The proposed Digital Services Act will require online services (including social media platforms, search engines, and marketplaces) to implement policies and procedures aimed at increasing transparency and combatting illegal...more
5/6/2022
/ Anti-Competitive ,
Competition ,
Compliance ,
Compliance Dates ,
Digital Media ,
Digital Services ,
EU ,
European Parliament ,
Internet Retailers ,
Member State ,
Monopolization ,
Online Marketplace ,
Online Platforms ,
Pending Legislation ,
Social Media ,
Transparency
Entities facing significant legal risk, no matter the circumstances, if they make ransom payments to attackers connected to, or originating from Russia.
As the Russian invasion of Ukraine continues, the U.S. government...more
4/27/2022
/ Cyber Attacks ,
Cyber Crimes ,
Economic Sanctions ,
FinCEN ,
Foreign Relations ,
Office of Foreign Assets Control (OFAC) ,
Ransomware ,
Risk Assessment ,
Risk Mitigation ,
Russia ,
Ukraine
The Executive Order calls for exploring a U.S. Central Bank Digital Currency and regulatory measures that protect consumers, businesses, and global financial stability.
On March 9, 2022, President Biden signed a sweeping...more
While the announcement is short on details, once in place, U.S.-based. entities will be able to use the new agreement to comply with the GDPR’s cross-border data transfer requirements.
On March 25, the U.S. and E.U....more
4/6/2022
/ Biden Administration ,
Court of Justice of the European Union (CJEU) ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Intergovernmental Agreements ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The new law will require critical infrastructure entities to report certain covered cybersecurity incidents to government agencies within 72 hours; ransomware payments within 24 hours.
On March 15, President Biden signed...more
The amended law comes into effect in April and covers new categories of personal information, including personal-related information and sensitive personal information.
In June 2021, Japan enacted an amendment to its privacy...more
The new mechanisms, which are likely to pass Parliament, will become effective on March 21, 2022 and will require businesses and organizations to review existing and new contracts.
The Information Commissioner’s Office...more
Beginning in January 2023, three new state privacy laws (and their applicable regulations) come into effect. They largely follow in the footsteps of the California Consumer Privacy Act that took effect in 2018. The new laws...more
Beginning in January 2023, three new state privacy laws (and their applicable regulations) come into effect. Additionally, several other countries have taken steps to implement or shore up their own privacy and data...more
More, possibly similar decisions are expected in the coming months, throwing cross-Atlantic data transfers and trade into doubt as diplomats seek a Privacy Shield replacement.
In late December, the Austrian Data...more
2/3/2022
/ Analytics ,
Austria ,
Binding Corporate Rules ,
Cookies ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
FISA ,
General Data Protection Regulation (GDPR) ,
Google ,
International Data Transfers ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The brief FTC note indicates the agency will look to combat poor security practices, protect against the misuse of personal information, and discrimination arising from algorithmic decision-making.
Last month, the...more
1/21/2022
/ Algorithms ,
Congressional Committees ,
Consent ,
Data Security ,
Federal Trade Commission (FTC) ,
Personal Data ,
Personal Information ,
Privacy Concerns ,
Proposed Rules ,
Rulemaking Process ,
Unfair or Deceptive Trade Practices
Banking organizations must notify the appropriate agency within 36 hours of certain computer-security incidents; and banking service providers must notify affected banking organizations as soon as possible in the event of an...more
12/22/2021
/ Banking Sector ,
CFTC ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
FDIC ,
Federal Reserve ,
Financial Services Industry ,
Notice Requirements ,
OCC ,
Popular ,
Securities and Exchange Commission (SEC)
Investors filed a derivative suit claiming that the company knew about, and failed to mitigate known, existing cybersecurity risks and shortfalls prior to the security breach.
In early November, pension funds and...more
12/7/2021
/ Board of Directors ,
Breach of Duty ,
Cybersecurity ,
Data Breach ,
Derivative Suit ,
Duty of Care ,
Duty of Loyalty ,
False Claims Act (FCA) ,
Federal Contractors ,
Fiduciary Duty ,
Good Faith ,
Home Depot ,
Institutional Investors ,
Marriott ,
Material Misstatements ,
Pension Funds ,
Popular ,
Security Breach ,
Shareholder Litigation ,
Shareholders ,
SolarWinds ,
Yahoo!
As drafted the new measures specify security assessment and contract requirements but leave ample room for Chinese authorities to heavily restrict cross-border data transfers.
At the end of October, China’s top privacy...more
The updated rule also includes new exemptions, expands the definition of “financial institution,” and creates new accountability requirements.
On October 27th the Federal Trade Commission (“FTC”) adopted and published...more
11/11/2021
/ Customer Information ,
Cybersecurity ,
Data Security ,
Equifax ,
Exemptions ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Personally Identifiable Information ,
Regulatory Requirements ,
Safeguards Rule