Enforcement

EDPB reports on EU Data Protection Authorities’ resources and enforcement actions

August 23, 2021 By Yung Shin Van Der Sype and Wim Nauwelaerts

Earlier this month, the European Data Protection Board (EDPB) published a report on the resources that the EU Member States make available to their Data Protection Authorities (DPA) and on the enforcement actions initiated by those DPAs. Resources made available by the EU Member States to the DPAs The EDPB report releases statistics on both […]

Colorado Becomes the Third State to Adopt a General Privacy Law

July 8, 2021 By Dorian Simmons

On July 7, Colorado became the third state behind California and Virginia to adopt a comprehensive privacy law when Governor Jared Polis signed the Colorado Privacy Act into law. The CPA contains many similarities to the Virginia Consumer Data Protection Act (VCDPA) and the California Consumer Privacy Act, as amended by the California Privacy Rights […]

SEC Settles Enforcement Action for Disclosure Controls Violations Stemming from Data Security Incident

June 15, 2021 By Kate Hanniford

The SEC has settled an enforcement action against a large title insurer in connection with public statements and disclosures made by the company in May 2019 relating to a data security incident. The underlying data security incident was the subject of the first set of charges brought by the New York Department of Financial Services […]

New York and Illinois Regulators Recommend Third Party Cybersecurity Review For Specific Vulnerabilities

May 21, 2021 By Michael Young and James Harvey

This month, the Illinois Department of Insurance issued guidance to insurers recommending assessments in response to a Microsoft Exchange vulnerability, detailed in the guidance. In the Bulletin dated May 5, the Department encourages regulated entities to “assess the risk to their systems and consumers and take steps necessary to address vulnerabilities and customer impact.” The […]