Cleary Cybersecurity and Privacy Watch

Global Legal Developments related to Cybersecurity Incidents, Cyber Corporate Governance and Regulation Issues, and Privacy and Data Protection Laws

Subscribe
Visit Blog
By: Cleary Gottlieb Steen & Hamilton LLP

Blog Authors

Amélie Champsaur
April Collaku
Adrienne Dahrouge
Alan B. Freedman
Anne Titus Hilby
Alexis Collins
Adam Motiwala
Alanna B. Newman
Brendan J. Cohen
Britta Redwood
Christopher J. Cook
Carl F. Emigholz
Cleary Gottlieb
Constanze Horn
Chinyelu Lee
Colin D. Lloyd
Colin Pearson
Christina Samaras
Daniel J. Esannason
Daniel Ilan
Diana Yu
Emmanuel Ronco
Francesco De Biasi
Frances Carpenter
Freeman Chan
Guilherme Duraes
Gareth Kristensen
Grace Kurland
Giovanni P. Prezioso
Georgia V. Stasinopoulos
Gregory N. Wolfe
Hannah Rogers
Josh Anderson
Jonathan I. Blackman
James Michael Blakemore
James Brady
James G. Fields
Jared Gerber
Joseph M. Kay
Jonathan Kelly
Jonathan S. Kolodner
John Lightbourne
John Rafael Perez
Jane C. Rosen
Jim Wintering
Kimberly Black
Kal Blassberger
Katherine Mooney Carroll
Kristin Corbett
Katie Dunn
Kylie M. Huff
Laura Gavin
Ling Huang
Lucinda Smart
Miranda Gonzalez
Michael H. Krimminger
Matthew C. Solomon
Martha E. Vega-Gonzalez
Nowell Bamberger
Natalie Farmer
Natascha Gerlach
Olivia Espy
Pamela L. Marcogliese
Paul Marquardt
Robin M. Bergen
Richard Cipolla
Roger A. Cooper
Russell Mawn
Rahul Mukhi
Rishi N. Zutshi
Samuel H. Chang
Soo Jee Lee
Thomas Kopp
Tanner Mathison
Xuyang Zhu
Zekariah McNeal
Zheng (Jonathan) Zhou

Latest from Cleary Cybersecurity and Privacy Watch

On December 6, 2018, in Williams-Diggins v. Mercy Health, an Ohio district court granted the defendant’s motion to dismiss a putative class action related to a cybersecurity vulnerability in the Ohio-based medical provider’s computer systems that allegedly left patient health information publicly accessible online for years.  United States District Judge Jeffrey Helmick dismissed the case for lack of jurisdiction (among other reasons), finding that the plaintiff’s theories of harm—overpayment and risk of future exposure or…
Continuing its efforts to engage with FinTech innovators and market participants in the adoption of new technologies, the Commodity Futures Trading Commission (“CFTC”) and its LabCFTC[1] released a Primer on Smart Contracts (the “Primer”) on November 27. The Commission focused its Primer on (1) detailing the technical aspects of smart contract technology; (2) examining potential benefits and risks connected to their widespread adoption; and (3) the CFTC’s role in regulating the adoption of the…
On November 27, 2018, the Senate Commerce, Science, and Transportation Committee’s Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security held an oversight hearing of the U.S. Federal Trade Commission.  The hearing marked the first appearance before the Senate of the full slate of current FTC commissioners: Republicans Chairman Joe Simons, Noah Phillips, and Christine Wilson, and Democrats Rohit Chopra and Rebecca Slaughter.  In addition to confirming that the FTC will continue to prioritize…
On November 28, 2018, Judge Gonzalo P. Curiel of the U.S. District Court for the Southern District of California denied the U.S. Securities and Exchange Commission’s motion for a preliminary injunction against Blockvest, LLC and Reginald Ringgold in connection with Defendants’ initial coin offering (“ICO”).  In doing so, the court found disputed issues of fact existed regarding whether the so-called “BLV” tokens constituted “securities” under the test set out in SEC v. W.J. Howey Co.…
On November 28, 2018, the Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) identified for the first time digital currency addresses associated with sanctioned persons.  The newly sanctioned individuals, Iran-based Ali Khorashadizadeh and Mohammad Ghorbaniyan, were accused of converting digital currency payments into Iranian rial as part of a widespread ransomware scheme.  Since 2015, the ransomware scheme (known as “SamSam”) has infected the data networks of corporations, hospitals, universities, and government agencies.  According…
Knuddels GmbH & Co KG, a German social media app, has received the first administrative fine issued by a German supervisory authority under the General Data Protection Regulation (“GDPR”). The fine of € 20,000 has been levied on Knuddels by the Commissioner for Data Protection and Freedom of Information in Baden-Württemberg (one of 16 regional data protection authorities in Germany) following a hack reported by Knuddels in September which resulted in the personal data of…
icos
On November 16, 2018, the U.S. Securities and Exchange Commission (“SEC”) Division of Corporation Finance (“Corp. Fin.”), Division of Investment Management, and Division of Trading and Markets issued a joint public statement on “Digital Asset Securities Issuance and Trading.”  The public statement is the latest in the Divisions’—and the Commission’s—steady efforts to publicly outline and develop its analysis on the application of the federal securities laws to initial coin offerings (“ICOs”) and certain digital tokens. …
On November 6-8, 2018, the U.S. Federal Trade Commission (“FTC”) hosted a public hearing on “Privacy, Big Data, and Competition.”  The event was part of a series of public hearings on Competition and Consumer Protection in the 21st Century, modeled after the agency’s 1995 “Pitofsky Hearings.”  The series solicits input from a wide variety of private and public sector stakeholders and academics to inform and guide the FTC’s regulatory and enforcement efforts in light…
On November 8, the Securities and Exchange Commission (“SEC”) imposed a cease-and-desist order against Zachary Coburn for causing his former company, EtherDelta, to operate as an unregistered securities exchange in violation of Section 5 of the Securities Exchange Act of 1934 (“Exchange Act”).  Notably, EtherDelta, a trading platform specializing in digital assets known as Ether and ERC20 tokens,[1] was not operated like a traditional exchange with centralized operations, as there was no ongoing, active…
cybersecurity2
On November 1, 2018, the Canadian Digital Privacy Act came into effect.  The Act, passed on June 18, 2015, modified the data breach obligations for companies subject to the Personal Information Protection and Electronic Documents Act (“PIPEDA”) by introducing three new requirements in the event of certain data breaches:  reporting to the Canadian Office of the Privacy Commissioner (“OPC”), notification to the affected individuals, and recordkeeping obligations.  Below, we discuss these requirements and recent guidance…