As tens of billions of additional Internet of Things (IoT) devices are poised to enter the market and infuse our supply chains, on December 4, 2020, President Donald Trump signed the first-ever federal law governing IoT...more
On November 3, 2020, California voters passed Proposition 24, the California Privacy Rights Act (CPRA), by approximately 56-44%. This act will amend and supersede the still recent California Consumer Privacy Act (CCPA), once...more
11/10/2020
/ Administrative Agencies ,
Amended Legislation ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Corporate Counsel ,
Cybersecurity ,
Enforcement Authority ,
Minors ,
New Legislation ,
Opt-Outs ,
Personal Information ,
Popular ,
Private Right of Action ,
Sensitive Personal Information
Hopes that privacy regulators and litigants would grant a reprieve to businesses during the COVID-19 pandemic may prove ill-founded. On July 21, 2020, the New York Department of Financial Services announced its first...more
Many general counsels, as well as their privacy and cybersecurity teams, are understandably focused on their company’s coronavirus safety measures - and that is good news to the hackers.
Hackers thrive amidst confusion and...more
With companies increasingly worried about what the California Attorney General, and private litigants, will do once the California Consumer Privacy Act comes into effect, they should not lose sight of what the Federal Trade...more
On October 11, 2019, the California Attorney General issued long-awaited draft Regulations to the California Consumer Privacy Act (CCPA). The draft Regulations provide helpful clarity on some core aspects of California’s...more
10/18/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Right to Delete ,
State Attorneys General
As predicted, the start of 2019 provided scant respite from the frenetic pace of privacy and cybersecurity developments during 2018. This past month alone, in a blizzard of activity, regulators amended regulations and...more
2/5/2019
/ Biometric Information Privacy Act ,
CareFirst ,
Class Action ,
CNIL ,
Corporate Fines ,
Cybersecurity ,
Data Privacy ,
General Data Protection Regulation (GDPR) ,
Google ,
Information Systems Security Program (ISSP) ,
Injury-in-Fact ,
National Futures Association ,
Personal Data ,
Popular ,
State Data Breach Notification Statutes ,
Yahoo!
For those longing for the heady days of the cryptocurrency free-for-all, this November is proving to be the start of the winter of your discontent.
The US Commodity Futures Trading Commission (CFTC) and the US Securities and...more
12/6/2018
/ Blockchain ,
CFTC ,
Cryptoassets ,
Cryptocurrency ,
Cybersecurity ,
Initial Coin Offering (ICOs) ,
Popular ,
Regulatory Agenda ,
Securities ,
Securities and Exchange Commission (SEC) ,
Smart Contracts ,
Token Sales
As this eventful year for new privacy and cybersecurity regulations winds down, multinational companies still need to look ahead to new regulations that will come online in 2019, including Vietnam’s Law on...more
12/5/2018
/ Breach Notification Rule ,
California Consumer Privacy Act (CCPA) ,
Comment Period ,
Corporate Counsel ,
Covered Entities ,
Cybersecurity ,
Foreign Corporations ,
General Data Protection Regulation (GDPR) ,
Multinationals ,
Pending Legislation ,
Personal Data ,
Popular ,
Vietnam
Malaysia will soon be joining the growing number of global jurisdictions that are adding specific data breach notification requirements to companies operating in Malaysia, re-emphasizing the need for multinational companies...more
Recently, JPMorgan Chase CEO Jamie Dimon warned that the “biggest vulnerability” for the financial system is the threat of cyber attacks. Hackers, especially those working for nation-states, have grown more sophisticated and...more
The number and severity of cyberattacks are on the rise, and companies simply cannot rely on their governments to protect them. In fact, quite the opposite is true....more
In the aftermath of the April 24, 2018, Securities and Exchange Commission (SEC) statement announcing its penalty against Altaba Inc., formerly Yahoo! Inc. (Yahoo!), for failing to timely report a massive data breach,...more
5/7/2018
/ Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Enforcement Actions ,
Failure To Disclose ,
Securities Act of 1933 ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act ,
Settlement ,
Verizon ,
Yahoo!
Just two months after an Illinois appellate court dismissed a similar complaint alleging a violation of the Illinois Biometric Information Privacy Act (BIPA), a California federal court found that a claim asserted under BIPA...more
3/13/2018
/ Article III ,
Biometric Information ,
Biometric Information Privacy Act ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Employer Liability Issues ,
Facebook ,
Facial Recognition Technology ,
Injury-in-Fact ,
Popular ,
Standing
On February 21, 2018, the Securities and Exchange Commission issued an interpretive release1 providing important guidance to certain registrants on cybersecurity disclosure. Coming on the heels of dozens of high-profile...more
Revising its guidance on internal assessments and highlighting the importance of managing cybersecurity within supply chains, the National Institute of Standards and Technology (NIST) released the second draft of Version 1.1...more
What is the problem?
Belgian researchers have published information about a vulnerability in the most popular WiFi encryption protocol that makes monitoring of all communications possible, except those communications that...more
September 2017 saw no respite from the relentless pace of cyber developments, not only from the perspective of rapidly evolving attacks, but also from the perspective of dynamic federal and state regulatory moves. In...more
In a flurry of approvals last week, the National Association of Insurance Commissioners (NAIC) took substantial steps toward finalizing its proposed Insurance Data Security Model Law during the 2017 NAIC Summer National...more
On June 27, 2017, hackers struck vulnerable businesses around the world with a new version of the “Petya” ransomware. This major cyberattack has disrupted utilities, shipping companies, law firms and other businesses across...more