Perkins Coie's Privacy & Security practice maintains this comprehensive chart of state laws regarding security breach notification. The chart is for informational purposes only and is intended as an aid in understanding each...more
10/19/2023
/ Breach Notification Rule ,
Class Action ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Information Security ,
Notification Requirements ,
Popular ,
Privacy Laws ,
State Privacy Laws
As U.S.-based companies await a decision by the European Union (EU) regarding data transfers, the European process for approving the EU-U.S. data privacy framework has progressed a step. The European Commission released a...more
President Biden issued an executive order (EO) increasing protections and safeguards for personal data subject to signals intelligence activities. It also establishes a redress mechanism for residents of qualifying states who...more
10/11/2022
/ Biden Administration ,
Court of Justice of the European Union (CJEU) ,
Critical Infrastructure Sectors ,
Cybersecurity ,
EU ,
Executive Orders ,
General Data Protection Regulation (GDPR) ,
National Security ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Surveillance
Perkins Coie's Privacy & Security practice maintains a comprehensive chart that summarizes state laws regarding security breach notification. The chart is for informational purposes only and is intended as an aid in...more
President Donald Trump signed two executive orders (the EOs) on August 6, 2020, an Executive Order on Addressing the Threat Posed by TikTok (TikTok EO) and an Executive Order on Addressing the Threat Posed by WeChat (WeChat...more
8/12/2020
/ China ,
Data Collection ,
Executive Orders ,
Licensing Rules ,
Location Data ,
Mobile Apps ,
National Security ,
Personal Information ,
Popular ,
Prohibited Transactions ,
Secretary of Commerce ,
Security Risk Assessments ,
Social Media ,
TikTok ,
Trump Administration
The Court of Justice for the European Union (CJEU) on July 16, 2020, invalidated the EU-U.S. Privacy Shield as an approved mechanism for transferring personal data from the European Union to the United States. This decision...more
7/22/2020
/ Court of Justice of the European Union (CJEU) ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Standard Contractual Clauses ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
The Committee on Foreign Investment in the United States (CFIUS) published two final rules on January 17, 2019, to implement the Foreign Investment Risk Review Modernization Act (FIRRMA) enacted in August 2018. The first...more
2/13/2020
/ CFIUS ,
Code of Federal Regulations (CFR) ,
Covered Transactions ,
Critical Infrastructure Sectors ,
Cross-Border Transactions ,
Emerging Technologies ,
Emerging Technology Companies ,
Export Controls ,
Federal Pilot Programs ,
Final Rules ,
FIRRMA ,
FOCI ,
Foreign Investment ,
NAICS ,
National Security ,
New Rules ,
Real Estate Transactions
As more and larger data breaches come to light, states continue to update and expand their breach notification statutes, adding to the patchwork of notification obligations that now exists in every state. Generally speaking,...more
The European Parliament approved several amendments to the European Commission’s proposed Regulation on preventing the dissemination of terrorist content online on April 17, 2019. The Regulation requires, among other things,...more
The Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA) became law on August 13, 2018. Under FIRRMA, the Committee of Foreign Investment in the United States (CFIUS) is authorized to conduct pilot programs. On...more
10/24/2018
/ Board of Directors ,
CFIUS ,
Covered Transactions ,
Critical Infrastructure Sectors ,
Federal Pilot Programs ,
FIRRMA ,
Foreign Investment ,
Interim Rule ,
Joint Venture ,
Mandatory Declarations ,
NAICS ,
National Security ,
U.S. Treasury
The European Commission recently published a draft “Regulation on preventing the dissemination of terrorist content online.” If enacted, the draft Regulation would impose stringent monitoring, removal and reporting...more
The Federal Trade Commission (FTC) announced settlements with four companies last month—IDmission LLC, mResource LLC (doing business as Loop Works LLC), SmartStart Employment Screening, Inc. and VenPath, Inc.—of the FTC’s...more
This spring has brought a particularly active round of revisions to state data breach notification laws. Most notably, as of July 1, 2018, every state will have a breach notification law. Alabama and South Dakota both passed...more
The General Data Protection Regulation (GDPR), which is effective May 25, 2018, requires notification to European regulators within 72 hours of the discovery of many types of data breaches. This deadline requires speed and...more
2017 has reminded us that data security threats continue to evolve and that the stakes for companies can be very high if their data security programs fail to evolve as well. Before the recent announcement of Equifax’s...more
9/19/2017
/ Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Security ,
Equifax ,
Hackers ,
Human Resources Professionals ,
Phishing Scams ,
Ransomware ,
Risk Assessment ,
Risk Mitigation ,
Tax Fraud ,
Tax Scams ,
Third-Party Service Provider
Computer systems around the world have been impacted by the largest cyber-extortion attack in history. According to news reports, the “ransomware” attack hit more than 200,000 victims in 150 countries since it started on...more
5/16/2017
/ Commercial Insurance Policies ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Protection ,
Employee Training ,
FBI ,
Forensic Examination ,
Hackers ,
Incident Response Plans ,
Microsoft ,
National Security Agency (NSA) ,
Ransomware
On the campaign trail, President-elect Trump adopted a contentious approach towards foreign trade, focusing on Chinese “theft of American trade secrets” and suggesting, at times, potential isolationism for U.S. businesses....more
1/20/2017
/ CFIUS ,
China ,
Cross-Border Transactions ,
Foreign Acquisitions ,
Foreign Investment ,
GAO ,
National Security ,
Trade Policy ,
Trade Relations ,
Trans-Pacific Partnership ,
Trump Administration ,
U.S. Treasury ,
Voluntary Disclosure
The spring legislative sessions this year brought a now-familiar round of revisions to data breach notification laws, with states broadening their laws in often divergent ways. This year, Illinois, Nebraska, and Tennessee...more
Two days after the expiration of the informal deadline to replace the Safe Harbor Framework invalidated by the Court of Justice of the European Union in October 2015, the EU and US have come to terms on a new framework—the...more
In four of the last five years, California’s legislature has updated its data breach notification law, expanding its scope and making the required notifications more specific. This year, the legislature passed three separate...more
The Court of Justice of the European Union (CJEU) issued its landmark decision in Maximillian Schrems v. Data Protection Commissioner on October 6, 2015, ultimately invalidating the U.S.-EU Safe Harbor Framework.
Under...more
10/8/2015
/ Corporate Counsel ,
Cybersecurity ,
Data Protection Authority ,
Edward Snowden ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Facebook ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Ireland ,
National Security ,
National Security Agency (NSA) ,
Personal Data ,
Popular ,
Privacy Laws ,
Right to Privacy ,
Safe Harbors ,
Schrems I & Schrems II ,
US-EU Safe Harbor Framework ,
Young Lawyers
The SEC announced last week that an investment adviser had agreed to settle charges that it failed to take required steps to protect against and respond effectively to a cybersecurity breach. The action comes on the heels of...more
9/29/2015
/ Best Practices ,
Board of Directors ,
Broker-Dealer ,
Capital Markets ,
Compliance ,
Corporate Counsel ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Incident Reporting ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Loss Prevention ,
Data Security ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
Due Diligence ,
Enforcement Actions ,
FCC ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Hackers ,
Incident Response Plans ,
Investment Adviser ,
OCR ,
Popular ,
Regulation S-P ,
Risk Alert ,
Risk Assessment ,
Securities Act of 1933 ,
Securities and Exchange Commission (SEC) ,
Third-Party Service Provider
Since at least 2005, the Federal Trade Commission has asserted that it may regulate lax data security practices as an “unfair” business practice under Section 5 of the FTC Act. The Wyndham hotel chain was the first to...more
8/27/2015
/ COPPA ,
Credit Cards ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Debit Cards ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
Fraudulent Charges ,
FTC Act ,
FTC v Wyndham ,
Hackers ,
Personally Identifiable Information ,
Popular ,
SCOTUS ,
Section 5 ,
Unfair or Deceptive Trade Practices ,
Wyndham
President Obama recently issued Executive Order 13694 (EO 13694 or EO), “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities.” EO 13694 is aimed at deterring cyber attacks,...more
Target’s 2013 data breach has generated over 100 consumer lawsuits, which were consolidated last year before the U.S. District Court for the District of Minnesota. On December 18, 2014, Judge Paul A. Magnuson issued a...more