Selected Developments in U.S. Law - Fifth Circuit Decision Raises Cyber Enforcement Complications for the U.S. Department of Health and Human Services As the Biden Administration begins detailing its regulatory and...more
2/18/2021
/ Attorney-Client Privilege ,
Biden Administration ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Ransomware ,
Reporting Requirements ,
Risk Management ,
State Privacy Laws ,
Work-Product Doctrine
Cybersecurity incidents—including second wave attacks—are on the rise. Our Privacy, Cyber & Data Strategy Team outlines seven tips for managing a cybersecurity incident—and recovering with strength....more
On December 18, 2020, federal financial regulatory agencies jointly announced a proposed rule that would impose new and expanded reporting requirements on supervised banking organizations that experience a “computer-security...more
On Sunday, December 13, 2020, SolarWinds announced that it had learned of a “highly sophisticated, manual supply chain attack” by a nation state affecting its Orion Platform, which is used by a wide variety of public and...more
When it comes to data breach notification laws, differences between the patchwork of U.S. state laws and the EU’s General Data Protection Regulation can impact the focus of and approach to an investigation. Our Privacy & Data...more
Selected Developments in U.S. Law - Alston & Bird Analyzes New California Privacy Rights Act - California voters approved a ballot initiative containing the California Privacy Rights Act of 2020. ...more
11/20/2020
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Justice (DOJ) ,
FinCEN ,
Hackers ,
International Data Transfers ,
Malware ,
Personal Information ,
Ransomware ,
Schrems I & Schrems II
On October 13, 2020, state financial regulators in partnership with the Bankers Electronic Crimes Taskforce and the U.S. Secret Service, released the Ransomware Self-Assessment Tool (R-SAT) to help financial institutions...more
Selected Developments in U.S. Law - SEC Creates Event and Emerging Risk Examination Team - Following the Office of Compliance Inspections and Examinations’ (OCIE) recent and detailed risk alert on the threat of ransomware,...more
8/14/2020
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Protection ,
Data Transfers ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
OCIE ,
Popular ,
Ransomware ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
UK
Businesses are facing long-term cybersecurity challenges as COVID-19 cases spike and remote work environments need to remain operational, scalable, and capable of flexing with cycles of coronavirus resurgence. Our...more
On Tuesday, July 21, 2020, the New York Department of Financial Services (the “NYDFS”) brought its first enforcement action under its Cybersecurity Regulation (the “Regulation”) against a large title insurer (the “Company”)...more
The UK National Cyber Security Centre and Canada’s Communications Security Establishment released an advisory linking APT29 (also known as, ‘the Dukes’ or ‘Cozy Bear’) to attacks against COVID-19 vaccine development in...more
Selected Developments in U.S. Law - Japan’s Personal Information Protection Committee Releases Guidance on Contact Tracing Mobile Apps to Combat COVID-19 - On May 1, the Personal Information Protection Committee in Japan...more
Our Cybersecurity Preparedness & Response Team discusses the current COVID-19 threat landscape, focusing on four major categories of threats and highlighting practical steps companies can take in response....more
Governments are increasingly seeking to leverage consumer geolocation data collected by industry as a tool to assist with fighting the spread of COVID-19....more
Businesses large and small are encouraging (or requiring) employees to work remotely or cancel work travel as part of the response to COVID-19. ...more
There’s more than a virus in the air – there’s malware and spyware too. Our Health Care and Cybersecurity Preparedness & Response Groups team up to list proactive steps HIPAA covered entities and business associates can take...more
Selected Developments in U.S. Law -
NIST Publishes Privacy Framework Version 1.0 -
On January 16, 2020, the National Institute of Standards and Technology (NIST) published Version 1.0 of its Privacy Framework: A Tool for...more
After Friday’s announcement of the killing of Major General Qassem Soleimani, a leader of Iran’s Quds Force, several regulators have put industry on high alert of the increased potential for cyber-attack. ...more
Our Cybersecurity Preparedness & Response Team breaks down the ways in-house counsel can demonstrate compliance with the California Consumer Privacy Act to regulators and business partners....more
Some of the most highly publicized and scrutinized data breaches involve the theft of payment card data. In recent years, the payment card industry has implemented new technologies, most visibly EMV, in an effort to stem the...more
Payments Developments in 2018 and Outlook for 2019 -
The cost of accepting payments is one of the most significant expenses faced by most retailers, and managing those costs is an ongoing struggle. The year 2018 saw...more
2/11/2019
/ Arbitration ,
Cannabidiol (CBD) oil ,
Counterfeiting ,
Credit Card Surcharges ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Debit and Credit Card Transactions ,
Farm Bill ,
Gift-Cards ,
Minimum Wage ,
Popular ,
Retailers ,
Tip-Pooling ,
Unclaimed Property ,
Wage and Hour ,
Work Schedules
Take a journey around the world as our Cybersecurity & Preparedness Response Team reviews how the United States responded to state-sponsored cyberattacks and offers 10 lessons the private sector can use to strengthen their...more
In a landmark Fourth Amendment case, the U.S. Supreme Court ruled that digital is different. A cross-practice team from our National Security & Digital Crimes and Cybersecurity Preparedness & Response teams parse the narrow...more
7/27/2018
/ Carpenter v US ,
Cell Phones ,
Cell Site Location Information (CSLI) ,
Criminal Convictions ,
Electronic Records ,
Electronically Stored Information ,
Exigent Circumstances ,
Fourth Amendment ,
Geolocation ,
Location Data ,
Probable Cause ,
Reasonable Expectation of Privacy ,
Remand ,
Reversal ,
SCOTUS ,
Third-Party ,
Warrantless Searches
Investment advisers and broker-dealers can expect more scrutiny of their data security from the Securities and Exchange Commission. Our Cybersecurity Preparedness & Response and Investment Management, Trading & Markets teams...more
As of June 1, 2017, China’s new Cybersecurity Law came into force. The Cybersecurity Law has broad implications for any company that does business in the country as the Chinese government has asserted even greater control...more