Every month, we see a new set of privacy best practices or a new set of regulations proposed or adopted by a state, Congress, the White House, or countries around the globe. The versions of best practices continue to multiply and the layers of regulation continue to expand. Every new group or political entity wants to out-perform the last – but has this one-upmanship gone too far?
All eyes are on California as the countdown to California’s Consumer Privacy Act (CCPA) continues. This attention is for good reason—the CCPA is a data privacy law with the potential to change the landscape of data collection practices in the U.S. Approximately 500,000 U.S. businesses in various industries will have to comply with this new law when it goes into effect on January 1, 2020. When the CCPA goes into effect, consumers may then exercise their private right of action. This means that consumers may bring a civil lawsuit against any business for a data breach and potentially ...
September 2018 was a busy month for data privacy. We expect the next several months to be extremely active as well, especially with the number of new complaints and data breach notices filed in Europe since May. We will continue to monitor and update developments as the data privacy framework continues to evolve.
It has been a little more than 90 days since G-Day (May 25) and there has been a lot to talk about regarding the implementation of GDPR.
G-Day is May 25, 2018, the day when the European Union’s General Data Protection Regulation (“GDPR) is set to go into effect. Even though the Regulation has been approved and available for review for more than a year, most companies are still working to determine whether GDPR applies and, if so, how to become GDPR compliant. The litigators from KMK’s Cybersecurity and Privacy Team have prepared a Legal Alert which helps companies answer both questions.
On February 20, 2018, the Securities and Exchange Commission (SEC) issued interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents. This guidance indicates that the SEC is expecting more robust cybersecurity-related disclosures in the filings of public companies and encourages companies to implement comprehensive cybersecurity policies and procedures.
Last week, the D.C. Circuit joined an increasing number of federal courts applying a broad interpretation of the degree of harm required to satisfy Article III standing and expanding the holding of last summer’s Spokeo, Inc. v. Robbins, 136 S. Ct. 1540 (2016).
Last week, the Eighth Circuit Court of Appeals rejected the district court’s approval of the class action settlement in the Target data breach litigation. See In re Target Corp. Customer Data Sec. Breach Litig., 2017 U.S. App. Lexis 1767 (8th Cir. Feb. 1 2017).
Two decisions last week further widened the divide among the Courts of Appeals in applying Spokeo in cybersecurity litigation.
The U.S. Computer Emergency Readiness Team (US-CERT) is implementing new reporting requirements beginning April 1, 2017, and just released new guidelines to help federal departments and agencies; state, local, tribal, and territorial government entities; information sharing and analysis organizations; and foreign, commercial and private-sector organizations submit incident notifications to the federal government.
- Cybersecurity and Privacy Law
- Cybersecurity Regulation
- Cyber Insurance
- Privacy Laws
- Data Breach
- Class Action Litigation
- General Data Protection Regulation
- Mergers & Acquisitions
- Incident Response Plan
- Information Governance
- Corporate Law
- Federal Trade Commission
- Seventh Circuit
- Department of Justice
- Can’t We All Get Along in the Cyber Sandbox?
- California's New Privacy Law is Coming - Are You Ready?
- September 2018 Was a Busy Month for Data Privacy
- GDPR - 90 Days Later
- GDPR: Less Than 100 Day and Counting to "G-Day" - Here's What You Need to Know
- SEC Issues Guidance on Cybersecurity Disclosures
- New D.C. Circuit Ruling Finds Substantial Risk of Harm Inherent to Data Breach
- Target Class Action Settlement Temporarily Upended
- Spokeo Continues to Divide the Lower Courts in Cybersecurity Litigation
- Cyber Breach Incident Notification Guidelines Ahead