On September 18, 2023, a U.S. District Court judge in the Northern District of California granted a preliminary injunction enjoining California’s attorney general from enforcing California’s California Age-Appropriate Design...more
9/26/2023
/ California ,
Communications Decency Act ,
COPPA ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Enforcement Actions ,
Governor Newsom ,
Intellectual Property Protection ,
New Legislation ,
Online Safety for Children ,
Popular ,
Preliminary Injunctions ,
Privacy Laws ,
Proposed Legislation
On July 26, the U.S. Securities and Exchange Commission adopted rules to enhance and standardize public company disclosure of cybersecurity incidents, risk management, strategy and governance.
In particular, the rules,...more
8/1/2023
/ Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 10-K ,
Form 8-K ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
XBRL Filing Requirements
On March 22, 2023, the Federal Trade Commission (FTC) announced a request for information (RFI) seeking public comments on business practices in the cloud computing industry. The RFI focuses on three intertwined aspects of...more
3/30/2023
/ Cloud Computing ,
Cloud Service Providers (CSPs) ,
Competition ,
Cybersecurity ,
Data Security ,
European Commission ,
Federal Trade Commission (FTC) ,
Investigations ,
Microsoft ,
Request For Information ,
Technology Sector
The White House announced last Thursday its highly anticipated National Cybersecurity Strategy (NCS). Although largely aspirational and short on concrete plans, the 39-page NCS is the Biden administration’s most ambitious...more
3/9/2023
/ Biden Administration ,
Cloud Computing ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Financial Services Industry ,
Government Agencies ,
National Security
On December 19, 2022, the Federal Trade Commission (FTC) announced a settlement with Epic Games Inc. (Epic) over its wildly popular game “Fortnite.” The settlement requires Epic to pay $275 million in penalties to resolve...more
1/11/2023
/ Best Practices ,
COPPA ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Online Gaming ,
Online Safety for Children ,
Personal Information ,
Risk Management
In this session, presenters will provide an overview of the current cybersecurity landscape, including the patchwork of state and national security requirements and common law negligence. The presenters will also provide an...more
12/22/2022
/ Best Practices ,
Continuing Legal Education ,
Cybersecurity ,
Data Privacy ,
Data Security ,
National Security ,
New Legislation ,
Privacy Laws ,
Proposed Legislation ,
Regulatory Agenda ,
Risk Management ,
Webinars
In September 2022, California Governor Gavin Newsom signed into law the California Age Appropriate Design Code Act (CAADCA). Beginning July 1, 2024, the act will require businesses that provide online services or features...more
12/16/2022
/ Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Governor Newsom ,
Impact Assessments ,
Mobile Apps ,
New Legislation ,
Online Gaming ,
Online Safety for Children ,
Privacy Laws ,
Regulatory Agenda ,
State Privacy Laws ,
Webinars
It’s the call you hope you never get. Your company has been hit with a ransomware attack. Your systems are offline. Your customer data was stolen by an unknown threat actor who is threatening to leak it. You have lots of...more
4/1/2022
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Protection ,
Extortion ,
FBI ,
FinCEN ,
Hackers ,
Information Technology ,
Office of Foreign Assets Control (OFAC) ,
Personally Identifiable Information ,
Ransomware ,
Risk Management
In the latest move by a regulator aimed at bolstering cyber defenses, on February 9, 2022, the U.S. Securities and Exchange Commission voted to propose new rules to address the cybersecurity risks faced by registered...more
Many companies have a “no ransomware payment” stance until faced with a ransomware attack, especially an attack that causes significant business disruption. At that point, the company may reconsider its stance (or at least...more
9/24/2021
/ Corporate Counsel ,
Crypto Exchanges ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Enforcement Actions ,
FBI ,
Guidance Update ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Office of Foreign Assets Control (OFAC) ,
Ransomware ,
Regulatory Oversight ,
Risk Factors ,
Sanctions ,
U.S. Treasury ,
Virtual Currency
Eight Weeks and Counting to the Deadline. The California Consumer Privacy Act (CCPA) becomes effective on Jan. 1, 2020. With the compliance deadline rapidly approaching, the finish line seems farther away than ever. In this...more
11/7/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Brokers ,
Data Privacy ,
Employee Privacy Rights ,
Human Resources Professionals ,
Personal Information ,
Privacy Laws ,
Private Right of Action ,
Public Comment
On September 4, 2019, the U.S. Federal Trade Commission announced Google and YouTube will pay a record $170 million as part of a settlement over allegations that YouTube violated the Children’s Online Privacy Protection Act...more
9/23/2019
/ Communications Decency Act ,
COPPA ,
Cybersecurity ,
Data Collection ,
Federal Trade Commission (FTC) ,
Google ,
Mobile Apps ,
Online Advertisements ,
Online Safety for Children ,
Parental Consent ,
User-Generated Content ,
Website Owner Liability ,
Websites ,
YouTube
Pursuing negligence claims in the Eighth Circuit following a data breach just got harder. On May 31, 2019, the U.S. Court of Appeals for the Eighth Circuit again dismissed the data breach claims in In re SuperValu, Inc....more
6/6/2019
/ Actual Damages ,
Article III ,
Consumer Information ,
Consumer Protection Laws ,
Cybersecurity ,
Data Breach ,
FTC Act ,
Future Harm ,
Leave to Amend ,
Negligence ,
Popular ,
Standing ,
Unfair or Deceptive Trade Practices ,
Uniform Trade Secrets Acts ,
Unjust Enrichment
The Federal Trade Commission is putting more teeth into the multiyear compliance obligations of consent orders it enters into with companies to settle enforcement actions related to data breaches. The FTC recently issued a...more
5/30/2019
/ Best Practices ,
Consent Order ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Information Security ,
Personal Data ,
Risk Management ,
Security Risk Assessments ,
Vendor Contacts
The deadline for the United Kingdom to leave the European Union continues to be a moving target, with the latest extension placing Brexit no later than October 31, 2019, (Halloween). Whatever the final date, Brexit need not...more
The Pennsylvania Supreme Court recently held that employers have “a legal duty to safeguard” the personal data of their employees which is stored on internet-accessible computer systems and that the economic loss doctrine...more
12/20/2018
/ Breach of Duty ,
Breach of Implied Contract ,
Class Action ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Storage ,
Duty to Protect ,
Economic Damages ,
Economic Loss Doctrine ,
Employer Liability Issues ,
Hackers ,
Identity Theft ,
Negligence ,
PA Supreme Court ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Reasonable Care ,
Remand ,
Reversal
What You Need to Know Now -
• The new law takes effect January 1, 2020, but there’s a lot to do so you need to start work now.
• The new law expands the definition of personal information and gives California consumers...more
7/17/2018
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Rights ,
Data Security ,
Data-Sharing ,
Disclosure Requirements ,
Enforcement ,
Governor Brown ,
Minors ,
New Legislation ,
Notice Requirements ,
Opt-In ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Private Right of Action ,
Right to Delete ,
Statutory Damages ,
Third-Party Service Provider ,
Vendors
The U.S. Court of Appeals for the Eleventh Circuit on June 6 issued its long-awaited decision in LabMD v. Federal Trade Commission, vacating a Federal Trade Commission cease and desist order directing LabMD to overhaul its...more
7/5/2018
/ Appeals ,
Cease and Desist Orders ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Federal Rules of Civil Procedure ,
Federal Trade Commission (FTC) ,
LabMD ,
Popular ,
Reversal ,
Unfair or Deceptive Trade Practices
The U.S. Court of Appeals for the Fourth Circuit has found that allegations that fraudsters used the personal information of data breach victims are sufficient to establish standing even without any fraudulent charges...more
6/27/2018
/ Appeals ,
Article III ,
Class Action ,
Cybersecurity ,
Data Breach ,
Debit and Credit Card Transactions ,
Fraudulent Charges ,
Identity Theft ,
Injury-in-Fact ,
Negligence ,
Personally Identifiable Information ,
Pleading Standards ,
Popular ,
Remand ,
Standing ,
Subject Matter Jurisdiction ,
Vacated
Data breaches are a reality that all businesses need to take seriously. Knowing your vulnerabilities is only part of the solution. You and your key stakeholders should be prepared with an incident response plan that defines...more
Equifax, one of the three nationwide credit bureaus that track and rate the financial history of consumers, announced in September that it had suffered a data breach exposing personal information of up to 143 million...more
9/25/2017
/ Breach Notification Rule ,
Credit Reporting Agencies ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Emergency Management Plans ,
Equifax ,
Hackers ,
Personally Identifiable Information ,
Popular ,
Risk Management
Last week, the National Institute of Standards and Technology (NIST), a measurement standards laboratory in the United States Department of Commerce, released draft version 1.1 of its Framework for Improving Critical...more
Privacy Shield – An Early Reflection -
EU law generally prohibits the transfer of personal data from the European Economic Area to the U.S., unless the transfer is made in accordance with an authorized data transfer...more
10/25/2016
/ Article III ,
Cable Communications Protection Act (CCPA) ,
Confidential Information ,
COPPA ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Collection ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Equal Employment Opportunity Commission (EEOC) ,
EU ,
EU-US Privacy Shield ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Sharing ,
Injury-in-Fact ,
International Data Transfers ,
IP Addresses ,
Personal Data ,
Personally Identifiable Information ,
Privacy Policy ,
Standing ,
Video Privacy Protection Act ,
VPPA ,
Wellness Programs
The number of data breaches has risen significantly in the past few years. More and more companies, both large and small, are having their computer networks compromised and are looking for guidance on how to respond. This...more
In a closely-watched cybersecurity case, a three-judge panel of the U.S. Court of Appeals for the Third Circuit held in Federal Trade Commission v. Wyndham Worldwide Corporation (No. 14-3514) that the Federal Trade Commission...more
9/1/2015
/ Administrative Authority ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Fair Notice ,
Federal Trade Commission (FTC) ,
FTC Act ,
FTC v Wyndham ,
Popular ,
Unfair or Deceptive Trade Practices ,
Wyndham