Privacy

Subscribe to Privacy

Avi Gesser co-authored an article with Davis Polk associates Matthew Kelly, Will Schildknecht, and Anna Marienko that was published in the New York Law Journal on May 31, 2019, and that discusses the competing interests of cybersecurity and employee privacy that employers must balance when implementing reasonable cybersecurity measures.  The
Continue Reading

Until recently, biometric privacy was a niche area of the law that had little application to most companies.  But with the rapid growth in commercial biometric data collection, including voice samples, fingerprints, retina scans, and facial geometry, as well as some recent developments in the applicable case law, it’s probably
Continue Reading

Momentum is building for federal privacy legislation, with several different proposals circulating in Washington.  Ohio’s new cybersecurity law offers an interesting approach for incentivizing companies to protect their customers’ personal data.

We have written previously on two competing models for cybersecurity regulation—“standards” versus “rules.”  The standards-based approach, historically
Continue Reading

Momentum is building for federal data privacy legislation, in large part due to the passage of the California Consumer Privacy Act (CCPA) (which goes into effect in 2020) and other states enacting or considering their own consumer privacy laws.  These developments have businesses concerned that they will face a patchwork
Continue Reading

In the lead-up to the EU’s General Data Protection Regulation (“GDPR”) becoming effective on May 25, little attention was paid in the U.S. to the private right of action that the GDPR creates. But so far, private actors have filed approximately 24 cross-border GDPR complaints with EU regulators.

At least
Continue Reading

On April 30, 2018, BLU Products, Inc. (“BLU”) reached a settlement with the Federal Trade Commission (“FTC”) over allegations that BLU allowed ADUPS Technology Co. LTD (“ADUPS”) to collect detailed personal information about BLU’s consumers without their knowledge or consent, despite BLU’s assurances that
Continue Reading

In January 2018, at the Eleventh Annual International Conference on Computers, Privacy and Data Protection (the “Conference”) in Brussels, one panel that made some headlines centered around blockchain technology in the context of data protection. The core inquiry of the panel was two-fold: (1) whether blockchain technology can
Continue Reading

Companies and law enforcement are increasingly turning to white hat hackers for help.  The FBI apparently paid consultants over $1,000,000 to unlock an iPhone used by one of the shooters in the San Bernardino attacks, and companies such as Microsoft, Uber, Facebook, and Google are paying hackers tens of thousands
Continue Reading

With about a month to go until the first set of NYDFS’s cybersecurity rules go into effect (on August 28, 2017), we are proud to announce the formal launch of the Davis Polk Cyber Blog.  The blog will help you keep pace with industry best practices and be aware
Continue Reading

Three recent cybersecurity events highlight the need for companies to review their access controls to limit who has administrator privileges and how long those elevated privileges last.

First, this week, computer malware that has variously been called PetyaWrap, WannaCry2, GoldenEye and NotPetya began spreading in dozens of countries, encrypting computers
Continue Reading