Cybersecurity: SEC Enforcement, Disclosure Controls and Risk Factor Disclosure

With the new leadership at the Securities and Exchange Commission, industry commentators expect the Division of Enforcement to be more aggressive in several arenas, including public company disclosure of cybersecurity incidents. While this has been a stated focus of the SEC for more than 10 years, enforcement cases relating to […]

Data Processing Agreements: The 10 Most Important Considerations

On the third anniversary of the General Data Protection Regulation, Cooley launched a series of webinars focused on the GDPR. A data processing agreement (DPA) is used by controllers and processors to formalize their data process arrangements as required by the GDPR. Our third webinar covers what we believe are […]

Appointing a Data Protection Officer: 10 Common Mistakes

On the third anniversary of the General Data Protection Regulation, Cooley launched a series of webinars focused on the GDPR. As set out in the GDPR, the data protection officer (DPO) plays a crucial role in the data privacy landscape, so our second webinar covers what we consider to be […]

DOJ Increases Efforts to Combat Cyber Breaches by Targeting Government Contractors

The US Department of Justice is increasing its arsenal to pursue cyber-related fraud by government contractors and grant recipients. The program, called the “Civil Cyber-Fraud Initiative,” was announced by Deputy Attorney General Lisa Monaco on Wednesday. The initiative – along with other recent steps taken by the federal government – […]

SEC Enforcement Targets Cybersecurity Disclosures Again

Securities and Exchange Commission Chairman Gary Gensler has pledged to bring a renewed focus to robust enforcement of the federal securities laws. As we observed in a recent blog post, under Chairman Gensler and Director Gurbir Grewal, the SEC’s Division of Enforcement will be more aggressive in several arenas—including public company […]

GDPR Three Years on the Road: The 10 Key Developments You Should Know

On the third anniversary of the General Data Protection Regulation, Cooley started a series of webinars focused on the GDPR. Our first webinar covers what we consider “the Top 10 key developments you should know” concerning the implementation of this ground-breaking personal data privacy regime.

Takeaways from the California Attorney General’s First-Year CCPA Enforcement Update

Just over one year ago, on July 1, 2020, the California attorney general began enforcing the California Consumer Privacy Act. To mark the one-year anniversary of enforcement actions, California Attorney General Rob Bonta provided an update on his office’s CCPA enforcement efforts over the past year (and published an accompanying […]

Colorado Becomes Third State to Pass a Comprehensive Privacy Law

On July 7, 2021, Colorado Gov. Jared Polis signed the Colorado Privacy Act (CPA) into law. The CPA is now the third comprehensive consumer privacy law to be passed in the United States, after the California Consumer Privacy Act (CCPA) and Virginia’s Consumer Data Privacy Act (CDPA). Enforcement of the CPA will begin July 1, 2023. […]

European Commission Issues UK Adequacy Decisions

On 28 June 2021, the European Commission issued two adequacy decisions in respect of the UK – one under Regulation (EU) 2016/679 (the EU’s General Data Protection Regulation, or EU GDPR) and another under Directive (EU) 2016/680 (the Law Enforcement Directive).

US Supreme Court Narrows Scope of Computer Fraud and Abuse Act in Van Buren, Remands LinkedIn

On June 3, 2021, the US Supreme Court issued its decision in Van Buren v. United States in the Court’s first-ever interpretation of the Computer Fraud and Abuse Act (CFAA), the federal anti-hacking statute. Van Buren presented the question of whether someone “exceeds authorized access” under the CFAA, see 18 […]