Category: Policy & Legislation

Appointing a Data Protection Officer: 10 Common Mistakes

On the third anniversary of the General Data Protection Regulation, Cooley launched a series of webinars focused on the GDPR. As set out in the GDPR, the data protection officer (DPO) plays a crucial role in the data privacy landscape, so our second webinar covers what we consider to be […]

DOJ Increases Efforts to Combat Cyber Breaches by Targeting Government Contractors

The US Department of Justice is increasing its arsenal to pursue cyber-related fraud by government contractors and grant recipients. The program, called the “Civil Cyber-Fraud Initiative,” was announced by Deputy Attorney General Lisa Monaco on Wednesday. The initiative – along with other recent steps taken by the federal government – […]

GDPR Three Years on the Road: The 10 Key Developments You Should Know

On the third anniversary of the General Data Protection Regulation, Cooley started a series of webinars focused on the GDPR. Our first webinar covers what we consider “the Top 10 key developments you should know” concerning the implementation of this ground-breaking personal data privacy regime.

Colorado Becomes Third State to Pass a Comprehensive Privacy Law

On July 7, 2021, Colorado Gov. Jared Polis signed the Colorado Privacy Act (CPA) into law. The CPA is now the third comprehensive consumer privacy law to be passed in the United States, after the California Consumer Privacy Act (CCPA) and Virginia’s Consumer Data Privacy Act (CDPA). Enforcement of the CPA will begin July 1, 2023. […]

European Commission Issues UK Adequacy Decisions

On 28 June 2021, the European Commission issued two adequacy decisions in respect of the UK – one under Regulation (EU) 2016/679 (the EU’s General Data Protection Regulation, or EU GDPR) and another under Directive (EU) 2016/680 (the Law Enforcement Directive).

US Supreme Court Narrows Scope of Computer Fraud and Abuse Act in Van Buren, Remands LinkedIn

On June 3, 2021, the US Supreme Court issued its decision in Van Buren v. United States in the Court’s first-ever interpretation of the Computer Fraud and Abuse Act (CFAA), the federal anti-hacking statute. Van Buren presented the question of whether someone “exceeds authorized access” under the CFAA, see 18 […]

The European Commission Adopts New Standard Contractual Clauses

The European Commission has adopted today the long-awaited new sets of Standard Contractual Clauses: one for use between controllers and processors in the EU/EEA and one for the transfer of personal data to third countries.

The Long-awaited 2021 Cyber Executive Order

On May 12, 2021, the US president issued an “Executive Order on Improving the Nation’s Cybersecurity.” The EO follows on the heels of the Colonial Pipeline ransomware attack, along with the Codecov and Solar Winds supply-chain attacks. While the EO focuses primarily on internal-government actions, the presidential order expresses hope […]

FTC Expects Board-Level Cybersecurity Oversight

Federal Trade Commission (FTC) staff published a blog post that highlights increased cybersecurity threats and emphasizes the key role corporate boards play in a successful cybersecurity program: “Corporate boards: don’t underestimate your role in data security oversight.” Boards that are not actively considering cybersecurity risks should take notice.

Second Circuit Rules Individuals Have Standing to Sue for ‘Increased Risk’ of Identity Theft

Earlier this week, the United States Court of Appeals for the Second Circuit held that where personal information is disclosed without authorization, impacted individuals may have standing to sue if they can show an “increased risk” of identity theft or fraud, even if this hasn’t yet happened. The court, which […]