Alston & Bird Privacy, Cyber & Data Strategy Blog

Board Governance & Cyber Risk Management

California Federal Court Dismisses Data Security-Related Securities Fraud Class Action

By , and

A California federal court has dismissed a putative securities fraud class action alleging that a large title insurer that disclosed a data security incident in May 2019 made false and misleading statements related to its data security practices and the incident.  The dismissal follows the June 2021 settlement of a related Securities & Exchange Commission […]

September 27 Deadline Looming for EU Standard Contractual Clauses

By

On June 4th, the European Commission issued modernized Standard Contractual Clauses (SCCs) under the EU General Data Protection Regulation (GDPR) for data transfers from controllers or processors in the EU/EEA (or otherwise subject to the EU GDPR) to controllers or processors outside the EU/EEA (and not subject to the EU GDPR). The modernized SCCs will […]

UK Unveils Post-Brexit Data Plans with an Emphasis on International Transfers of Personal Data

By

Today, the UK Department of Digital, Culture, Media and Sport (“DCMS”) has made a series of announcements shedding light on the UK’s post-Brexit data strategy. The announcements – which emphasize the importance of international transfers of personal data to global trade – include as follows: A Press Release, providing an overview of the UK government’s […]

EDPB reports on EU Data Protection Authorities’ resources and enforcement actions

By and

Earlier this month, the European Data Protection Board (EDPB) published a report on the resources that the EU Member States make available to their Data Protection Authorities (DPA) and on the enforcement actions initiated by those DPAs. Resources made available by the EU Member States to the DPAs The EDPB report releases statistics on both […]

Swiss Data Protection Regulator Is Latest to Outline Framework for Transferring Data to the SEC

By , and

Entities registered with the U.S. Securities & Exchange Commission (SEC) must maintain certain books and records and can be subject to the SEC’s examination, inspection, and enforcement authority. Responding to SEC requests can require cross-border transfers of personal data, and this has historically risked non-compliance under foreign data protection law. The SEC has been proactive […]