Alston & Bird Privacy, Cyber & Data Strategy Blog

Board Governance & Cyber Risk Management

NYDFS Cybersecurity Requirements Compliance Deadline Nears for Key Provisions

By

September 4, 2018 marks the end of the transitional period for covered entities to comply with several key provisions of the NYDFS Cybersecurity Requirements that require certain systemic and sustained measures. These provisions include the encryption and audit trail requirements as well as ones relating to the implementation of monitoring policies, procedures, and controls, application […]

Japan and EU agree on Terms of Reciprocal Adequacy for Data Transfers

By

On July 17, the European Commission (the “Commission”) announced that the European Union and Japan successfully concluded talks on reciprocal adequacy and agreed to recognize each other’s data protection systems as equivalent.  In its press release, the Commission explains that this adequacy agreement will create “the world’s largest area of safe transfers of data based […]

LabMD: The End of the FTC in Cyber or Just a New Path?

By

The U.S. Court of Appeals for the Eleventh Circuit recently issued its opinion in LabMD, Inc. v. FTC, No. 16-16270 (11th Cir. June 6, 2018), declaring unenforceable a Federal Trade Commission (FTC) order requiring LabMD to implement an extensive cybersecurity plan. The case is noteworthy for its lengthy procedural background—during which time LabMD became defunct—and its holding, which […]

Landmark New Privacy Law in California to Challenge Businesses Nationwide

By

Following our June 4 and July 2, 2018 blog posts tracking California’s November 2018 ballot measure turned hastily enacted new California privacy law titled The California Consumer Privacy Act of 2018 (CCPA), Alston & Bird’s Privacy & Data Security Group released a more detailed “first look” review of California’s sweeping new law.  The advisory provides an overview of […]

German DPA Announces GDPR Compliance Survey of Large Companies – Translation Provided

By

Following a two-year grace period, EU General Data Protection Regulation (GDPR) entered into force on May 25, 2018.  For many companies, preparing for the GDPR was a multi-year project involving multiple teams and input or assistance from across the organization.  On this blog, we have outlined the items we have seen as particularly time- or […]