Board Governance & Cyber Risk Management

EDPB reports on EU Data Protection Authorities’ resources and enforcement actions

August 23, 2021 By Wim Nauwelaerts and Privacy, Cyber & Data Strategy Team

Earlier this month, the European Data Protection Board (EDPB) published a report on the resources that the EU Member States make available to their Data Protection Authorities (DPA) and on the enforcement actions initiated by those DPAs. Resources made available by the EU Member States to the DPAs The EDPB report releases statistics on both […]

Swiss Data Protection Regulator Is Latest to Outline Framework for Transferring Data to the SEC

August 17, 2021 By Daniel Felz, Kate Hanniford and Wim Nauwelaerts

Entities registered with the U.S. Securities & Exchange Commission (SEC) must maintain certain books and records and can be subject to the SEC’s examination, inspection, and enforcement authority. Responding to SEC requests can require cross-border transfers of personal data, and this has historically risked non-compliance under foreign data protection law. The SEC has been proactive […]

Biden Administration To Issue Cybersecurity “Performance Goals” For Critical Infrastructure

July 29, 2021 By Privacy, Cyber & Data Strategy Team

Yesterday, the Biden Administration issued a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems (“Memorandum”). A short summary is below. However, the primary take away is that the government will be establishing preliminary cybersecurity performance goals for certain industries no later than September 2021. While we do not yet know what these […]

Securities Class Actions Filed Against Three Chinese Tech Titans After Announcement of Cyber-Related Investigations

July 27, 2021 By Sierra Shear and Cara Peterman

In early July, investigations by a Chinese cybersecurity regulatory agency, the Cyberspace Administration of China (“CAC”), into at least three China-based technology companies—DiDi Global Inc. (“DiDi”), Full Truck Alliance Co. Ltd. (“FTA”), and Kanzhun Limited (“Kanzhun”)—were purportedly revealed weeks after each conducted a substantial initial public offering (“IPO”) on a United States stock exchange. These […]

EDPB publishes Guidelines on the Concepts of Controller and Processor in the GDPR

July 21, 2021 By Paul Greaves, Wim Nauwelaerts and Privacy, Cyber & Data Strategy Team

On July 7th, the European Data Protection Board (“EDPB”) adopted its finalized guidelines on the concepts of controller and processor in the General Data Protection Regulation (“GDPR”). While the EDPB’s predecessor – the Article 29 Working Party – had issued guidance on the concepts of controller/processor (Opinion 1/2010, WP169) back in 2010, many practical concerns […]