Privacy

Expansive New California Privacy Measure Cleared for November Ballot

By Robert A. Cohen, Frank Azzopardi, Pritesh Shah, Matthew J. Bacal, Daniel F. Forester, Matthew Kelly, Will Schildknecht & Jennifer Leather on June 29, 2020

Posted in Breach Notification, Compliance, Cybersecurity, Enforcement, GDPR, Information Security, Privacy, Proposed Regulations, Regulation, Risk Assessment, State and U.S. Territory Regulation, Third-Party Vendors

While businesses operating in California are still adjusting to the requirements of the California Consumer Privacy Act (CCPA) and are watching for enforcement actions brought by the California Attorney General, as its enforcement powers begin on July 1, an expansive new privacy initiative was certified today by the California Secretary…
Continue Reading Expansive New California Privacy Measure Cleared for November Ballot

PLI Cybersecurity Enforcement Panel: Lessons Learned from Regulators and Law Enforcement

By Matthew Kelly & Will Schildknecht on June 17, 2020

Posted in Compliance, Cybersecurity, Enforcement, Federal Regulation - U.S., Information Security, NY Department of Financial Services, Privacy, Regulation, State and U.S. Territory Regulation

On Friday, May 29, 2020, Davis Polk’s own Rob Cohen led a panel on cybersecurity law and enforcement issues for the Practising Law Institute’s (“PLI”) tenth annual program on enforcement. The panel included individuals from the FBI, U.S. Attorney’s Office for the Southern District of New York, New York…
Continue Reading PLI Cybersecurity Enforcement Panel: Lessons Learned from Regulators and Law Enforcement

Navigating Cross-Border Data Transfers: Lessons from the Sedona Conference Commentary

By Matthew Kelly & Will Schildknecht on June 3, 2020

Posted in Compliance, Data Management, Enforcement, Federal Regulation - U.S., GDPR, Information Security, Personally Identifiable Information, Privacy, Regulation, State and U.S. Territory Regulation

New commentary from a respected think tank attempts to provide guidance on cross-border data transfers. The guidance proposes principles for determining which country’s law to apply to a cross-border transfer. Although there is no guarantee that the guidance will gain favor with courts or regulators, it is an important indicator…
Continue Reading Navigating Cross-Border Data Transfers: Lessons from the Sedona Conference Commentary

2020 Incident Response Forum: Lessons Learned from Regulators and Law Enforcement

By Will Schildknecht & Mengyi Xu on April 27, 2020

Posted in Compliance, Cybersecurity, Enforcement, Federal Regulation - U.S., Information Security, NY Department of Financial Services, Privacy, Regulation, State and U.S. Territory Regulation

On Tuesday April 14, 2020, the fifth annual Incident Response Forum (the “Forum”) convened an extensive roster of presenters from private practice and the government, including from the DHS, DOJ, FTC, SEC, NYDFS, FBI, and the Secret Service, to discuss best practices for incident response.

The government panelists shared insights…
Continue Reading 2020 Incident Response Forum: Lessons Learned from Regulators and Law Enforcement

Data Privacy and Security Requirements During Coronavirus? Little Relief in Sight

By Will Schildknecht & Marisa Elena Bannon on April 16, 2020

Posted in Civil Litigation, Compliance, Cybersecurity, Device Security, Enforcement, Federal Regulation - U.S., GDPR, Health Information, Information Security, NY Department of Financial Services, Privacy, Regulation, SEC, State and U.S. Territory Regulation

As we have discussed here previously, the coronavirus outbreak has driven many companies further into the digital workplace, putting new strains on information technology systems and related privacy and security compliance controls. Despite these burdens on companies, few regulators have offered relief from their privacy and security requirements. As detailed…
Continue Reading Data Privacy and Security Requirements During Coronavirus? Little Relief in Sight

Highlights & Takeaways: California Attorney General Issues Modifications to Proposed CCPA Regulations

By Robert A. Cohen on March 4, 2020

Posted in Cyberaware, Privacy, State and U.S. Territory Regulation

We have issued a client alert on four key takeaways on the Office of the Attorney General of California’s recent modified regulations to provide guidance on the California Consumer Privacy Act.
Continue Reading Highlights & Takeaways: California Attorney General Issues Modifications to Proposed CCPA Regulations

Considering A National Security Framework for Protecting Personal Data

By Avi Gesser & Joseph Kniaz on October 31, 2019

Posted in Cyberaware, Federal Regulation - U.S., Privacy

We have recently written on whether protecting personal data should be regulated using a property model instead of a privacy model (and concluded, probably not). Another framework for regulating personal data that is getting increased attention is a national security model, which looks at securing personal data as a means…
Continue Reading Considering A National Security Framework for Protecting Personal Data

Highlights & Takeaways: California Attorney General Releases Proposed CCPA Regulations – Davis Polk Client Alert

By Avi Gesser on October 17, 2019

Posted in Cyberaware, Privacy, Proposed Regulations, State and U.S. Territory Regulation

We have issued a client alert on three key takeaways on the Office of the Attorney General of California’s recent notice of proposed rulemaking activity and related proposed regulations to provide guidance on the California Consumer Privacy Act.
Continue Reading Highlights & Takeaways: California Attorney General Releases Proposed CCPA Regulations – Davis Polk Client Alert

Cyber Blog