Data Security

On August 14, 2018, the NIST Small Business Cybersecurity Act was enacted. In some ways, the Act appears to be a continuation of policies to enhance private sector cybersecurity through the use of voluntary resources,...

Read More →

Ohio has become the first state to enact legislation providing liability protection for businesses that implement a written cybersecurity program that “reasonably conforms” to certain cybersecurity frameworks or laws to protect personal information. This approach...

Read More →

Since at least fall of 2017, the Department of Education (“ED”) has expected institutions of higher education to report data breaches directly to the department on the same day a breach is discovered – or...

Read More →

Nearly three years after adding a mandatory data breach notification provision to its federal privacy law, Canada has taken steps that will effectuate the dormant requirement. The Governor General in Council, on the recommendation of...

Read More →

Alabama became the 50th and final state to enact data breach notification legislation when Governor Kay Ivey signed into law the Alabama Data Breach Notification Act of 2018. Alabama’s law comes on the heels of...

Read More →

The CLOUD Act has been enacted, effectively mooting the closely watched United States v. Microsoft case and marking a watershed moment in federal and international surveillance law. The Act codifies mechanisms for both US and...

Read More →

Selecting appropriate contract clauses is a key strategy for managing security risks with vendors. Security provisions in vendor contracts should be tailored to the risks posed by the specific engagement, the supply chain for the...

Read More →

In affirming the dismissal of the Wiretap case against Apple for its handling of iMessages from former users, the 9th Circuit yesterday affirmed the distinction it first set out in 2002 in Konop v. Hawaiian...

Read More →

Knight Rider fans, rejoice! Soon, you can have your own automated vehicle. While the arrival of connected cars and autonomous vehicles (“AV”) bring a potential increase in efficiency, safety, and mobility, they also present unique...

Read More →

This post has been updated to reflect that the WP29 has since released updated guidance. In our recent blog post on the Article 29 Working Party’s draft guidance on the GDPR’s breach notification requirements, we...

Read More →