Cybersecurity Regulations for the Energy Industry

The Colonial Pipeline ransomware attack shone a spotlight on the importance and potential vulnerabilities of U.S. critical energy infrastructure. Join our panel of energy industry and cybersecurity thought leaders for a discussion of the threats targeting the industry today, the state of the law when it comes to safeguarding against cyberattacks, and what to expect from Congress and the Administration as calls for increased regulation intensify.

Read More

EmailShare

Transferring EU Data To US After New Contractual Safeguards – A Proposal to Notify Intelligence Agencies of “US Person” Prohibition on Targeting SCC Transfers

This article was first published by Law360 on May 17, 2021.

In light of new standard contractual clauses, or SCCs, to be issued shortly by the European Commission, as well as imminent new guidance from the European Data Protection Board, companies transferring personal data to the U.S. should consider taking steps to help ensure their data transfers are recognized as U.S. person communications.

This article sets forth possible text that companies could adopt as a supplemental measure to inform U.S. intelligence agencies that data transfers under SCCs are prohibited from being targeted.

View Article

 

EmailShare

Major Executive Order on Cybersecurity Aims to Fortify Defenses and Coordinate U.S. Response to Growing Epidemic of Cyberattacks

The Biden administration issued a lengthy Executive Order, “Improving the Nation’s Cybersecurity,” on May 12, which it described as the “first of many ambitious steps” toward modernizing U.S. cybersecurity defenses. The White House simultaneously issued an explanatory fact sheet and background press call.

Pursuant to the Order, government agencies will be required to deploy multifactor authentication, encryption, endpoint detection response, and logging and operate under the principle of a “zero-trust” environment. A clear purpose of the Order is to improve the security of commercial software, including by establishing baseline security requirements based on industry best practices. As the White House press briefer stated, the Order will impose “the power of federal procurement to say, ‘If you’re doing business with us, we need you to practice really good — really good cybersecurity. And, most importantly, we really need you to focus on secure software development.’”

Read More

EmailShare

Sidley Welcomes Former-CFPB Enforcement Director Tom Ward

Sidley is pleased to announce that Thomas Ward, who previously served as Enforcement Director at the Consumer Financial Protection Bureau (CFPB), has joined the firm as a partner in the Banking and Financial Services Group in Washington, D.C. As the CFPB’s chief law enforcement officer, Tom was responsible for enforcing more than 20 enumerated consumer financial statutes and the Consumer Financial Protection Act. He established and supervised the strategy in hundreds of active investigations and cases prosecuted by the CFPB’s Office of Enforcement and managed the agency’s 165 enforcement trial lawyers, investigators, and staff. Under his leadership, in 2020, the CFPB brought the second highest number of enforcement actions since its inception, secured its fourth highest amount of redress, prosecuted its largest and most complex litigation docket, and recommitted to enforcing the Fair Lending laws, including filing the first contested Fair Lending action in the CFPB’s history.

Read More

EmailShare

Using Data De-Identification to Protect Companies

Many companies hope to benefit from amassing large amounts of data by mining it for market insights, creating internal business models, and supporting strategic, data-driven decisions. But as companies collect and store increasingly enormous volumes of data, they may unknowingly take on significant legal risks, including potential violations of data privacy laws and increased exposure to U.S. litigation discovery obligations. One way that businesses can mitigate these risks is to de-identify the data they collect and store.

Read More

EmailShare

Part II – Digital Health Passports in Europe: Amended Proposal for a Digital Green Certificate and Eligible Testing Methods

In March 2021, the European Commission released a proposal for the creation of a “Digital Green Certificate,” which will allow EU citizens to travel easier throughout the EU during the COVID-19 pandemic. Last week, the EU Member States agreed on some proposed changes to the proposal, including strengthening of the data privacy provisions. According to the proposal, in order to obtain a Digital Green Certificate, individuals must prove that they have been vaccinated, present a negative test result, or have recently recovered from COVID-19. The proposal allows the issuance of a certificate for all COVID-19 vaccines, which have received an EU-wide marketing authorisation, however only the results of certain in vitro diagnostic tests will be considered valid.

Read More

EmailShare
EmailShare
XSLT Plugin by BMI Calculator