Category: Policy & Legislation

UK ICO Cites Inadequate M&A Data Protection Due Diligence as a Factor in Proposing $125M Breach Fine

On July 9, 2019, the UK Information Commissioner’s Office (ICO) publicly announced its intent to impose a £99M (approximately $123M) GDPR fine on Marriott in connection with the discovery and notification of a data breach at Starwood. Among its justifications for the record fine, the ICO cited inadequate data protection […]

Will BA, Marriott Have to Pay UK ICO’s Huge Breach Fines? We Look at What’s Next.

The UK Information Commissioner’s Office (ICO) has issued Notices of Intent (NOI) to fine British Airways (for £183m) and US hotel group Marriott (for £99m) for breaches of the EU General Data Protection Regulation (GDPR). Assuming that fines are ultimately issued, these will be the first fines to be issued […]

At GDPR’s One Year Mark, Continued Compliance Efforts are Key and Can Help with CCPA Compliance

With the EU General Data Protection Regulation (the “GDPR”) now over a year old, companies may feel that their data privacy challenges have settled down and that their GDPR work is complete.  While that may be true for some companies, the reality for most is that their GDPR compliance efforts […]

Nevada Privacy Law Gives Consumers Right to Opt Out of Sale of Personal Information, Following California’s Lead in CCPA

On May 29, 2019, Nevada passed a privacy law that gives consumers the right to opt out of the sale of their personal information. The law, SB 220, contains provisions that are similar to the California Consumer Privacy Act (CCPA)’s new requirements to allow consumers to opt out of the sale […]

Cooley Launches CCPA Resource Page

To help organizations understand and prepare for the California Consumer Privacy Act (CCPA), Cooley’s cyber/data/privacy team has launched a CCPA resource page, including FAQs, a compliance checklist, recordings of our CCPA webcasts, links to our CCPA blog coverage and more. We welcome your ideas for CCPA topics that you think […]

Significant GDPR enforcement action imminent

The EU General Data Protection Regulation (the “GDPR”) has been in force for just under a year now. Prior to its coming into effect, a key topic of concern for many companies was the ability of Supervisory Authorities (EU Data Protection regulators) to impose potentially enormous fines. In the run […]

CCPA Amendments: Expanded Private Right of Action Blocked; Exclusion of HR Data Advances

A number of bills seeking to amend the California Consumer Privacy Act of 2018 (CCPA) have been introduced this year, none more closely watched than SB 561, which would have extended the private right of action under the CCPA from security breaches to any violation of the CCPA.  Despite support […]

The End of Auto Insurance As We Know It: How Big Data Will Reshape the Future of the Autonomous Vehicle Insurance Market

Despite the recent wave of articles forecasting that the rise of autonomous vehicles will lead to a decline in auto insurance premiums, we believe it is more accurate to say that the advent of self-driving cars will cause the personal auto insurance policy, as we know it, to disappear at […]

UK regulator focuses on GDPR challenges faced by the adtech industry

On 6 March 2019, the UK data protection regulator, the Information Commissioner’s Office (ICO) convened an adtech fact-finding forum of industry stakeholders, aimed at developing its understanding of the adtech ecosystem (with a particular focus on programmatic advertising and real-time bidding) and exploring key themes raised by adtech from a […]

FTC’s Proposed Amendments to the GLBA Safeguards Rule Seek to Incorporate Requirements from NY DFS Cybersecurity Regulations

On March 5, the FTC announced proposed amendments to the Standards for Safeguarding Customer Information under the Gramm-Leach-Bliley Act (“Safeguards Rule” or “Rule”).  The FTC version of the Safeguards Rule applies to financial institutions that are not governed by federal banking regulators (e.g., FDIC, Federal Reserve, OCC, and NCUA) or […]