Cooley Launches CCPA Resource Page

To help organizations understand and prepare for the California Consumer Privacy Act (CCPA), Cooley’s cyber/data/privacy team has launched a CCPA resource page, including FAQs, a compliance checklist, recordings of our CCPA webcasts, links to our CCPA blog coverage and more. We welcome your ideas for CCPA topics that you think […]

Significant GDPR enforcement action imminent

The EU General Data Protection Regulation (the “GDPR”) has been in force for just under a year now. Prior to its coming into effect, a key topic of concern for many companies was the ability of Supervisory Authorities (EU Data Protection regulators) to impose potentially enormous fines. In the run […]

CCPA Amendments: Expanded Private Right of Action Blocked; Exclusion of HR Data Advances

A number of bills seeking to amend the California Consumer Privacy Act of 2018 (CCPA) have been introduced this year, none more closely watched than SB 561, which would have extended the private right of action under the CCPA from security breaches to any violation of the CCPA.  Despite support […]

App Developers Must Consider Platform Rules in Addition to Legal Requirements

Recently, app store providers have become increasingly active in imposing and enforcing privacy requirements for developers. For example, both Apple and Google have threatened removal of apps from their respective app stores based on the collection of in-app user activity and crash logs for analytics purposes in violation of the […]

The End of Auto Insurance As We Know It: How Big Data Will Reshape the Future of the Autonomous Vehicle Insurance Market

Despite the recent wave of articles forecasting that the rise of autonomous vehicles will lead to a decline in auto insurance premiums, we believe it is more accurate to say that the advent of self-driving cars will cause the personal auto insurance policy, as we know it, to disappear at […]

Canada’s Privacy Commissioner Recommends Consent for Cross Border Data Transfers

On April 9, 2019, the Office of the Privacy Commissioner of Canada (OPC) issued a new Consultation on transborder dataflows, recommending that organizations be required to obtain individuals’ consent — express or implied — for transfers of personal data outside of Canada. The OPC is accepting comments on the Consultation […]

UK regulator focuses on GDPR challenges faced by the adtech industry

On 6 March 2019, the UK data protection regulator, the Information Commissioner’s Office (ICO) convened an adtech fact-finding forum of industry stakeholders, aimed at developing its understanding of the adtech ecosystem (with a particular focus on programmatic advertising and real-time bidding) and exploring key themes raised by adtech from a […]

Credential Stuffing Attacks and What they Mean for Businesses

Over the past few months, Cooley’s incident response team has seen an increase in “Credential Stuffing” attacks. Credential Stuffing is an account takeover attack in which actors obtain user names and passwords available on the dark web from prior data breaches, and then attempt to login to various online accounts […]

Cybersecurity Governance for Maturing Companies

With cyber resilience top of mind for investors, shareholders, regulators and the plaintiffs’ bar, growing organizations can no longer afford to put their cybersecurity efforts on the back burner. Building a cybersecurity program has become an essential element in the growth strategy. But where do you begin? Cooley’s cyber/data/privacy lawyers […]

FTC’s Proposed Amendments to the GLBA Safeguards Rule Seek to Incorporate Requirements from NY DFS Cybersecurity Regulations

On March 5, the FTC announced proposed amendments to the Standards for Safeguarding Customer Information under the Gramm-Leach-Bliley Act (“Safeguards Rule” or “Rule”).  The FTC version of the Safeguards Rule applies to financial institutions that are not governed by federal banking regulators (e.g., FDIC, Federal Reserve, OCC, and NCUA) or […]