Mr. Kniaz is an associate in Davis Polk’s Litigation Department, practicing in the Washington DC office. [Full Bio]

We have recently written on whether protecting personal data should be regulated using a property model instead of a privacy model (and concluded, probably not).  Another framework for regulating personal data that is getting increased attention is a national security model, which looks at securing personal data as a means
Continue Reading Considering A National Security Framework for Protecting Personal Data

A recent bill to amend California’s landmark data privacy law seeks to expand potential liability for violations—bringing little comfort to those already concerned about the risks and challenges associated with achieving compliance in advance of the law’s upcoming effective date.

The proposal—Senate Bill 561, introduced on February 25, 2019, by
Continue Reading New Amendment Would Significantly Expand Liability Under California Consumer Privacy Act

Momentum is building for federal data privacy legislation, in large part due to the passage of the California Consumer Privacy Act (CCPA) (which goes into effect in 2020) and other states enacting or considering their own consumer privacy laws.  These developments have businesses concerned that they will face a patchwork
Continue Reading Federal Privacy Legislation Is Coming. Maybe. Here’s What It Might Include

On June 6, 2018, the Eleventh Circuit vacated a cease and desist order issued by the FTC against LabMD as unenforceably vague.  The FTC’s Order, which resulted from a finding that LabMD had failed to maintain an adequate cybersecurity program, directed LabMD to “establish and implement, and thereafter maintain,
Continue Reading Standards vs. Rules for Cyber Regulation – The Eleventh Circuit Weighs in Against the FTC and in Tacit Support for the NYDFS Approach

One of the many difficult questions that companies face in the immediate aftermath of discovering a cyber breach is whether to inform their regulators or law enforcement.  Assuming there is no mandatory disclosure obligation, some companies are reluctant to call the government because (1) they may not know all the
Continue Reading Had a Cyber Breach? The FBI Really Wants To Hear From You!