Data Protection

The NYDFS Brings First Enforcement Action under the Cybersecurity Regulation

July 27, 2020 By Kim Peretti and Dorian Simmons

On Tuesday, July 21, 2020, the New York Department of Financial Services (the “NYDFS”) brought its first enforcement action under its Cybersecurity Regulation (the “Regulation”) against a large title insurer (the “Company”) for failing to protect sensitive personal information. The NYDFS is seeking civil monetary penalties, an order requiring the Company to remedy the alleged […]

EDPB clarifies Brexit obligations for holders of Binding Corporate Rules which have the UK ICO as their lead authority

July 23, 2020 By Paul Greaves, Wim Nauwelaerts and Privacy, Cyber & Data Strategy Team

On July 22, 2020, the European Data Protection Board (‘EDPB’) released an information note on Binding Corporate Rules (‘BCRs’), which provides guidance for groups of undertakings/enterprises which have the UK ICO as their competent supervisory authority (‘BCR Lead SA’) [1]. Binding Corporate Rules are a means of legitimizing transfers of personal data outside of the […]

European Data Protection Board Statement Provides Preliminary Insight into Use of Standard Contractual Clauses Following Schrems II Judgment

July 20, 2020 By Wim Nauwelaerts and Paul Greaves

On July 17, 2020, the European Data Protection Board (‘EDPB’) published a statement on the outcome of the Schrems II judgment, passed by the Court of Justice of the European Union (‘CJEU’) the day before. The judgment invalidated the EU-U.S. Privacy Shield, and issued a number of clarifications and caveats on the use of Standard […]

Geopolitical Implications of the European Court’s Schrems II Decision

July 17, 2020 By Privacy, Cyber & Data Strategy Team

On July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated the EU-U.S. Privacy Shield, a principal legal method for the transfer of personal data from the EU to the United States. The CJEU ruling further cast doubt on the standard contractual clauses, the other means of effecting such international transfers. In […]

UK National Cyber Security Centre Advisory: Russian Attackers, APT29, Targets Companies Involved in COVID-19 Vaccine Development

July 17, 2020 By Kim Peretti and Privacy, Cyber & Data Strategy Team

Yesterday, the UK National Cyber Security Centre and Canada’s Communications Security Establishment released an advisory linking APT29 (also known as, ‘the Dukes’ or ‘Cozy Bear’) to attacks against COVID-19 vaccine development in Canada, the US and the UK. The Advisory stated that APT29 is “almost certainly part of the Russian intelligence services.” APT29/Cozy Bear was […]