Consistent with a growing national trend, Virginia joined California in recently passing consumer privacy legislation with broad national reach. Both the Virginia Consumer Data Protection Act ...more
4/8/2021
/ California Consumer Privacy Act (CCPA) ,
CDPA ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Personal Data ,
Personally Identifiable Information ,
Popular
Introduction -
The proliferation of data and the rise of affordable cloud computing services has led many companies and organizations to outsource their data storage to third parties, a practice that raises numerous issues...more
Ransomware threats and attacks dominated the cyber news cycle in 2020 and into 2021. With the global pandemic and the uptick in remote work and learning, cybercriminals and nation-state hackers have seized on vulnerabilities...more
2/10/2021
/ Cryptocurrency ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Hackers ,
NYDFS ,
Office of Foreign Assets Control (OFAC) ,
Popular ,
Ransomware ,
Risk Management ,
Underwriting
2020 has been a busy year in privacy law both domestically and around the globe. Some of the most striking developments included enforcement of the California Consumer Privacy Act (CCPA) and passage of the California Privacy...more
1/4/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
Information Governance ,
Personal Data ,
Popular ,
SHIELD Act
The rapid expansion of data security and privacy laws and regulations — both in the United States and internationally — harbors the potential for substantial liability, with the consequence that cyber compliance has become an...more
12/30/2020
/ Cyber Insurance ,
Data Management ,
Data Mapping ,
Data Privacy ,
Data Security ,
Due Diligence ,
Personally Identifiable Information ,
Popular ,
Privacy Policy ,
Risk Mitigation ,
Vulnerability Assessments
On Nov. 11, 2020, the European Data Protection Board (EDPB) published eagerly anticipated guidance in the wake of the July 2020 European Court of Justice’s (ECJ) decision in Schrems II, outlining a process for ensuring data...more
11/23/2020
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The California Consumer Privacy Act (CCPA) created groundbreaking new rules for how businesses must handle California consumers’ personal data and spurred proposals for similar legislation across the country. ...more
11/12/2020
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Sellers ,
Data-Sharing ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Right to Delete ,
Right To Know ,
State and Local Government
On Oct. 30, 2020, the United Kingdom’s data protection authority, the Information Commissioner’s Office (ICO), in connection with France’s Commission nationale de l’informatique et des libertés (CNIL), announced the largest...more
11/5/2020
/ British Airways ,
CNIL ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Enforcement Actions ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marriott ,
Popular
This past July, a decision by the European Court of Justice (ECJ) struck down the European Union-United States Privacy Shield framework (EU-U.S. Privacy Shield), one mechanism through which companies could transfer personal...more
10/1/2020
/ Binding Corporate Rules ,
Breach of Contract ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Court of Justice (ECJ) ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Agenda ,
Standard Contractual Clauses ,
Switzerland
The Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) has published a risk alert, warning SEC-registered investment advisers, brokers and dealers about the increasing use of...more
10/1/2020
/ Broker-Dealer ,
Cyber Attacks ,
Cybersecurity ,
Data Protection ,
Financial Institutions ,
Investment Adviser ,
OCIE ,
Regulation S-ID ,
Regulation S-P ,
Risk Alert ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
Data privacy compliance emerged as a top-tier issue for businesses across the globe with the implementation of new laws with broad scope and sweeping coverage, including the EU’s General Data Protection Regulation (GDPR),...more
8/3/2020
/ Ballot Measures ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
State and Local Government
On July 16, the European Court of Justice (ECJ or the Court) struck down the EU-U.S. Privacy Shield program. The ruling invalidated an earlier European Commission (Commission) decision (Privacy Shield adequacy determination)...more
Certain provisions of the New York Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) recently took effect in the state of New York. The act was signed into law by the governor in July 2019, and its data breach...more
On April 13, the New York State Department of Financial Services (DFS) issued guidance to its regulated institutions on how to manage cyber-risks connected to remote working, amid a “significant” increase in cybercrime...more
The outbreak of the coronavirus (COVID-19), with its social distancing and remote work protocols, has brought renewed focus on the execution of transactional documentation without the traditional inked (wet) signature. ...more
On April 20, the Supreme Court agreed to review the Eleventh Circuit’s decision in United States v. Van Buren, which broadly interpreted the Computer Fraud and Abuse Act (CFAA), the main federal anti-hacking statute, as...more
At the end of January, the U.S. Securities and Exchange’s Office of Compliance Inspections and Examinations (OCIE) released its “Observations on Cybersecurity and Resiliency Practices” (Observations)....more
2/13/2020
/ Best Practices ,
Bring Your Own Device (BYOD) ,
Business Continuity Plans ,
C-Suite Executives ,
Corporate Governance ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Data Loss Prevention ,
Data Management ,
Data Protection ,
Denial of Service Attacks ,
Disclosure Requirements ,
Incident Response Plans ,
Malware ,
Mobile Device Management ,
Mobile Devices ,
OCIE ,
Policies and Procedures ,
Popular ,
Ransomware ,
Regulatory Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Third-Party Liability ,
Vendors
California’s Consumer Privacy Act (CCPA) went into effect on Jan. 1, 2020. While the CCPA has been interpreted as primarily targeting technology companies and data brokers, it has broad reach and applies to any business that...more
1/29/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Risk Management ,
State and Local Government
The Cayman Islands recently implemented data protection legislation similar to that adopted elsewhere in the world, including the EU’s General Data Protection Regulation (GDPR). The GDPR forced many businesses outside its...more
11/1/2019
/ Breach Notification Rule ,
Cayman Islands ,
Cybersecurity ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Investment Adviser ,
Investment Management ,
New Legislation ,
Personal Data ,
Private Investment Funds
Facial recognition is a rapidly evolving area of technology with myriad potential commercial uses. Reflecting the rapid growth in this area, regulations related to facial recognition are changing across all levels of...more
9/4/2019
/ Biometric Information ,
Data Collection ,
Data Management ,
Department of Homeland Security (DHS) ,
Facial Recognition Technology ,
FBI ,
Forensic Examination ,
Government Agencies ,
Immigration and Customs Enforcement (ICE) ,
Law Enforcement ,
NIST ,
Privacy Concerns ,
Regulatory Standards
The New York Department of Financial Services’ (DFS) January 2019 insurance circular letter, which advised New York-licensed life insurance carriers on the use of external consumer data and information sources in...more
8/1/2019
/ Algorithms ,
Artificial Intelligence ,
Consumer Insurance Products ,
Cooperative Compliance Regime ,
Customer Information ,
Data Management ,
Discrimination ,
Financial Services Industry ,
Insurance Regulations ,
Life Insurance ,
New Guidance ,
NYDFS ,
Predictive Analytics ,
Regulatory Standards ,
Transparency ,
Underwriting
New York is gearing up to enact some of the toughest cybersecurity, privacy and data protection laws in the country. Modeled on the European Union’s General Data Protection Regulation (GDPR) and the California Consumer...more
7/18/2019
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Legislative Agendas ,
Notification Requirements ,
Pending Legislation ,
Personal Data ,
Personally Identifiable Information ,
SHIELD Act ,
State and Local Government ,
State Data Breach Notification Statutes
Following extensive consultations, the European Commission’s High-Level Expert Group on AI released ethics guidelines on the use of artificial intelligence. Three broad principles emerged from those guidelines, suggesting...more
We recently discussed the topic of risk management as it relates to artificial intelligence (AI) in financial services, and suggested certain tips for the financial services sector. This article is the first of a series that...more
5/2/2019
/ Algorithmic Trading ,
Artificial Intelligence ,
CFTC ,
EU ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
MiFID II ,
Policies and Procedures ,
Popular ,
Registered Investment Advisors ,
Risk Management ,
Robo-Advisors ,
Securities and Exchange Commission (SEC) ,
Securities Traders
Until recently, whistleblowing raised many concerns in France and other European countries. Reporting on colleagues’ behavior, even if unlawful, was seen as risky business that could lead to dismissals and criminal sanctions...more