Not only are public and private companies increasingly targeted for cyber-attacks, but local and state governments across the country are as well. In our latest Privacy and Security Roundup, we cover the Senate-passed bill that includes nearly $2 billion in national cybersecurity funding, recent sanctions by the SEC on investment advisors and broker-dealers, a new initiative that aims to improve defense planning and information sharing between the public and private sectors, and more. Continue Reading
Privacy and Security Roundup: New consumer privacy laws, big developments in ransomware attacks and the FBI’s Operation Trojan Shield
More states, including Ohio, are working on comprehensive consumer privacy laws that could impact how companies share data. In our August 2021 Privacy and Security Roundup, we cover the nuances in the various legislation, more ransomware and supply chain attacks and news of a messaging app used as a Trojan horse by the FBI.
New standard contractual clauses adopted by the European Commission
On June 4, 2021, the European Commission (EC) adopted a modernized set of standard contractual clauses for international data transfers (New SCCs) aimed at better protection of the data businesses transfer out of the European Union (EU). These New SCCs, which will take effect on June 27, 2021, will replace the standard contractual clauses that were adopted under the former EU Data Protection Directive in 2001, 2004 and 2010 (Previous SCCs).
Privacy and Security Roundup: Ransomware attack causes gasoline shortages, a new executive order to enhance cyber security and raising the stakes for trans-Atlantic data transfers
The past few weeks have provided some big developments in the area of data privacy and security. In this Privacy and Security Roundup, we cover a ransomware attack on the largest oil pipeline in the U.S., an Executive Order from President Joe Biden to enhance U.S. cybersecurity and potential mandatory reporting/sharing requirements, the U.S. Supreme Court weighing in on the Federal Trade Commission’s ability to seek monetary relief, and more.
Privacy and Security Roundup: The FBI removes malicious web shells from Microsoft Exchange Servers, clarity on auto-dialers and new privacy legislation
The technology industry is constantly evolving and trusted legal advice is more important than ever. The attorneys in our Privacy and Data Security practice group are proud to offer a new blog series to provide curated data privacy and security news, developments and things to know moving forward. We will provide analysis designed to keep you and your organization up to speed.
Our first roundup includes news on the FBI removing malicious web shells from Microsoft’s servers, clarity on auto-dialers and new privacy legislation from author Kevin Scott. We hope you enjoy this new series! Continue Reading
Google v. Oracle: Use of copyrightable computer code is a fair use
In a highly awaited software copyright decision, the U.S. Supreme Court recently held that Google LLC’s copying of Oracle’s Java application programming interface (API) is a fair use as a matter of law. Java is a programming language and computing platform originally developed by Sun Microsystems, Inc., which was acquired by Oracle America, Inc. in 2009. Java is popular and widely used in many applications such as laptops, game consoles, supercomputers, mobile phones and websites because it provides clear and consistent code.
A different approach—Virginia’s Consumer Data Protection Act
With Virginia Gov. Ralph Northam’s signature on March 2, 2021, Virginia, a bit surprisingly, became the second state to set comprehensive rules for how companies handle and share personal information. Virginia’s Consumer Data Protection Act (CDPA) will go into effect on Jan. 1, 2023, incidentally the same day as the California Privacy Rights Act (CPRA), a ballot measure that will strengthen the landmark California Consumer Privacy Act (CCPA). While Virginia’s CDPA and California’s CCPA share several features, each law takes a somewhat different approach.
More states tackling biometric privacy: New York’s version of BIPA reintroduced
To start the year, New York lawmakers reintroduced the Biometric Privacy Act – Assembly Bill 27. The bill closely mirrors Illinois’ Biometric Information Privacy Act (BIPA), which has spawned compliance changes and hundreds of class action lawsuits, with some resulting in multimillion dollar settlements.
Avoiding smart contract conflicts despite ambiguity
A version of this article was originally published by Law360 on Oct. 21, 2020.
Depending on whom you ask, the promise of smart contracts ranges from the mundane to the fantastic—from helping to “facilitate, verify, execute and enforce the terms of a commercial agreement”[i] to ushering in the end of contract law by providing a technological alternative to the legal system.[ii] Smart contracts have already been used in connection with real estate transactions,[iii] bank bonds,[iv] interbank transfers,[v] invoice financing,[vi] and homeowners, renters, pet, and flight-delay insurance.[vii] B3i Services AG, an insurance startup owned by 20 of the world’s largest insurers and reinsurers,[viii] released an application that uses smart contracts to allow participants to “negotiate terms, agree on rates and complete contract placements.”[ix] By February 2020, nine insurers, four major brokerage firms, and eight reinsurers had concluded 30 reinsurance contracts through the application, including, according to B3i, “some of the world’s most complex Catastrophe Excess of Loss (XoL) reinsurance treaties.”[x]
Two new opinions address personal jurisdiction and standing under BIPA
Two recent district court opinions addressed issues of personal jurisdiction and standing under the Illinois Biometric Information Privacy Act (BIPA). BIPA imposes a number of requirements on those who obtain a person’s biometric data, including those set forth in Section 15(a), requiring those in possession of biometric data to develop a publicly available written policy regarding the retention and destruction of biometric data in their possession, in Section 15(b), requiring that each person be provided with required disclosures and obtaining that person’s written release prior to acquiring that data, and in Section 15(c), which prohibits those in possession of biometric data from selling or profiting from that data, or disclosing that data to third parties.
