Following a two-year grace period, EU General Data Protection Regulation (GDPR) entered into force on May 25, 2018. For many companies, preparing for the GDPR was a multi-year project involving multiple teams and input or assistance from across the organization. On this blog, we have outlined the items we have seen as particularly time- or […]
Data Breach Notification
Colorado Enacts Expanded Data Breach Notification Law
Consistent with recent expansions to state data breach notification laws, Colorado recently enacted an expanded data privacy law that strengthens the state’s existing breach notification law and that requires policies and procedures concerning the protection and destruction of personal identifying information (“PII”). The law applies to any individual or commercial entity that maintains, owns, or […]
SEC Announces Its First Enforcement Action Over Cyber-related Disclosures
The Securities and Exchange Commission’s $35 million settlement with Altaba Inc., the successor in interest to Yahoo! Inc., is the first civil penalty of its kind for a data breach and underscores the agency’s increasing focus on public companies’ cybersecurity disclosure obligations. A cross-practice team from our Securities Litigation and Cybersecurity Preparedness & Response groups […]
Bill Proposes Jail Time for Executives Who Conceal Data Breaches
On November 30, 2017, a group of U.S. senators re-introduced a bill, known as the Data Security and Breach Notification Act, which seeks to impose criminal liability of up to five years of jail time on any corporate executive convicted of “intentionally and willfully” concealing a data breach. The bill also proposes that the Federal […]
Virginia Amends Data Breach Notification Law
Virginia amended the state’s data breach notification law, effective July 1, 2017, to expand notification requirements for employers and payroll service providers to data breaches that involve “unauthorized access and acquisition of unencrypted and unredacted computerized data containing a [Virginia] taxpayer’s identification number in combination with the income tax withheld for that taxpayer. . . […]