ICO Delays British Airways and Marriott GDPR Fines

Further to the publication of the ICO’s notices of intention to fine British Airways and Marriott in July 2019, the ICO has recently issued a statement delaying the issuance of both GDPR fines which had originally been expected by the end of 2019. (The ICO’s initial notices of intention to fine had stated that British Airways would face a fine of £183m ($228m) and Marriott, a fine of £99m ($123m). We reported on these here: British Airways and Marriott.)

Read More

EmailShare

URGENT: CFTC Warns Registrants of Cyber Threats and Requests Information by January 10 and/or January 20

On January 3, 2020, the Division of Swap Dealer and Intermediary Oversight (DSIO) of the U.S. Commodity Futures Trading Commission (CFTC) issued two cyber threat alerts regarding the hacking of approximately one dozen cloud service providers, as described in a Wall Street Journal article published December 30, 2019, entitled “Ghosts in the Clouds: Inside China’s Major Corporate Hack.”

One DSIO cyber threat alert was directed to swap dealers (SDs) and futures commission merchants (FCMs). Another was directed to commodity pool operators (CPOs), commodity trading advisors (CTAs), introducing brokers (IBs) and retail foreign exchange dealers (RFEDs). The National Futures Association (NFA) then sent a blast email to all NFA members in these registration categories (on behalf of the CFTC), with the DSIO alerts attached, further emphasizing to NFA members the information requested by DSIO and the deadlines for providing such information.

Read More

EmailShare

Oregon Requires Vendors to Report Data Breaches

While much of the New Year attention has been focused on California due to the effective date of the California Consumer Privacy Act, a new Oregon law also went into effect on January 1, 2020 complicating compliance with data breach obligations. The law is unique among state data breach notification laws in that it imposes a direct obligation on vendors to provide regulatory notice to the state. It also requires vendors to provide notice to the data owner within 10 days.  This new regulatory notice requirement may take some control away from data “owners” that typically manage (and often contractually demand sole control over) initial regulator communications with regard to incidents impacting their data.  However, the new requirement may also incentivize service providers to take more responsibility for incident response.

Read More

EmailShare

Examining Legislative Proposals to Protect Consumer Data Privacy

On December 4, 2019, the Senate Commerce Committee addressed data privacy in a hearing titled, “Examining Legislative Proposals to Protect Consumer Data Privacy.”  The hearing focused on the two leading privacy proposals that were put forward in the week leading up to the hearing, the Consumer Online Privacy Rights Act (COPRA), introduced by Sen. Maria Cantwell, D-Wash., ranking member on the Committee, and a Staff Discussion Draft of the United States Consumer Data Privacy Act of 2019 (CDPA), introduced by Sen. Roger Wicker, R-Miss., Chairman of the Committee.  The competing proposals share many similarities, including their scope of covered data and entities, as well as their approaches to consumer transparency and access.  However, as witness testimony during the hearing revealed, the proposals diverge on a few critical issues.

Read More

EmailShare

CCPA 2.0 Moves to Next Critical Stage of Referendum Process

In the evening of December 17, 2019, Californians for Consumer Privacy, the consumer privacy rights organization led by Alastair Mactaggart that propelled California towards the U.S.’s first comprehensive privacy legislation, tweeted the Attorney General’s release of the title and summary for Initiative 19-0021.  This Initiative would substantively amend and essentially replace the California Consumer Privacy Act (“CCPA”) with the proposed Consumer Privacy Rights Act of 2020—also known colloquially as CCPA 2.0.

Read More

EmailShare

Congratulations to Sidley’s Newest Partners!

Congratulations to our 30 colleagues, including Kate Heinzelman and Tomoki Ishiara, for their election to the Sidley Austin partnership, effective January 1, 2020. Kate has strong experience involving complex privacy and data security matters and represents several large, multinational companies, as well as startups, in the healthcare, technology and financial services sectors, among others. Tomoki works out of Sidley’s Tokyo office and supports our global privacy practice in the Asian market.

Read More

EmailShare
EmailShare
XSLT Plugin by BMI Calculator