SEC Poised to Ramp up Cybersecurity Enforcement

On October 16, 2018, the Securities and Exchange Commission (SEC) issued an investigative report signaling its intent to use sections 13(b)(2)(B)(i) and (iii) of the Securities Exchange Act of 1934 (the “Exchange Act”) to pursue enforcement actions against public companies that fail to tailor their internal controls to evolving cyber […]

California Consumer Privacy Act of 2018 – Full Text

This post does not reflect amendments to the California Consumer Privacy Act (CCPA) enacted on October 11, 2019. Check back for updates or follow this blog. For your ease of reference, we reproduce here a formatted, hyperlinked copy of the California Consumer Privacy Act of 2018 (CCPA), current as of […]

What the American Bar Association’s Formal Opinion 483 Means for Lawyers

Last week, the American Bar Association’s (“ABA”) Standing Committee on Ethics and Professional Responsibility (the “Committee”) issued Formal Opinion 483 (the “Opinion”) that sets forth the ABA’s opinion concerning the need for lawyers to notify clients of data breaches affecting client confidential data. The opinion outlines certain “reasonable” steps the ABA […]

Data Law in a Global Digital Economy

On November 9, the NYU Law Review, the Guarini Institute for Global Legal Studies and the Institute for International Law and Justice at NYU School of Law will host Data Law in a Global Digital Economy. The symposium will examine how law does, should, or can affect data ownership, concentration, […]

GDPR DPO University – October 18

On Thursday, October 18, Cooley’s cyber/data/ privacy practice will be holding GDPR DPO University in our New York office. The EU General Data Protection Regulation has required many organizations to appoint Data Protection Officers. With demand for DPOs far outstripping the supply, many newly-minted DPOs need to quickly develop data […]

California’s IoT Security Law – Will this Law Really Improve Security?

California’s legislature recently passed SB-327, which is designed to require Internet of Things (IoT) and other “connected device” manufacturers to implement security features into internet connected devices. California Governor Jerry Brown signed the bill into law on September 28, 2018. While the attempt to improve security of these devices is […]

CCPA FAQs Part 2b: CCPA Rights and Other Material Provisions

This post does not reflect amendments to the California Consumer Privacy Act (CCPA) enacted on October 11, 2019. Check back for updates or follow this blog. In our third FAQs installment on the California Consumer Privacy Act of 2018 (the “CCPA” or the “Act”), we focus on the following: the […]

Brazil’s New Data Protection Law: The LGPD

Updated September 3, 2019 Our post on key updates to the LGPD can be found here The global data protection landscape continues to evolve, and Brazil is the latest country to enact an omnibus law governing how organizations collect, use, disclose and otherwise process personal data. Beginning on August 16, […]

The Evolution of Mirai Botnet Source Code Presents Increased Risk of Large-Scale DDoS Attacks

Over the past few years, several major distributed denial-of-service (“DDoS”) attacks took place, including a major event affecting the domain name service provider Dyn, which caused outages and slowness for a number of popular sites, including Amazon, Netflix, Reddit, SoundCloud, Spotify, and Twitter. However, since several of these large, highly-publicized attacks occurred in 2016, […]

GDPR and AML – a perfect pair?

The General Data Protection Regulation (GDPR) has been one of the most highly anticipated and talked about changes to the legal sphere in years, affecting the vast majority of businesses and individuals alike. The primary focus to date has been on the implementation deadline of 25 May 2018 and the […]