Focused commentary on the latest in data strategy, cybersecurity preparedness, regulatory compliance and incident response
On Tuesday April 14, 2020, the fifth annual Incident Response Forum (the “Forum”) convened an extensive roster of presenters from private practice and the government, including from the DHS, DOJ, FTC, SEC, NYDFS, FBI, and the Secret Service, to discuss best practices for incident response.
The government panelists shared insights…
Continue Reading 2020 Incident Response Forum: Lessons Learned from Regulators and Law Enforcement
As we have discussed here previously, the coronavirus outbreak has driven many companies further into the digital workplace, putting new strains on information technology systems and related privacy and security compliance controls. Despite these burdens on companies, few regulators have offered relief from their privacy and security requirements. As detailed…
Continue Reading Data Privacy and Security Requirements During Coronavirus? Little Relief in Sight
We have issued a client alert on four key takeaways on the Office of the Attorney General of California’s recent modified regulations to provide guidance on the California Consumer Privacy Act.
Continue Reading Highlights & Takeaways: California Attorney General Issues Modifications to Proposed CCPA Regulations
Davis Polk partner Pritesh Shah and associate Daniel Forester are among the authors of a new Practice Note for Thomson Reuters’ Practical Law discussing blockchain technology and recent trends in data privacy law and the tensions between them. The article explains blockchain technology’s characteristics and describes issues and potential strategies…
Continue Reading Blockchain Technology: Data Privacy Issues and Potential Mitigation Strategies – Practical Law Practice Note
We have recently written on whether protecting personal data should be regulated using a property model instead of a privacy model (and concluded, probably not). Another framework for regulating personal data that is getting increased attention is a national security model, which looks at securing personal data as a means…
Continue Reading Considering A National Security Framework for Protecting Personal Data
We have issued a client alert on three key takeaways on the Office of the Attorney General of California’s recent notice of proposed rulemaking activity and related proposed regulations to provide guidance on the California Consumer Privacy Act.
Continue Reading Highlights & Takeaways: California Attorney General Releases Proposed CCPA Regulations – Davis Polk Client Alert
We have issued a memo on the European Court of Justice’s recent preliminary ruling on the GDPR and a data subject’s qualified right of erasure with respect to personal data, which concluded that EU rules require a search engine operator to carry out such a request only on versions of…
Continue Reading European Court of Justice Limits Territorial Reach of “Right to Be Forgotten” – Davis Polk Memo
Avi Gesser co-authored an article with Davis Polk associates Matthew Kelly, Will Schildknecht, and Anna Marienko that was published in the New York Law Journal on May 31, 2019, and that discusses the competing interests of cybersecurity and employee privacy that employers must balance when implementing reasonable cybersecurity measures. The…
Continue Reading New York Law Journal Publishes Avi Gesser’s Article on Balancing Between Cybersecurity and Employees’ Privacy
Until recently, biometric privacy was a niche area of the law that had little application to most companies. But with the rapid growth in commercial biometric data collection, including voice samples, fingerprints, retina scans, and facial geometry, as well as some recent developments in the applicable case law, it’s probably…
Continue Reading Microchipping Employees and Biometric Privacy Laws – It’s Time To Start Paying Attention
Momentum is building for federal privacy legislation, with several different proposals circulating in Washington. Ohio’s new cybersecurity law offers an interesting approach for incentivizing companies to protect their customers’ personal data.
We have written previously on two competing models for cybersecurity regulation—“standards” versus “rules.” The standards-based approach, historically…
Continue Reading A New Safe-Harbor Approach to Cybersecurity Regulation