State and U.S. Territory Regulation

Davis Polk attorneys authored a chapter on U.S. Cybersecurity Laws for the GDR Insight Handbook 2020.  The chapter, which can be read here, was written by Avi Gesser, Matthew J. Bacal, Daniel F. Forester, Matthew A. Kelly, Clara Y. Kim, and Gianna C. Walton, and was published by
Continue Reading

On Wednesday, December 4, please join Avi Gesser, Matt Kelly and Michelle Adler from Davis Polk, and Nick Pelletier from Mandiant, for our monthly conference call on cybersecurity and privacy issues. This month we will discuss “Cybersecurity and Civil Liability Under CCPA: What you can do today to protect
Continue Reading

Davis Polk partner Pritesh Shah and associate Daniel Forester are among the authors of a new Practice Note for Thomson Reuters’ Practical Law discussing blockchain technology and recent trends in data privacy law and the tensions between them.  The article explains blockchain technology’s characteristics and describes issues and potential strategies
Continue Reading

Over the last few years, the creation of new cybersecurity regulations has been robust, but actual enforcement has been tepid. This is understandable in any new regulatory regime, especially one where the standards are vague, the conduct is evolving, and therefore, there is considerable uncertainty on the part of the
Continue Reading

We have issued a client alert on three key takeaways on the Office of the Attorney General of California’s recent notice of proposed rulemaking activity and related proposed regulations to provide guidance on the California Consumer Privacy Act.
Continue Reading

We have previously written about legal risks companies will face from the California Consumer Privacy Act (CCPA) when it goes into effect on January 1, 2020.  In short, companies can be subject to consumer class actions alleging statutory damages for mishandled data—and a key defense to those suits will be
Continue Reading

By now, most major U.S. companies are generally aware of the new privacy requirements that will be imposed by the California Consumer Privacy Act (“CCPA”) when it goes into effect on January 1, 2020, including data access and deletion rights for consumers as well as restrictions on selling personal information. 
Continue Reading

A recent bill to amend California’s landmark data privacy law seeks to expand potential liability for violations—bringing little comfort to those already concerned about the risks and challenges associated with achieving compliance in advance of the law’s upcoming effective date.

The proposal—Senate Bill 561, introduced on February 25, 2019, by
Continue Reading

In the last few years, we have seen a dramatic increase in the purchase and sale of alternative data—a shorthand for big data sets, such as satellite images of parking lots, drug approvals, credit card purchases, cellphone data on retail foot traffic, and construction permits. According to alternativedata.org, the alternative
Continue Reading