36-Hour Breach Notification Rule to Go into Effect for Banking Organizations
On November 18, 2021, three US agencies – the Office of the Comptroller of the Currency (OCC), the Federal Reserve Board (FRB) and the Federal Deposit Insurance Corporation (FDIC) – issued a joint rule concerning computer-security incident notifications, which will go into effect on April 1, 2022, with a full […]
‘Inbox Advertising’: Direct Marketing Rules Apply to Ads in Email Inboxes
On November 25, 2021, the Court of Justice of the European Union (CJEU) held in the case C-102/20 that the display of advertising messages in a form similar to an actual email among others in an inbox constitutes an electronic mail for direct marketing purposes. Hence, rules on direct marketing […]
China’s New National Privacy Law: The PIPL
As the world continues to work from home in the wake of COVID-19, and companies lean on online technologies to conduct their businesses and service their customers, the People’s Republic of China (home to the most online users in the world), is one of the latest countries to pass a […]
New Standard Contractual Clauses: 10 Things You Need to Know
On the third anniversary of the General Data Protection Regulation, Cooley launched a series of webinar focused on the GDPR. The GDPR permits the transfer of data from the European Union and the European Economic Area (EEA) to third countries using standard contractual clauses (SCCs), which are a useful mechanism […]
Cybersecurity: SEC Enforcement, Disclosure Controls and Risk Factor Disclosure
With the new leadership at the Securities and Exchange Commission, industry commentators expect the Division of Enforcement to be more aggressive in several arenas, including public company disclosure of cybersecurity incidents. While this has been a stated focus of the SEC for more than 10 years, enforcement cases relating to […]
Data Processing Agreements: The 10 Most Important Considerations
On the third anniversary of the General Data Protection Regulation, Cooley launched a series of webinars focused on the GDPR. A data processing agreement (DPA) is used by controllers and processors to formalize their data process arrangements as required by the GDPR. Our third webinar covers what we believe are […]
Appointing a Data Protection Officer: 10 Common Mistakes
On the third anniversary of the General Data Protection Regulation, Cooley launched a series of webinars focused on the GDPR. As set out in the GDPR, the data protection officer (DPO) plays a crucial role in the data privacy landscape, so our second webinar covers what we consider to be […]
DOJ Increases Efforts to Combat Cyber Breaches by Targeting Government Contractors
The US Department of Justice is increasing its arsenal to pursue cyber-related fraud by government contractors and grant recipients. The program, called the “Civil Cyber-Fraud Initiative,” was announced by Deputy Attorney General Lisa Monaco on Wednesday. The initiative – along with other recent steps taken by the federal government – […]
SEC Enforcement Targets Cybersecurity Disclosures Again
Securities and Exchange Commission Chairman Gary Gensler has pledged to bring a renewed focus to robust enforcement of the federal securities laws. As we observed in a recent blog post, under Chairman Gensler and Director Gurbir Grewal, the SEC’s Division of Enforcement will be more aggressive in several arenas—including public company […]
GDPR Three Years on the Road: The 10 Key Developments You Should Know
On the third anniversary of the General Data Protection Regulation, Cooley started a series of webinars focused on the GDPR. Our first webinar covers what we consider “the Top 10 key developments you should know” concerning the implementation of this ground-breaking personal data privacy regime.