Data Breach

Recent Updates in Two Closely-Watched Cybersecurity and Privacy-Related Securities Fraud Class Actions

April 4, 2022 By Oyinkan Muraina, Sierra Shear and Cara Peterman

Observers have been awaiting decisions in a number of cybersecurity and privacy securities fraud class actions with potentially important implications for corporate liability. Over the last several weeks, critical developments emerged in two such cases: the defendants’ motion to dismiss was granted in part and denied in part in In re Zoom Securities Litigation, and […]

Senate Passes Significant Cyber Bill Requiring Cyber Incident Reporting

March 3, 2022 By Kim Peretti and Kristen Bartolotta

The Strengthening American Cybersecurity Act of 2022, a bill that narrowly failed to become law last year, was passed in the Senate on Tuesday, March 1 as a package of cybersecurity measures that would require operators of critical infrastructure and federal civilian agencies to report cyber incidents to the Department of Homeland Security’s Cybersecurity and […]

EDPB Issues New Guidance for Assessing Personal Data Breaches under the EU GDPR

January 10, 2022 By Paul Greaves and Wim Nauwelaerts

On Monday, 3 January 2022, the European Data Protection Board (“EDPB”) published the finalized version of its regulatory guidance entitled “Examples regarding Personal Data Breach Notification” (the “Guidelines”), following a public consultation on a draft set of guidelines in 2021. The finalized Guidelines are a practice-oriented, and case-based set of examples that leverage the experiences […]

The Cybersecurity Incident Reporting Requirements Fail in the Latest Version of the National Defense Authorization Act

December 9, 2021 By Kim Peretti and Lance Taubin

On December 7, 2021, the House of Representatives passed the National Defense Authorization Act for Fiscal Year 2022 (NDAA), which notably excluded any cybersecurity incident reporting requirements. In September, the House approved a previous version of the bill that included a mandatory breach notification provision that would have required the Department of Homeland Security’s Cybersecurity […]

China’s Initial Draft Regulations on the Management of Online Data Security: Important Takeaways

December 2, 2021 By Kim Peretti, Yin Zhao and Lance Taubin

On November 14, 2021, the Cyberspace Administration of China (CAC) released draft Regulations on the Management of Online Data Security (the “Regulations”) for China’s data privacy and security laws, including the Cybersecurity Law (CSL), Data Security Law (DSL), and Personal Information Protection Law (PIPL). Consistent with such laws, the Regulations broadly apply to processing […]