Categories
Archives
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
Data Matters
Cybersecurity, Privacy, Data Protection, Artificial Intelligence, Internet Law, and Policy
UK Information Commissioner’s Office Publishes Toolkit for Data Sharing with Law Enforcement
The Information Commissioner’s Office (“ICO”) has introduced a toolkit on data sharing with law enforcement (“Toolkit”) which supplements the ICO’s existing guidance on sharing personal data with law enforcement authorities. The Toolkit is intended to function as a tool for smaller organisations to make an informed decision about whether to share personal data with law enforcement. Larger organisations with expertise in data protection are encouraged to refer to the ICO’s data sharing code of practice but in any event, the Toolkit is intended to help provide clarity for all organisations in making decisions relating to this type of sharing.
(more…)
William RM Long
London
wlong@sidley.com
Eleanor Dodding
London
edodding@sidley.com
Mhairi Caminiti
Trainee Solicitor
mhairi.cameroncaminiti@sidley.com
New Export Controls on Advanced Computing and Semiconductor Manufacturing: Five Key Takeaways
On October 25, 2023, the U.S. Department of Commerce Bureau of Industry and Security (BIS) published updated export controls on advanced computing items and semiconductor manufacturing equipment under the Export Administration Regulations (EAR). Specifically, BIS published two interim final rules that revise and expand on the restrictions implemented in the initial interim final rule issued on October 7, 2022 (October 7, 2022 rule).1
(more…)
Jen Fernandez
Washington, D.C.
jen.fernandez@sidley.com
Andrew W. Shoyer
Washington, D.C.
ashoyer@sidley.com
Kayla M. Scott
Heather Hedges
ICO Publishes Guidance on Handling Worker Health Data
On 31 August 2023, the UK Information Commissioner’s Office (ICO) published guidance on the handling of worker health data for employers (ICO Guidance). The ICO Guidance aims to provide tips and good practice advice about how to comply with applicable data protection legislation such as the UK GDPR when collecting and processing worker health data. Helpfully, the ICO Guidance also contains various checklists to help employers assess data protection considerations when processing worker health data.
(more…)
William RM Long
London
wlong@sidley.com
Denise Kara
Mhairi Caminiti
Trainee Solicitor
mhairi.cameroncaminiti@sidley.com
U.S. SEC Division of Exams Announces 2024 Examination Priorities
On October 16, 2023, the U.S. Securities and Exchange Commission (SEC) Division of Examinations (EXAMS or Division) issued its annual examination priorities, which, for the first time, was published at the start of the SEC’s fiscal year to “better inform investors and registrants of key risks, trends, and examination topics” the Division intends to focus on in the coming year.1
(more…)
W. Hardy Callcott
San Francisco
wcallcott@sidley.com
Kevin J. Campion
Washington, D.C.
kcampion@sidley.com
Stephen L. Cohen
Washington, D.C., Boston, ...
scohen@sidley.com
Ranah Esmaili
Washington, D.C.
resmaili@sidley.com
Elizabeth Shea Fries
Boston
efries@sidley.com
David M. Katz
New York
dkatz@sidley.com
Laurin Blumenthal Kleiman
John I. Sakhleh
Washington, D.C.
jsakhleh@sidley.com
Lara C. Thyagarajan
New York
lthyagarajan@sidley.com
Paul M. Tyrrell
Boston
ptyrrell@sidley.com
Michael D. Wolk
Chuck Daly
New York, Boston
cdaly@sidley.com
Victoria A. Anglin
vanglin@sidley.com
Latest Wave of SEC Off-Channel Communications Enforcement Actions: Five Takeaways
On September 29, 2023 — the last business day of its fiscal year — the U.S. Securities and Exchange Commission (SEC) issued the latest in a series of actions charging 10 firms with recordkeeping failures in connection with employees’ use of unapproved applications on personal devices to engage in communications relating to the firms’ business (known as “off-channel communications”).1 The firms charged included broker-dealers, investment advisers, and dually registered broker-dealers and investment advisers as well as one family of firms that self-reported conduct to the SEC. To date, the SEC has charged over 40 registrants and leveled over $1.6 billion in penalties as part of its off-channel communications matters. Other regulators, including the Commodity Futures Trading Commission (CFTC), have brought similar cases.
(more…)
Stephen L. Cohen
Washington, D.C., Boston, ...
scohen@sidley.com
Ranah Esmaili
Washington, D.C.
resmaili@sidley.com
Lara Mehraban
New York
lmehraban@sidley.com
David S. Petron
Washington, D.C.
dpetron@sidley.com
Barry W. Rashkover
John I. Sakhleh
Washington, D.C.
jsakhleh@sidley.com
Lara C. Thyagarajan
New York
lthyagarajan@sidley.com
Kenyon Colli Hall
Boston
kenyon.hall@sidley.com
The Finalization of the UK-U.S. Data Bridge
On September 21, 2023, the UK and the U.S. announced the UK extension to the EU-U.S. Data Privacy Framework (DPF), which will come into effect on October 12. A new UK adequacy regulation provides that the UK Secretary of State for Science, Innovation and Technology has determined that the U.S. provides adequate levels of protection for personal data in certain transfers and brings the UK within the DPF announced in July 2023. The U.S. Attorney General also designated the UK as a “qualifying state” under an Executive Order on September 18 for the purposes of the DPF. This means that on October 12, UK businesses will be able to transfer personal data to U.S. organizations self-certified under the DPF.
(more…)
William RM Long
London
wlong@sidley.com
Alan Charles Raul
Washington, D.C., New York
Lauren Kitces
Washington, D.C.
lkitces@sidley.com
SEC’s Cybersecurity Disclosure Rules Are Here. Is Your Company Ready to Comply?
Companies are facing more attacks on their information systems. And, as their cyber risk skyrockets, the SEC has stepped in with new regulations, telling businesses what to disclose about these incidents — and requiring detailed disclosures on cyber risk management more broadly. With the deadline for compliance fast approaching, businesses are scrambling to mitigate their legal risk and comply with regulations that some say may be an overreach.
(more…)
Sonia Gupta Barros
Washington, D.C.
sbarros@sidley.com
Colleen Theresa Brown
Washington, D.C.
ctbrown@sidley.com
Samir A. Gandhi
New York
sgandhi@sidley.com
New EU FIDA Proposal: How Does This Affect GDPR?
The European Commission issued the Financial Data Access Act (FIDA) proposal in June this year. FIDA will create a legislative framework that aims to “bring payments and the wider financial sector into the digital age” by facilitating the sharing of and access to customer financial data (whether of businesses or consumers).
(more…)
William RM Long
London
wlong@sidley.com
Francesca Blythe
London
fblythe@sidley.com
Lauren Cuyvers
Brussels
lcuyvers@sidley.com
Upcoming Events
2026 Global Leadership Reception: Cybersecurity, Privacy, and National Security
2026 Women in Privacy Global Privacy Leadership Lunch
AI and Patent Law: Navigating a Changing Landscape
Resources