The Federal Trade Commission (FTC or Commission) has issued a final rule clarifying its data security requirements for certain covered financial institutions. The new rule, which amends the Safeguards Rule originally promulgated in 2002 under the Gramm-Leach-Bliley Act (GLBA), outlines specific criteria to be incorporated as part of GLBA-covered financial institutions’ information security programs. The … Continue Reading
On October 5, 2021, California Governor Gavin Newsom signed into law amendments to the California Consumer Privacy Act (CCPA) via Assembly Bill 694. Businesses are eagerly awaiting clarification on many aspects of the CCPA and the California Privacy Rights Act (CPRA) (the CPRA is set to go into effect on January 1, 2023, with a 12-month look-back … Continue Reading
As a result of the COVID-19 pandemic, many more organisations have moved their business operations online. From a cybersecurity and privacy perspective, this brings hackers and criminals greater opportunities to try to infiltrate the increased amount of devices and even deploy ransomware attacks. This is where malware is installed to block access to the user’s … Continue Reading
Catch up on our Tech Law Talks podcast series for practical observations on technology and data legal trends, from product and technology development to operational and compliance issues that practitioners encounter every day. What’s new in data protection in the EU It has been a busy few weeks in the EU for all things data … Continue Reading
The U.S. Department of Labor (DOL) announced in April new cybersecurity guidance (the Guidance) for protecting ERISA-covered plan data from internal and external cybersecurity threats. This Guidance is the first of its kind from the DOL and supplements DOL regulations that govern electronic records and disclosures to plan participants and beneficiaries. The Guidance recognizes that … Continue Reading
Catch up on our Tech Law Talks podcast series for practical observations on technology and data legal trends. We cover product and technology development to operational and compliance issues that technology practitioners encounter every day. On this channel, we host regular discussions about the legal and business issues around data protection, privacy and security; data risk … Continue Reading
In response to a number of recent high-profile cyber attacks aimed at federal agencies, President Biden issued an Executive Order on Improving the Nation’s Cybersecurity (EO) on May 12, 2021. The EO which created a new Cyber Safety Review Board to review major cyber incidents and requires information and communications technology (ICT) service providers entering into contracts … Continue Reading
Although regulators seem to think all too often that cybersecurity is an after-thought for internet-connected device manufacturers, the National Institute of Standards and Technology (NIST) recognizes that as the Internet of Things (IoT) grows, so do cybersecurity risks. In March 2021, NIST published several key takeaways from a recent workshop that provide helpful guidance for … Continue Reading
Reed Smith is proud to announce the launch of its sixth podcast channel, Tech Law Talks. The channel will present in-depth, practical observations on tech and data legal trends that practitioners encounter every day. Tune in for regular discussions led by the firm’s technology lawyers about the legal and business issues around data protection, privacy … Continue Reading
Beginning in November 2020, the Department of Defense (DoD) has confirmed that new solicitations will include the new Cybersecurity Maturity Model Certification (CMMC). Despite the impact of COVID-19, this confirmation indicates that the DoD is intent upon ensuring the protection of certain critical information and shoring up protection of its critical networks and supply chain. … Continue Reading
The Information Commissioner’s Office (ICO) has updated its guidance on access requests and whether such requests are manifestly unfounded or excessive, providing further clarification to the definitions in the guidance and on how data controllers should respond to such requests. We summarise the key points below. Background A data subject has rights under the Data … Continue Reading
Background In light of the growing concern over cybersecurity and the increasing complexity of medical device supply chains, the Medical Device Coordination Group has released updated guidance on cybersecurity for medical devices (the Guidance). The Guidance is intended to supplement the essential requirements listed in Annex I of the Medical Devices Regulations (Regulations 745/2017 and … Continue Reading
Vermont’s Security Breach Notice Act is noteworthy because it has the United States’ shortest deadline for providing preliminary notice of a “security breach” to the state’s attorney general. The deadline is 14 days from discovery of a security breach. Security incident response teams commonly consider the Vermont law early in the response process to determine … Continue Reading
On March 17, 2020, the federal government relaxed a number of telehealth-related regulatory requirements due to COVID-19. On April 3, 2020, California Governor Gavin Newsom issued Executive Order N-43-20 (the Order), which relaxes various telehealth reporting requirements, penalties, and enforcements otherwise imposed under state laws, including those associated with unauthorized access and disclosure of personal … Continue Reading
As the U.S. economy and educational system adapt to work and life at home, it is important to remember that cybersecurity (and related privacy) risks remain and are evolving. Remembering to think through measures that are in place to protect personal information, proprietary information, confidential information, and information needed for ongoing operations can help businesses … Continue Reading
On January 6, 2020, the Director of the Federal Trade Commission’s (FTC’s) Bureau of Consumer Protection, Andrew Smith, published a blog post highlighting recent changes to the Commission’s enforcement orders relating to data security. Industry leaders, law practitioners, Congress, and even the courts have been critical of aspects of the Commission’s data security orders. In … Continue Reading
With the California Consumer Privacy Act (CCPA) coming into effect on January 1 and the announcement on 14 January from Google that it will be phasing out third party cookies within the next two years, it seems that 2020 will be a significant year for the adtech industry as industry players react with solutions and … Continue Reading
According to a report issued last week, tens of thousands of cannabis dispensary customers’ personal data has been exposed following a data breach of a sales system that at least three (and likely more) cannabis dispensaries may have used to manage their sales to customers. Our recent client alert highlights the increasing threat that cyber … Continue Reading
A top goal for 2020 is to review and negotiate your directors and officers (D&O) (and other) insurance policies to make sure they are as favorable as possible from a coverage and pricing perspective. (See Make a few small yet substantial plans: five steps to managing directors’ and officers’ liability insurance and other risks in 2020.) … Continue Reading
The UK Information Commissioner’s Office has published a draft Code of Practice on Direct Marketing, which is now out for consultation. Here we discuss the context for this and key takeaway points from its 120+ pages. Read more about this topic in our recent client alert. … Continue Reading
As we look toward a new year and a new decade, advertisers will need to be a step ahead of the market, in order to keep up with changing trends, a world impacted by an increased sensitivity to privacy and the use of data, and consumers who have grown savvy to influencer marketing and product … Continue Reading
According to experts, most New Year’s resolutions fail because sweeping change is difficult. Rather, the best results come from taking small steps. Here are five small steps to take to make sure your directors’ and officers’ (D&O) coverage can tackle potential cyber risks. Review your coverage program from last year. Endorsements, policy provisions, and pricing … Continue Reading
Singapore’s Personal Data Protection Commission (PDPC) has announced that data breach notification will soon become mandatory in Singapore. However, not all breaches need to be reported. We have prepared this guide to aid businesses in understanding when, to whom and how to notify should they encounter a data breach. As further guidance and details on … Continue Reading
As part of Reed Smith’s webinar series on crisis management, on Wednesday 6 November 2019, partners Tom Webley, Philip Thomas and John M. McIntyre delivered a webinar to clients on data breaches, cyber attacks, and potential responses to such incidents. Our recent client alert focuses on the key themes arising out of the webinar and … Continue Reading
