Are You Ready for Canada’s New Privacy Breach Rules?
Mandatory privacy breach notification, reporting, and record-keeping obligations under Canada’s federal data protection law, the Personal Information Protection and Electronic Documents Act, came into force on November 1, 2018.
SEC Issues Risk Alert Noting Common Regulation S-P Compliance Issues
The SEC’s Office of Compliance Inspections and Examinations has issued a risk alert providing an overview of the most common deficiencies or weaknesses in investment adviser and broker-dealer compliance with the Safeguards Rule of Regulation S-P, based on recent examinations.
FTC Announces New Cybersecurity Requirements, Privacy Rule Update
In March, the Federal Trade Commission announced proposed updates to two key privacy and security regulations, the Safeguards Rule and Privacy Rule. Both rules implement regulations under the federal Gramm–Leach–Bliley Act.
The Supreme Court Signals Further Review of Article III Standing
On March 20, the Supreme Court issued an opinion concerning the requirements for Article III standing for statutory violations under the Stored Communications Act. While the Supreme Court did not express an opinion about how this issue should be decided, its ruling signals the Court’s direction to carefully examine Article III standing given mere statutory violations.
Time for a General Federal Privacy Law? Peter Swire Opens the Discussion on Potential Preemptive Effects
In this IAPP article, Alston & Bird senior counsel Peter Swire discusses the potential for a general U.S. privacy law and whether and to what extent this new federal law would “preempt” state privacy protections.
HHS Releases New “Health Industry Cybersecurity Practices”
The Department of Health and Human Services has issued new voluntary cybersecurity guidance for the health care industry, “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients.”
Selected Developments in U.S. State Law
- Legislative Roundup: New Laws Passed in Arkansas, Oklahoma, and Maryland That Revise Cybersecurity Measures
- Georgia Supreme Court Clarifies There Is No Duty to Safeguard Personal Information from a Data Breach
- Spring Legislative Update: Two New Laws and Two Amendments (West Virginia, Mississippi, Virginia, and Utah Amend and Enact Privacy and Security Legislation)
- Which CCPA Amendments Made the Cut? (An Update from California)
- Washington State Amends Data Breach Notification Law
- Washington Privacy Bill Fails to Advance Through House; Unlikely to Pass
- NYDFS Cybersecurity Regulations Nearly Fully Effective
- Illinois Supreme Court Empowers Claims Under Biometric Information Privacy Act
- Massachusetts Amends Data Breach Notification Law
EU Updates
The Coming Regulation of Artificial Intelligence? EU Publishes AI Guidelines
On April 8, 2019, the European Commission High-Level Expert Group on Artificial Intelligence released the final version of its Ethics Guidelines for Trustworthy AI. While the guidelines are not binding law, the creation of the guidelines (including an AI assessment pilot) is a significant development toward potential direct regulation of the implementation of AI.
Google-Style GDPR Fines for Everyone? Bavarian DPA Conducts Website Cookie Practices Sweep, Announces Fines Under Consideration
Recent developments from the Bavarian DPA potentially signal that cookies, user tracking, and online advertising are not a “tech industry issue,” but instead a priority issue for companies irrespective of their industry—and one that can carry the risk of GDPR fines.
EU and Japan Publish a Joint Release on Their Mutual Adequacy Decisions
On January 23, 2019, the Personal Information Protection Commission of Japan and the European Commission jointly announced the adoption of the decisions recognizing each other’s personal data protection systems as equivalent.
Department of Commerce Issues FAQs on UK’s Exit from the EU
The Department of Commerce issued a number of FAQs on the effect of the UK’s impending exit from the EU on Privacy Shield. As these FAQs make clear, there remains significant uncertainty about how the UK’s exit will play out from a transitional perspective, and Privacy Shield participants will need to plan for at least two different scenarios.
Rich Willis and Laura K. Song Share Insights on the Challenges Data Localization Poses for the Payments Industry via Bloomberg BNA
Rich Willis and Laura K. Song co-authored the Bloomberg BNA article “Data Localization Poses Challenges for Payments Industry and Innovation.” The article addresses why the different jurisdictional approaches to data localization may prove the most impactful to payment innovators.
Upcoming Events
- Alston & Bird webinar: Navigating the California Consumer Privacy Act – Key Issues in Operationalizing the New Requirements of the CCPA. June 12, 2019. David Keating, Amy Mushahwar, and Larry Sommerfeld will present.
In the News
- May 14, 2019 – Peter Swire was quoted in Inside Cybersecurity on how the National Institute of Standards and Technology will shape its privacy risk management framework. (subscription required)
- April 12, 2019 – Dan Felz was named a winner of JD Supra’s 2019 “Readers’ Choice Awards” for his contributions to the firm’s Privacy & Data Security Blog.
- April 2019 – Amy Mushahwar is mentioned in Politico, The Hill, The Deal, Global Data Review, The National Law Journal, The Washington Post, and Reuters as a new privacy and cybersecurity partner in the firm’s Washington, D.C. office.
- April 1, 2019 – Peter Swire comments in Bloomberg Law on the benefits of data portability, but cautions that it can impose disproportionate costs on small businesses. (subscription required)
- March 25, 2019 – Kim Peretti addresses the three hottest cybersecurity legal topics in this video interview with InfoRiskToday at RSA Conference 2019.
- February 4, 2019 – Kim Peretti comments in Corporate Counsel on the Financial Industry Regulatory Authority’s 2018 cybersecurity report and how cybersecurity practices must be current and adaptable to today’s landscape.
- January 25, 2019 – Helen Christakos was named one of California’s top cybersecurity lawyers by the Daily Journal.
- January 12, 2019 – Kim Peretti explains in Investment News why companies need to adapt to new cybersecurity requirements as the U.S. Securities and Exchange Commission increases scrutiny and enforcement.
- January 4, 2019 – Kim Peretti was named a “Top Lawyer” for cybersecurity by Washingtonian magazine for 2018, the second year in a row she has earned this distinction.