Archives: Data & Cyber Security

Subscribe to Data & Cyber Security RSS Feed

Digital Accessibility: Legal & Practical Issues to Consider

By Angela Matney, Anthony Diana and Karim Alhassan on Posted in Data & Cyber Security, Digital Accessibility, Privacy & Data Protection
With increased digitization of business processes and services affecting all industries and enterprises, the need for accessible digital tools continues to grow. Indeed, 26% of adults living in the United States have some type of disability, highlighting the crucial role accessibility tools serve in ensuring an inclusive digital environment.  Furthermore, in certain instances, the implementation … Continue Reading

Government releases proposals to reform UK data protection laws

By Cynthia O’Donoghue, Sarah O'Brien and Asélle Ibraimova on Posted in Big Data, Data & Cyber Security, Global Data Transfers, Information Governance, Privacy & Data Protection, Regulatory
On 17 June 2022, in response to its consultation in 2021 on the same topic (which we wrote about here), the UK government published more detailed proposals to reform data protection laws in the UK. The response to the consultation can be found here. The intention of the reforms is to achieve greater personal data … Continue Reading

New rules to strengthen and better enforce consumer rights in Germany and the EU

By Dr. Andreas Splittgerber and Joana Becker on Posted in Data & Cyber Security, Tech & Outsourcing
Introduction and Overview The year 2022 is one of major changes to consumer protection laws in Germany and the EU, namely: Changes in connection with digital products and corresponding new provisions for the sale of consumer goods took effect on 1 January 2022 (see our earlier Reed Smith Client Alert Part I). New consumer protection … Continue Reading

The fourth anniversary of the GDPR: How the GDPR has had a domino effect

By Asélle Ibraimova and Sarah O'Brien on Posted in Data & Cyber Security, Privacy & Data Protection
Four years ago, the General Data Protection Regulation (“GDPR”) came into force in the EU. Since then, the GDPR has had a domino effect, as many countries in the world have used it as a model to shape their own rules on the handling of personal data. Given the rapid changes in data protection legislation … Continue Reading

Department for Digital, Culture, Media and Sport launches consultation on app security

By Cynthia O’Donoghue, Yunzhe Zhang and Sarah O'Brien on Posted in Data & Cyber Security, Privacy & Data Protection, Social, Mobile, Analytics & Cloud (SMAC)
On 4 May 2022, the Department for Digital, Culture, Media and Sport (DCMS) launched a consultation (available here) to request views from the tech industry on potential interventions to enhance security and privacy requirements for firms running app stores and developers making apps.… Continue Reading

CafePress FTC settlement signals future approach to enforcement actions

By Nikki Bhargava, Lauren Weaver and Eric Manski on Posted in Data & Cyber Security
On March 15, 2022, the Federal Trade Commission (“FTC”) issued a proposed settlement with online custom merchandise platform CafePress in connection with the company’s alleged: (1) failure to implement reasonable security measures to secure consumers’ Personal Information; and (2) attempt to cover up a significant 2019 data breach. The proposed settlement would require CafePress to … Continue Reading

Cybersecurity 2.0: the UK follows suit with the EU in launching cybersecurity law reform

By Cynthia O’Donoghue, Sarah O'Brien and Yunzhe Zhang on Posted in Data & Cyber Security
Following the recent adoption of a new draft EU cybersecurity directive (we wrote about it here), the UK government has now also launched a consultation on its proposal to reform the existing UK cybersecurity legislation  (see consultation here). A recap of the current UK cybersecurity law: NIS Regulations One of the key pieces of cybersecurity … Continue Reading

SEC proposes cybersecurity rules for registered funds and investment advisers

By Gerard Stegmaier, Howard Womersley Smith, Kile Marks and Eric Manski on Posted in Data & Cyber Security, Regulatory
The Securities and Exchange Commission (SEC) is proposing new rules to require registered funds (RFs) and investment advisers (RIAs) to implement comprehensive cybersecurity programs. Under the proposed rules, the SEC seeks to accomplish four main objectives, requiring RFs and RIAs to: Maintain and implement cybersecurity policies and procedures; Adopt new recordkeeping standards; Report significant cybersecurity … Continue Reading

Cybersecurity 2.0: European Parliament adopts new draft directive

By Cynthia O’Donoghue on Posted in Data & Cyber Security
During the autumn of 2021, the European Parliament adopted a draft cybersecurity directive, the revised ‘Directive on security of network and information systems’ (commonly referred to as ‘NIS2’). When it moved to the Council, additional changes were made; one was to extend the time for Member States to transpose it into national law from 18 … Continue Reading

FTC significantly amends GLBA Safeguards Rule

By Gerard Stegmaier and Mark Quist on Posted in Data & Cyber Security, Privacy & Data Protection, Regulatory
The Federal Trade Commission (FTC or Commission) has issued a final rule clarifying its data security requirements for certain covered financial institutions. The new rule, which amends the Safeguards Rule originally promulgated in 2002 under the Gramm-Leach-Bliley Act (GLBA), outlines specific criteria to be incorporated as part of GLBA-covered financial institutions’ information security programs. The … Continue Reading

California amends CCPA and clarifies rulemaking deadline

By Sarah Bruno, Bart Huffman, Christian Blair and Hubert Zanczak on Posted in Data & Cyber Security
On October 5, 2021, California Governor Gavin Newsom signed into law amendments to the California Consumer Privacy Act (CCPA) via Assembly Bill 694. Businesses are eagerly awaiting clarification on many aspects of the CCPA and the California Privacy Rights Act (CPRA) (the CPRA is set to go into effect on January 1, 2023, with a 12-month look-back … Continue Reading

Ransomware is on the rise – what to do if you are faced with a cyber attack

By Cynthia O’Donoghue and Philip Thomas on Posted in Data & Cyber Security, Privacy & Data Protection
As a result of the COVID-19 pandemic, many more organisations have moved their business operations online.  From a cybersecurity and privacy perspective, this brings hackers and criminals greater opportunities to try to infiltrate the increased amount of devices and even deploy ransomware attacks. This is where malware is installed to block access to the user’s … Continue Reading

Tune in for the latest updates on our Tech Law Talks podcast

By Sarah Bruno, Therese Craparo, Anthony Diana, Jason Gordon, Cynthia O’Donoghue, Dr. Andreas Splittgerber, Catherine Castaldo and Asélle Ibraimova on Posted in Data & Cyber Security, Privacy & Data Protection, Regulatory
Catch up on our Tech Law Talks podcast series for practical observations on technology and data legal trends, from product and technology development to operational and compliance issues that practitioners encounter every day. What’s new in data protection in the EU It has been a busy few weeks in the EU for all things data … Continue Reading

U.S. Department of Labor issues cybersecurity guidance for protecting ERISA-covered plan data

By Bart Huffman, Jenni Krengel, Wendell Bartnick and Haylie Treas on Posted in Data & Cyber Security, Regulatory
The U.S. Department of Labor (DOL) announced in April new cybersecurity guidance (the Guidance) for protecting ERISA-covered plan data from internal and external cybersecurity threats. This Guidance is the first of its kind from the DOL and supplements DOL regulations that govern electronic records and disclosures to plan participants and beneficiaries. The Guidance recognizes that … Continue Reading

Get the latest updates on our Tech Law Talks podcast

By Sarah Bruno, Anthony Diana, LiLing Poh, Dr. Andreas Splittgerber, Catherine Castaldo, Ramona Kimmich, Christian Leuthner and Trevor Satnick on Posted in Cookies, Tracking & Online Behavioral Advertising, Data & Cyber Security, Privacy & Data Protection, Regulatory
Catch up on our Tech Law Talks podcast series for practical observations on technology and data legal trends. We cover product and technology development to operational and compliance issues that technology practitioners encounter every day. On this channel, we host regular discussions about the legal and business issues around data protection, privacy and security; data risk … Continue Reading

Executive Order for cybersecurity creates new requirements for government contractors

By Leigh T. Hansson, Gregor Pryor, Gerard Stegmaier, Liza Craig, William Kirkwood and Joshuah Turner on Posted in Data & Cyber Security, Privacy & Data Protection, Regulatory
In response to a number of recent high-profile cyber attacks aimed at federal agencies, President Biden issued an Executive Order on Improving the Nation’s Cybersecurity (EO) on May 12, 2021. The EO which created a new Cyber Safety Review Board to review major cyber incidents and requires information and communications technology (ICT) service providers entering into contracts … Continue Reading

Recent report signals NIST may publish IoT cybersecurity standards

By Wendell Bartnick and Hubert Zanczak on Posted in Data & Cyber Security
Although regulators seem to think all too often that cybersecurity is an after-thought for internet-connected device manufacturers, the National Institute of Standards and Technology (NIST) recognizes that as the Internet of Things (IoT) grows, so do cybersecurity risks. In March 2021, NIST published several key takeaways from a recent workshop that provide helpful guidance for … Continue Reading

New podcast channel, Tech Law Talks, now live!

By Anthony Diana, Therese Craparo, Trevor Satnick and Erika Kweon on Posted in Data & Cyber Security
Reed Smith is proud to announce the launch of its sixth podcast channel, Tech Law Talks. The channel will present in-depth, practical observations on tech and data legal trends that practitioners encounter every day. Tune in for regular discussions led by the firm’s technology lawyers about the legal and business issues around data protection, privacy … Continue Reading

Cybersecurity Maturity Model Certification: New requirements in the near future

By Bart Huffman, Liza Craig, Elizabeth Leavy and Aryeh Younger on Posted in Data & Cyber Security, Regulatory
Beginning in November 2020, the Department of Defense (DoD) has confirmed that new solicitations will include the new Cybersecurity Maturity Model Certification (CMMC). Despite the impact of COVID-19, this confirmation indicates that the DoD is intent upon ensuring the protection of certain critical information and shoring up protection of its critical networks and supply chain. … Continue Reading

Responding to requests: the ICO considers manifestly unfounded and excessive requests

By Cynthia O’Donoghue and Katalina Bateman on Posted in Data & Cyber Security, Privacy & Data Protection
The Information Commissioner’s Office (ICO) has updated its guidance on access requests and whether such requests are manifestly unfounded or excessive, providing further clarification to the definitions in the guidance and on how data controllers should respond to such requests. We summarise the key points below. Background A data subject has rights under the Data … Continue Reading

Medical Device Coordination Group guidance on cybersecurity for medical devices

By Cynthia O’Donoghue and Katalina Bateman on Posted in Data & Cyber Security
Background In light of the growing concern over cybersecurity and the increasing complexity of medical device supply chains, the Medical Device Coordination Group has released updated guidance on cybersecurity for medical devices (the Guidance). The Guidance is intended to supplement the essential requirements listed in Annex I of the Medical Devices Regulations (Regulations 745/2017 and … Continue Reading

Amendments to Vermont’s Security Breach Notice Act to become effective July 1

By Bart Huffman, Wendell Bartnick and Haylie Treas on Posted in Data & Cyber Security
Vermont’s Security Breach Notice Act is noteworthy because it has the United States’ shortest deadline for providing preliminary notice of a “security breach” to the state’s attorney general. The deadline is 14 days from discovery of a security breach. Security incident response teams commonly consider the Vermont law early in the response process to determine … Continue Reading

California relaxes key telehealth regulatory requirements during COVID-19 emergency

By Kimberly Gold, Alexis Cocco, James F. Hennessy and Emily Lynch on Posted in Data & Cyber Security, Privacy & Data Protection, Regulatory
On March 17, 2020, the federal government relaxed a number of telehealth-related regulatory requirements due to COVID-19. On April 3, 2020, California Governor Gavin Newsom issued Executive Order N-43-20 (the Order), which relaxes various telehealth reporting requirements, penalties, and enforcements otherwise imposed under state laws, including those associated with unauthorized access and disclosure of personal … Continue Reading

U.S. cybersecurity – points to remember when business is not as usual

By Bart Huffman, Gerard Stegmaier, David Krone and Haylie Treas on Posted in Data & Cyber Security, Privacy & Data Protection
As the U.S. economy and educational system adapt to work and life at home, it is important to remember that cybersecurity (and related privacy) risks remain and are evolving. Remembering to think through measures that are in place to protect personal information, proprietary information, confidential information, and information needed for ongoing operations can help businesses … Continue Reading
LexBlog