Search Results for:

6 Predictions, 6 Attorneys - Goodwin's 2023 Data, Privacy & Cybersecurity Outlook

In honor of Data Privacy Week, and as we kick off 2023, many of us are wondering what this year’s hot topics and trends will be in the privacy and cybersecurity sector. How will the new Privacy Shield in the EU and UK affect data regulation? How will state privacy…

Read More

EU Commission Publishes Draft Adequacy Decision on Privacy Shield 2.0

On December 13, 2022, the European Commission published a draft adequacy decision on the EU-US Data Privacy Framework (the “Framework”), the successor to the EU-US Privacy Shield Framework that was famously struck down by Europe’s top court two years ago. While the purpose of the draft adequacy decision, once adopted,…

Read More

EU Standard Contractual Clauses Need Replacing by December 27, 2022

Introduction On June 4, 2021, the European Commission (the “EC”) abolished the old Standard Contractual Clauses (the “Old SCCs”) and published a new more flexible set of clauses (the “New SCCs”) for companies that wish to export personal data from the EU to elsewhere to rely on (for more information,…

Read More

President Biden Signs “Privacy Shield” Executive Order to Address European Concerns Over Surveillance Practices in the United States

UPDATE: On October 7, 2022, President Biden signed an Executive Order on “Enhancing Safeguards for United States Signals Intelligence Activities,” establishing new privacy safeguards and oversight mechanisms for foreign intelligence that will form the basis of a new EU-U.S. Data Privacy Framework (“DPF”). The DPF, which President Biden and European…

Read More

New Federal Law Mandates Cyber Incident and Ransomware Payment Reporting for Critical Infrastructure Industries

After years of lengthy debates, Congress passed and the President signed into law a bipartisan bill requiring entities in sectors deemed to constitute “critical infrastructure” to report certain cyber incidents and ransomware payments. Currently, companies may and often do voluntarily report cyber incidents to the FBI or other federal agencies,…

Read More

Ninth Circuit: Web Scraping Does Not Violate CFAA

In a decision that is certain to reverberate through the big data community, the U.S. Court of Appeals for the Ninth Circuit ruled that the primary legal tool that companies tried to use to limit scraping of their websites – the criminal statute Computer Fraud and Abuse Act (“CFAA”) –…

Read More

U.S. and EU Reach Political Agreement On a New Trans-Atlantic Data Privacy Framework: The Implications for Businesses

On March 25, 2022, President Biden and the President of the European Commission (“EC”) von der Leyen announced that the US and EU reached an agreement in principle on a new Trans-Atlantic Data Privacy framework for transatlantic data flows (the New Framework). The parties now need to translate the consensus…

Read More

SEC Proposes Expanded and Accelerated Cybersecurity Disclosure by Public Companies

As a significant step in its ongoing initiatives on the disclosure, management and oversight of cybersecurity risks and incidents, on March 9, 2022 the U.S. Securities and Exchange Commission (SEC) proposed new rules that would significantly increase cyber-related disclosures by public operating companies. The proposed rules would: Require disclosure in Form 10-Q…

Read More

SEC Focus on Cybersecurity Begins To Take Shape

The U.S. Securities and Exchange Commission is implementing a campaign to overhaul the agency’s expectations around cybersecurity and cyber incident reporting for the financial services industry and corporate America generally. For example, in a recent speech, Chairman Gensler reiterated his focus on cybersecurity and underscored the SEC’s work to “improve…

Read More

SEC Cybersecurity Rules Target Investment Advisers and Investment Companies

On February 9, 2022, the U.S. Securities and Exchange Commission (“SEC”) proposed a package of new rules and amendments to enhance cybersecurity preparedness and improve cyber resilience of investment advisers and investment companies against cybersecurity threats and attacks. If adopted, these rules will incorporate existing SEC staff guidance on cybersecurity policies and…

Read More