DOJ Increases Efforts to Combat Cyber Breaches by Targeting Government Contractors
The US Department of Justice is increasing its arsenal to pursue cyber-related fraud by government contractors and grant recipients. The program, called the “Civil Cyber-Fraud Initiative,” was announced by Deputy Attorney General Lisa Monaco on Wednesday. The initiative – along with other recent steps taken by the federal government – […]
SEC Enforcement Targets Cybersecurity Disclosures Again
Securities and Exchange Commission Chairman Gary Gensler has pledged to bring a renewed focus to robust enforcement of the federal securities laws. As we observed in a recent blog post, under Chairman Gensler and Director Gurbir Grewal, the SEC’s Division of Enforcement will be more aggressive in several arenas—including public company […]
GDPR Three Years on the Road: The 10 Key Developments You Should Know
On the third anniversary of the General Data Protection Regulation, Cooley started a series of webinars focused on the GDPR. Our first webinar covers what we consider “the Top 10 key developments you should know” concerning the implementation of this ground-breaking personal data privacy regime.
Takeaways from the California Attorney General’s First-Year CCPA Enforcement Update
Just over one year ago, on July 1, 2020, the California attorney general began enforcing the California Consumer Privacy Act. To mark the one-year anniversary of enforcement actions, California Attorney General Rob Bonta provided an update on his office’s CCPA enforcement efforts over the past year (and published an accompanying […]
Colorado Becomes Third State to Pass a Comprehensive Privacy Law
On July 7, 2021, Colorado Gov. Jared Polis signed the Colorado Privacy Act (CPA) into law. The CPA is now the third comprehensive consumer privacy law to be passed in the United States, after the California Consumer Privacy Act (CCPA) and Virginia’s Consumer Data Privacy Act (CDPA). Enforcement of the CPA will begin July 1, 2023. […]
European Commission Issues UK Adequacy Decisions
On 28 June 2021, the European Commission issued two adequacy decisions in respect of the UK – one under Regulation (EU) 2016/679 (the EU’s General Data Protection Regulation, or EU GDPR) and another under Directive (EU) 2016/680 (the Law Enforcement Directive).
US Supreme Court Narrows Scope of Computer Fraud and Abuse Act in Van Buren, Remands LinkedIn
On June 3, 2021, the US Supreme Court issued its decision in Van Buren v. United States in the Court’s first-ever interpretation of the Computer Fraud and Abuse Act (CFAA), the federal anti-hacking statute. Van Buren presented the question of whether someone “exceeds authorized access” under the CFAA, see 18 […]
The European Commission Adopts New Standard Contractual Clauses
The European Commission has adopted today the long-awaited new sets of Standard Contractual Clauses: one for use between controllers and processors in the EU/EEA and one for the transfer of personal data to third countries.
The Long-awaited 2021 Cyber Executive Order
On May 12, 2021, the US president issued an “Executive Order on Improving the Nation’s Cybersecurity.” The EO follows on the heels of the Colonial Pipeline ransomware attack, along with the Codecov and Solar Winds supply-chain attacks. While the EO focuses primarily on internal-government actions, the presidential order expresses hope […]
FTC Expects Board-Level Cybersecurity Oversight
Federal Trade Commission (FTC) staff published a blog post that highlights increased cybersecurity threats and emphasizes the key role corporate boards play in a successful cybersecurity program: “Corporate boards: don’t underestimate your role in data security oversight.” Boards that are not actively considering cybersecurity risks should take notice.