Categories

Archives

NY DFS Proposes New Class of Entities and More Detailed Regulations in Second Amendment to Cybersecurity Regulations

On November 9, 2022, the New York Department of Financial Services (DFS) published its proposed second amendment to its cybersecurity regulations (23 NY CRR Part 500). This proposal follows a July 29 pre-proposal and comment period. The amendment is available for a sixty-day comment period – until January 9, 2023 – after which the agency may adopt final regulations or issue a further revised version.

(more…)

, , , ,

Drizly FTC Order Introduces Significant Minimization, Deletion and Retention Requirements

On October 24, 2022, the Federal Trade Commission (“FTC”) issued an order (the “Order”) against the online alcohol marketplace, Drizly, and its CEO, James Cory Rellas, alleging security failures that resulted in a data breach exposing the personal information of approximately 2.5 million consumers. In reaching this conclusion, the FTC alleges that Drizly failed to implement reasonable safeguards to protect the personal information it collected and stored, such as, two-factor authentication for GitHub, access controls for personal data, sufficient written security policies, and appropriate employee training regarding security.

(more…)

, , , ,

New California Law Adds to Complexity of Content Moderation

States and Congress have been enacting or debating different approaches to online “content moderation” by social media and other internet platforms. California’s “Content Moderation Requirements for Internet Terms of Service” bill (“AB 587”) goes into effect on Jan 1, 2024. In short, AB 587 requires social media companies to disclose their processes to take down or manage content and users on their platforms. AB 587 takes a somewhat different approach to social media content regulation than previously enacted laws in Texas and Florida.  The Texas and Florida laws also address the content management practices of social media companies, but go beyond requiring disclosures and also prohibit specific conduct in order to restrict putative viewpoint discrimination. The Eleventh Circuit partially repudiated the Florida law because the associated content moderation requirements violate social media companies’ First Amendment rights to exercise editorial judgment on their platforms. The Fifth Circuit, on the other hand, upheld a similar Texas law because the court believed that content moderation based on viewpoint would constitute censorship and that a platform’s content moderation activity is not speech protected by the First Amendment.

(more…)

, , , , ,

The Ninth Edition of The Privacy, Data Protection and Cybersecurity Law Review is Now Available

The ninth edition of The Privacy, Data Protection and Cybersecurity Law Review provides a global overview of the legal and regulatory regimes governing data privacy and security, and covers areas such as data processors’ obligations, data subject rights, data transfers and localization, best practices for minimizing cyber risk, public and private enforcement, and an outlook for future developments. Several lawyers from Sidley’s global Privacy and Cybersecurity practice have contributed to this publication. See the chapters below for a closer look at this developing area of law.

(more…)

, , ,

European Commission Publishes Draft Cyber Resilience Act

On 15 September 2022, the European Commission (“Commission” or “EC”) published a draft proposal for a Cyber Resilience Act (“CRA” ). The CRA comes in response to the increasingly common occurrence of cyberattacks, with some predicting that the global cost of cyberattacks for companies will reach $10.5 trillion annually by 2025, up from $3 trillion in 2015. The CRA promises to transform the European cybersecurity landscape by harmonizing and bolstering cybersecurity rules across all technologies with “digital elements.” The Commission is currently inviting public feedback on the CRA through 18 November 2022. The CRA will then pass through the European Parliament for debate and for amendments to be proposed.

(more…)

, , , ,

CFPB Begins Rulemaking on Data Access and Portability

The Consumer Financial Protection Bureau (CFPB) on October 27, 2022 took the long-anticipated first step to issue a regulation implementing Section 1033 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. This followed a preview by CFPB Director Rohit Chopra at the Money 20/20 conference on October 25 in which he outlined the “CFPB’s new approach to regulation,” which is designed to create “catalysts for more competition.” With respect to Section 1033, Director Chopra said that the CFPB is “exploring safeguards to prevent excessive control or monopolization by one, or even a handful of, firms” and will be working toward avoiding regulations that could be “rigged in favor of some players over others.” Director Chopra’s focus on competition as an essential element of consumer protection has been a hallmark of his directorship.

, , , , , , ,

HHS Office for Civil Rights Releases Webinar on Recognized Security Practices: Provides Guidance on Mitigating Potential Violations of HIPAA

Pursuant to legislation passed in 2021, covered entities and business associates subject to HIPAA and facing potential regulatory enforcement may receive some credit lessening to reduce enforcement penalties if they had implemented Recognized Security Practices (RSPs) within the prior 12 months.  However, what may constitute RSPs and how a covered entity or business associate can demonstrate implementation of RSPs to receive such credit had not been clear.  Now, the Department of Health and Human Services is seeking to provide clarity. (more…)

, , , , ,

Developments to Improve the Cybersecurity of Federal Government Agencies, Critical Infrastructure

Recently, several developments have been proposed or announced to help identify and mitigate cyber risk for United States critical infrastructure operators and software in an effort to further bolster the cybersecurity posture of the federal government. (more…)

, , ,

Upcoming Events

Resources

 

Meet the Team

<a target=‘_blank’ href="https://www.sidley.com/en/people/a/akowuah-kwaku-a">Kwaku A. Akowuah</a>

Kwaku A. Akowuah

Washington, D.C.
<a target=‘_blank’ href="https://www.sidley.com/en/people/a/armbrust-sheila-a-g">Sheila A.G. Armbrust</a>

Sheila A.G. Armbrust

San Francisco
<a target=‘_blank’ href="https://www.sidley.com/en/people/b/brown-colleen-theresa">Colleen Theresa Brown</a>

Colleen Theresa Brown

Washington, D.C.
<a target=‘_blank’ href="https://www.sidley.com/en/people/c/casanova-john-m">John M. Casanova</a>

John M. Casanova

London
<a target=‘_blank’ href="https://www.sidley.com/en/people/c/cunningham-thomas-d">Thomas D. Cunningham</a>

Thomas D. Cunningham

Chicago
<a target=‘_blank’ href="https://www.sidley.com/en/people/i/ishiara-tomoki">Tomoki Ishiara</a>

Tomoki Ishiara

Tokyo
<a target=‘_blank’ href="https://www.sidley.com/en/people/l/lally-amy-p">Amy P. Lally</a>

Amy P. Lally

Century City
<a target=‘_blank’ href="https://www.sidley.com/en/people/l/lashway-david-c">David C. Lashway</a>

David C. Lashway

Washington, D.C.
<a target=‘_blank’ href="https://www.sidley.com/en/people/l/lieu-linh">Linh Lieu</a>

Linh Lieu

Hong Kong
<a target=‘_blank’ href="https://www.sidley.com/en/people/l/long-william-rm">William RM Long</a>

William RM Long

London
<a target=‘_blank’ href="https://www.sidley.com/en/people/l/loughnane-joan-m">Joan M. Loughnane</a>

Joan M. Loughnane

New York
<a target=‘_blank’ href="https://www.sidley.com/en/people/m/malhotra-geeta">Geeta Malhotra</a>

Geeta Malhotra

Chicago
<a target=‘_blank’ href="https://www.sidley.com/en/people/r/raul-alan-charles">Alan Charles Raul</a>

Alan Charles Raul

Washington, D.C., New York
<a target=‘_blank’ href="https://www.sidley.com/en/people/r/royall-m-sean">Sean Royall</a>

Sean Royall

Dallas, Washington, D.C.
<a target=‘_blank’ href="https://www.sidley.com/en/people/s/seale-jennifer-b">Jennifer B. Seale</a>

Jennifer B. Seale

Washington, D.C.
<a target=‘_blank’ href="https://www.sidley.com/en/people/t/tham-yuet-ming">Yuet Ming Tham</a>

Yuet Ming Tham

Singapore, Hong Kong
<a target=‘_blank’ href="https://www.sidley.com/en/people/v/van-de-weert-jr-john-k">John K. Van De Weert</a>

John K. Van De Weert

Washington, D.C.

<a target=‘_blank’ href="https://www.sidley.com/en/people/w/wilan-jonathan-m">Jonathan M. Wilan</a>

Jonathan M. Wilan

Washington, D.C.
<a target=‘_blank’ href="https://www.sidley.com/en/people/w/woods-jr-john-w">John W. Woods Jr.</a>

John W. Woods Jr.

Washington, D.C.

SUBSCRIBE

To receive email alerts when we post a blog entry, please provide your name and email address.