanctions on Russia in response to Russia’s military action in Ukraine. More details about some of these sanctions can be found in Dechert’s related OnPoint...more
3/11/2022
/ Artificial Intelligence ,
Biometric Information ,
Cyber Attacks ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
European Data Protection Board (EDPB) ,
FBI ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Personal Data ,
Popular ,
Regulatory Reform ,
Russia ,
Ukraine ,
vuln
California Privacy Protection Agency Indicates Delay for Final CPRA Regulations The California Privacy Protection Agency (“Agency”) was established by the California Privacy Rights Act of 2020 (“CPRA”)....more
2/28/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Enforcement Priorities ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Agenda ,
State Attorneys General
At an open meeting on February 9, 2022, the Securities and Exchange Commission voted three-to-one to propose new and amended rules regarding cybersecurity risk management, cyber incident reporting and cyber risk disclosure...more
FTC Announces Regulatory Priorities for 2022 -
On December 10, 2021, the Federal Trade Commission (“FTC”) published its Statement of Regulatory Priorities (“Announcement”) for 2022. The FTC’s priorities for the coming year...more
1/14/2022
/ Breach Notification Rule ,
COPPA ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
Gramm-Leach-Blilely Act ,
Hackers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Identity Theft ,
Location Data ,
Popular ,
Ransomware ,
Regulatory Violations ,
Threat Management ,
Vulnerability Assessments
EDPB Issues Draft Guidance on International Data Transfers -
On November 18, 2021, the European Data Protection Board (“EDPB”) published draft guidance on the interaction between the GDPR’s transfer provisions set out in...more
12/10/2021
/ Cyber Attacks ,
Cybersecurity ,
Data Management ,
Data Protection ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Regulatory Requirements ,
Standard Contractual Clauses
We are delighted to welcome you to the second issue of Dechert Cyber Bits, brought to you by members of our top-ranked, global Privacy & Cybersecurity practice. This second issue of Cyber Bits discusses key developments from...more
11/5/2021
/ Artificial Intelligence ,
Biometric Information ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Federal Trade Commission (FTC) ,
Gramm-Leach-Blilely Act ,
Notification Requirements ,
Popular ,
Ransomware ,
Risk Management