FERC Enhances Reporting Requirements for Cyber Attacks on Power Grid

On June 20, 2019, the Federal Energy Regulatory Commission (“FERC”) approved a North American Electric Reliability Corp. (“NERC”) petition to adopt Reliability Standard CIP-008-6 to strengthen the reporting requirements for attempts to compromise the operation of the United States’ bulk electric system.  The prior Critical Infrastructure Protection (“CIP”) Reliability Standards only required reporting where an incident compromised or disrupted one or more reliability tasks.  The new standard applies to all registered entities subject to the CIP Reliability Standards.

Read More

EmailShare

Another UK ICO GDPR Privacy Fine of £99m ($123m) Proposed Just One Day After the Largest Ever

Just a day after the ICO provided notice of its intention to fine British Airways £183m ($228m) over a separate breach (please see our blog post here), on Tuesday, July 9, 2019, the ICO released another statement of its intention to fine Marriott International, Inc. (“Marriott”) over £99m ($123m) in relation to a security incident affecting the Starwood reservation database which Marriott had acquired in 2016 and discovered in November 2018. The statement came in response to Marriott’s filing with the US Securities and Exchange Commission that the ICO intended to fine it for breaches of the GDPR.

Read More

EmailShare

A Closer Look at California Privacy Law Bar on Two Contract Clauses

*This article first appeared in Law360 on July 8, 2019

In September of 2018, California passed a significant new consumer privacy law, the California Consumer Privacy Act, which is the first U.S. law to regulate how businesses with a presence in California collect, share, and use consumer data. The CCPA not only imposes significant compliance obligations on companies conducting business with California residents but also incentivizes class action litigation through both the CCPA’s private right of action and California’s Unfair Competition law.

READ MORE

EmailShare

Crunch Time in California – CCPA Amendments Hotly Debated and (Some) Defeated – Employee Data Is Back, Reasonable Definition of Personal Information Is Gone (For Now), and More!

With less than three months to go before amendments to California’s far reaching data privacy law need to be signed into law, the CCPA landscape may be changing yet again, as several amendments debated in the state Senate Judiciary Committee on July 9th underwent significant modifications.  Eight proposed CCPA amendments were on the committee’s agenda, and several were hotly debated in an hours-long session that extended late into the night.  In the end, two of the bills had substantive modifications, another was stalled, one was defeated, and the rest made it out of the committee, with limited changes. Here we summarize the highlights.

Read More

EmailShare

Digital Asset Securities: Joint SEC and FINRA Statement Aimed at Broker-Dealer Custody

On July 8, 2019, the long-awaited statement (Statement) on custody of digital asset securities was released jointly by the staffs (Staffs) of the U.S. Securities and Exchange Commission (SEC) Division of Trading and Markets and the Financial Industry Regulatory Authority (FINRA).1  The Statement is based on industry discussions with the Staffs and highlights the following:

  1. Certain noncustodial broker-dealer models may have a path forward for FINRA approval.
  2. The Staffs have concerns relating to broker-dealer custody of digital asset securities that remain unanswered, but certain good control locations (i.e., banks, issuers and transfer agents) may provide a viable custody solution under the Customer Protection Rule.2
  3. Market participants should consider other broker-dealer requirements, including books and records and financial reporting rules.

Read More

EmailShare

UK ICO Publishes New Guidance on the Use of Cookies and Similar Technologies

On 3 July 2019, the UK’s Information Commissioner’s Office (“ICO”) published new guidance on cookies and similar technologies (“Guidance”) in conjunction with a new blog post: “Cookies – what does ‘good’ look like?” which aims to provide “myth-busting” advice on common cookies uncertainties. You can find a full copy of the new guidance here and a link to the ICO’s blog post here. With its new Guidance, the ICO has formally recognised the stricter standards of consent and transparency now in force under the GDPR.

Read More

EmailShare

Chinese Government’s Latest Effort in Tightening Cross-Border Transfer of Personal Information

The Chinese government is proposing heightened requirements on cross-border transfers of personal information from China, recently publishing draft Measures on Security Assessment of Cross-border Transfer of Personal Information (the “Draft Measures”).  This comes less than a month after the Chinese government issued another draft Measures for Data Security Management which require network operators to conduct a security assessment for any transfer of important data (i.e. any data that may directly affect China’s national security, economic security, social stability, or public health and security if leaked) to overseas.  The Draft Measures now focus on the cross-border transfer of personal information by network operators and are viewed as a continuous effect of the Chinese government to strengthen the data protection in China.

Read More

EmailShare
1 2 3 70
EmailShare
XSLT Plugin by BMI Calculator