UK ICO Cites Inadequate M&A Data Protection Due Diligence as a Factor in Proposing $125M Breach Fine
On July 9, 2019, the UK Information Commissioner’s Office (ICO) publicly announced its intent to impose a £99M (approximately $123M) GDPR fine on Marriott in connection with the discovery and notification of a data breach at Starwood. Among its justifications for the record fine, the ICO cited inadequate data protection […]
Standing to be Dismissed – The U.S. D.D.C. Weighs in on “Actual Damage” in Data Breach Litigation
In Attias v. CareFirst, Inc., the U.S. District Court for the District of Columbia (D.D.C.) jumpstarted the debate concerning the harm plaintiffs must allege to move forward with data breach class action litigation. In recent years, courts across the country have disagreed about what constitutes an “injury-in-fact” when an individual’s […]
Will BA, Marriott Have to Pay UK ICO’s Huge Breach Fines? We Look at What’s Next.
The UK Information Commissioner’s Office (ICO) has issued Notices of Intent (NOI) to fine British Airways (for £183m) and US hotel group Marriott (for £99m) for breaches of the EU General Data Protection Regulation (GDPR). Assuming that fines are ultimately issued, these will be the first fines to be issued […]
At GDPR’s One Year Mark, Continued Compliance Efforts are Key and Can Help with CCPA Compliance
With the EU General Data Protection Regulation (the “GDPR”) now over a year old, companies may feel that their data privacy challenges have settled down and that their GDPR work is complete. While that may be true for some companies, the reality for most is that their GDPR compliance efforts […]
GDPR: Looking to the Year Ahead
On 30 May 2019, the UK data protection regulator, the Information Commissioner’s Office (ICO) published a report, reflecting on its experiences over the year since the introduction of the General Data Protection Regulation (2016/679) (GDPR) and sharing its learnings.
Nevada Privacy Law Gives Consumers Right to Opt Out of Sale of Personal Information, Following California’s Lead in CCPA
On May 29, 2019, Nevada passed a privacy law that gives consumers the right to opt out of the sale of their personal information. The law, SB 220, contains provisions that are similar to the California Consumer Privacy Act (CCPA)’s new requirements to allow consumers to opt out of the sale […]
Creating Data-Powered Products and Services in the Age of Privacy
On Friday, June 14, Cooley’s cyber/data/privacy practice will be hosting an event focused on the use of data in the development of products and services in our New York office. The intense focus on privacy in the US and globally has raised pressure on businesses that use personal data to create […]
Cooley Launches CCPA Resource Page
To help organizations understand and prepare for the California Consumer Privacy Act (CCPA), Cooley’s cyber/data/privacy team has launched a CCPA resource page, including FAQs, a compliance checklist, recordings of our CCPA webcasts, links to our CCPA blog coverage and more. We welcome your ideas for CCPA topics that you think […]
Significant GDPR enforcement action imminent
The EU General Data Protection Regulation (the “GDPR”) has been in force for just under a year now. Prior to its coming into effect, a key topic of concern for many companies was the ability of Supervisory Authorities (EU Data Protection regulators) to impose potentially enormous fines. In the run […]
CCPA Amendments: Expanded Private Right of Action Blocked; Exclusion of HR Data Advances
A number of bills seeking to amend the California Consumer Privacy Act of 2018 (CCPA) have been introduced this year, none more closely watched than SB 561, which would have extended the private right of action under the CCPA from security breaches to any violation of the CCPA. Despite support […]