New York is the first state to establish a department within a financial regulatory agency that is tasked with protecting consumers and financial markets against cyber threats.
On May 22, 2019, the New York Department of...more
6/5/2019
/ Banking Sector ,
Cryptocurrency ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Digital Currency ,
Financial Institutions ,
Financial Regulatory Agencies ,
Financial Services Industry ,
NYDFS ,
Popular ,
Risk Management
The Situation: In the wake of the Equifax data breach, Massachusetts has amended its data breach law.
The Result: Companies reporting security breaches under the amended data breach law must provide additional information...more
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
NIST Releases Internal Report Regarding IoT Cybersecurity -
In September, the National Institute of Standards and Technology ("NIST") released a draft...more
12/26/2018
/ Civil Monetary Penalty ,
CNIL ,
Consumer Reporting Agencies ,
COPPA ,
Critical Infrastructure Sectors ,
Cross-Border ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Protection ,
Department of Defense (DOD) ,
Disclosure Requirements ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hobbs Act ,
Internal Audit Functions ,
International Data Transfers ,
Internet of Things ,
NIST ,
Popular ,
Power Grid ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act
The Situation: The European Union's General Data Protection Regulation ("GDPR") has raised questions regarding the scope of coverage and protection afforded by current cyber policies, especially with respect to potential GDPR...more
On the heels of the European Union's General Data Protection law, which went into effect in May 2018, California has enacted the California Consumer Privacy Act ("CCPA")—the result of an 11th-hour compromise between...more
10/24/2018
/ Argentina ,
Asia ,
Australia ,
Belgium ,
Brazil ,
California Consumer Privacy Act (CCPA) ,
Canada ,
Chile ,
China ,
Colombia ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection ,
EU ,
Federal Trade Commission (FTC) ,
France ,
General Data Protection Regulation (GDPR) ,
Germany ,
Hong Kong ,
IRS ,
Italy ,
Japan ,
Mexico ,
Netherlands ,
NIST ,
Paraguay ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Singapore ,
Spain ,
TCPA ,
UK
The Situation: Spain approved emergency legislation regarding data protection that mainly focuses on regulating inspection and sanctioning procedures.
The Purpose: The purpose of this legislation is to allow for the correct...more
9/11/2018
/ Cross-Border ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
New Legislation ,
Parliamentary Procedure ,
Popular ,
Spain
The Development: Brazilian President Michel Temer enacted the Brazilian General Data Protection Law on August 14, 2018.
The Purpose: The newly enacted General Data Protection Law is intended to regulate the treatment of...more
The Situation: Even before the General Data Protection Regulation ("GDPR") became effective on May 25, there has been a noticeable trend in the enforcement of security obligations through increased sanctions.
The...more
7/6/2018
/ CNIL ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
E-Commerce ,
France ,
General Data Protection Regulation (GDPR) ,
Popular
The Situation: Latin American governments, business leaders, and legal advisors continue to address privacy and cybersecurity concerns.
The Result: The development and implementation of privacy-focused regulations is a...more
6/25/2018
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
EU ,
Financial Institutions ,
FinTech ,
General Data Protection Regulation (GDPR) ,
Latin America ,
Mexico ,
New Legislation ,
Popular ,
Technology Sector
JONES DAY CYBERSECURITY, PRIVACY & DATA PROTECTION ATTORNEY SPOTLIGHT: Richard Martinez -
Europe's new General Data Protection Regulation ("GDPR") is driving an evolution in corporate privacy practices globally. As...more
6/25/2018
/ Article 29 Working Party (WP29) ,
Australia ,
Canada ,
China ,
Cybersecurity ,
Data Breach ,
Data Protection Officers (DPOs) ,
Department of Defense (DOD) ,
Department of Health and Human Services (HHS) ,
Department of Homeland Security (DHS) ,
Enforcement Actions ,
ENISA ,
EU ,
EU Data Protection Laws ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hong Kong ,
Infrastructure ,
IRS ,
Japan ,
Latin America ,
Mexico ,
National Security ,
NIST ,
Personally Identifiable Information ,
Popular ,
Regulatory Oversight ,
Singapore ,
South America ,
State Data Breach Notification Statutes
On June 12, 2018, Vietnam's National Assembly passed the contentious Law on Cybersecurity ("Law"), which will go into effect on January 1, 2019. The Law has hallmarks similar to China's Cybersecurity Law that took effect in...more
On June 12, 2018, the U.S. Department of Justice announced the internationally coordinated arrests of 74 individuals involved in a series of multimillion-dollar business email compromise schemes ("BEC"). Although these...more
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
United States and China Renew Promise Not to Hack -
On October 4, U.S. and Chinese officials agreed to not engage in targeted hacking. Per a...more
11/21/2017
/ Acquisitions ,
Argentina ,
Article 29 Working Party (WP29) ,
Australia ,
Belgium ,
Biometric Information Privacy Act ,
Blockchain ,
Canada ,
CCTV ,
Chile ,
China ,
CNIL ,
Connected Cars ,
COPPA ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Department of Defense (DOD) ,
Department of Health and Human Services (HHS) ,
Driverless Cars ,
EDPS ,
ENISA ,
Equifax ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
France ,
General Data Protection Regulation (GDPR) ,
Germany ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Initial Coin Offering (ICOs) ,
International Data Transfers ,
Italy ,
Mexico ,
Mobile Apps ,
National Security ,
Netherlands ,
NIST ,
Online Advertisements ,
People's Bank of China ,
Personally Identifiable Information ,
Popular ,
Public Safety ,
Retail Investors ,
Search Engines ,
Securities and Exchange Commission (SEC) ,
Social Media ,
Spain ,
Stored Communications Act ,
TCPA ,
UK ,
Websites
The Situation: Earlier this year, the People's Republic of China enacted its Cybersecurity Law, which granted authorities broad, explicit powers to monitor and investigate activities falling under its purview, along with the...more
10/16/2017
/ Cease and Desist ,
China ,
Cloud Service Providers (CSPs) ,
Corporate Counsel ,
Corrective Actions ,
Cybersecurity ,
Enforcement Actions ,
Hackers ,
Internet Service Providers (ISPs) ,
Personally Identifiable Information ,
Popular ,
Security Risk Assessments ,
Websites
For entities regulated by the New York Department of Financial Services, the deadline for complying with the new Cybersecurity Requirements for Financial Services Companies, 23 NYCRR Part 500, is Monday, August 28, 2017. To...more
New York Attorney General Announces Record Number of Data Breach Notices in 2016 -
On March 21, 2017, the New York Attorney General's Office announced that it received 1,300 reported data breaches in 2016—a 60 percent...more
6/5/2017
/ Advertising ,
Argentina ,
Australia ,
Chile ,
CNIL ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
De-Identification ,
Department of Defense (DOD) ,
Department of Health and Human Services (HHS) ,
DNA ,
DPA ,
e-Privacy Directive ,
EDPS ,
Encryption ,
Enforcement Actions ,
ENISA ,
EU ,
FACTA ,
FCC ,
Federal Aviation Administration (FAA) ,
Federal Trade Commission (FTC) ,
France ,
Fraud ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hong Kong ,
Information Commissioner's Office (ICO) ,
Information Sharing ,
Israel ,
Italy ,
Japan ,
Medical Records ,
Metadata ,
Mexico ,
National Security ,
Netherlands ,
NIST ,
Online Safety for Children ,
Patient Privacy Rights ,
Payroll Records ,
Personal Data ,
Personal Data Privacy Comission (PDPC) ,
Personally Identifiable Information ,
Popular ,
Privacy Policy ,
Repeal ,
Robocalling ,
Securities and Exchange Commission (SEC) ,
Singapore ,
Social Media ,
Spain ,
SWIFT ,
Telecommunications ,
Transparency ,
UK ,
Unmanned Aircraft Systems ,
USTR ,
XBRL Filing Requirements
China's new Cybersecurity Law ("new Law") is set to come into effect on June 1, 2017, and introduces sweeping provisions that may have a significant impact on companies doing business in and with China. To provide guidance on...more
5/10/2017
/ China ,
Corporate Counsel ,
Critical Infrastructure Sectors ,
Cross-Border Transactions ,
Cybersecurity ,
Data Localization Law ,
Data Privacy ,
Data Security ,
International Data Transfers ,
Internet ,
Minors ,
Multinationals ,
New Rules ,
Personally Identifiable Information ,
Popular ,
Verification Requirements ,
Young Lawyers
Australia's Data Breach Bill amends the Privacy Act 1988 (Cth) ("Privacy Act") and requires private and public organisations regulated by the Privacy Act to notify affected individuals and the Australian Information...more
3/27/2017
/ Australia ,
Banks ,
Breach Notification Rule ,
Credit Cards ,
Data Breach ,
Federal Breach Notification Standard ,
Government Agencies ,
Notification Requirements ,
Office of Australian Information Commissioner (OAIC) ,
Penalties ,
Personally Identifiable Information ,
Popular ,
Privacy Acts ,
Privacy Laws ,
Private Sector
On March 15, 2017, New Mexico's Senate passed H.B. 15, which would create the state's first data breach notification law. New Mexico is currently one of only three states (including Alabama and South Dakota) without a data...more
On December 28, 2016, the New York Department of Financial Services ("DFS") released a revised version of a proposed regulation that would require banks, insurance companies, and other financial services institutions...more
3/15/2017
/ Actual Injuries ,
Advertising ,
Argentina ,
Australia ,
Banks ,
Belgium ,
Big Data ,
Canada ,
China ,
Class Action ,
Colombia ,
Connected Items ,
Consumer Protection Act ,
Controlled Unclassified Information (CUI) ,
Credit Cards ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Protection ,
Data Protection Authority ,
Data Security ,
Databases ,
Department of Homeland Security (DHS) ,
Department of Transportation (DOT) ,
Email Policies ,
ENISA ,
EU ,
EU Data Protection Laws ,
Fair Credit Reporting Act (FCRA) ,
Federal Breach Notification Standard ,
Federal Trade Commission (FTC) ,
FinTech ,
France ,
Fraud ,
General Data Protection Regulation (GDPR) ,
Germany ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hong Kong ,
Information Sharing ,
International Data Transfers ,
Investigatory Powers Act 2016 ,
Italy ,
Japan ,
Mexico ,
National Security ,
Netherlands ,
NIST ,
NYDFS ,
OCIE ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
SEC Examination Priorities ,
Securities and Exchange Commission (SEC) ,
Settlement Agreements ,
Singapore ,
Spain ,
Spokeo ,
Standing ,
State Data Breach Notification Statutes ,
Swiss Privacy Shield ,
Switzerland ,
TCPA ,
Telemarketing ,
UK ,
V2V ,
Web Tracking