Cleary Cybersecurity and Privacy Watch

Global Legal Developments related to Cybersecurity Incidents, Cyber Corporate Governance and Regulation Issues, and Privacy and Data Protection Laws

Blog Authors

AB C D E F G H I J K L M NOPQR STUV WXY Z

Josh Anderson

Latest from Cleary Cybersecurity and Privacy Watch

Cleary Cybersecurity and Privacy Watch

Ready to Pounce: Regulators Are Intensifying GDPR Enforcement

By Natalie Farmer & Louie Ka Chun

February 26, 2021

After what appears to be a period of relative leniency in 2018/19, enforcement actions for violations of the EU General Data Protection Regulation (“GDPR”) have since intensified. In 2020, according to publically available information, supervisory authorities across the EU and the UK Information Commissioner’s Office (“ICO”) have issued over EUR 170 million worth of fines combined[1], with six of the top ten individual fines imposed being issued in 2020[2].…

Cleary Cybersecurity and Privacy Watch

First Circuit Upholds Border Searches of Electronic Devices Without Probable Cause

By David E. Brodsky, Lev Dassin, Victor L. Hou, Rahul Mukhi, Giovanni P. Prezioso & Samuel Levander

February 25, 2021

In a decision with potentially far-reaching implications, Alasaad v. Mayorkas, Nos. 20-1077, 20-1081, 2021 WL 521570 (1st Cir. Feb. 9, 2021), the First Circuit recently rejected First and Fourth Amendment challenges to the U.S. government agency policies governing border searches of electronic devices. These policies permit so-called “basic” manual searches of electronic devices without any articulable suspicion, requiring reasonable suspicion only when officers perform “advanced” searches that use external equipment to review, copy, or analyze a…

Cleary Cybersecurity and Privacy Watch

New York Department of Financial Services Issues New Guidance on Cyber Threats

By Rahul Mukhi, Alexis Collins, Jonathan S. Kolodner & Lilianna Rembar

February 24, 2021

Recently, the New York Department of Financial Services (“DFS”) issued two memoranda addressing the ongoing increase in cyberattacks. The first recent guidance provides best practices for insurance entities with regard to cyber insurance.[1] The second guidance deals with the surge in benefits fraud that has been ongoing since the beginning of the COVID-19 pandemic, with directions on how regulated entities can best secure data.[2]…

Cleary Cybersecurity and Privacy Watch

D.C. District Court Rejects Privilege Claim for Post-Data Breach Forensic Report

By Rahul Mukhi, Alexis Collins, Jonathan S. Kolodner & Claire Santiago

February 15, 2021

Last month, in Guo Wengui v. Clark Hill, PLC, the United States District Court for the District of Columbia granted Plaintiff’s motion to compel production of Defendant’s third-party forensic investigation report following a cybersecurity incident.[1] The court held that the forensic report was not covered by the attorney-client privilege or the work product doctrine, providing a cautionary tale for companies conducting post-breach investigations.…

Cleary Cybersecurity and Privacy Watch

The Central District Court of California Grants Marriott International’s Motion to Dismiss in Data Breach Suit

By Rahul Mukhi & Lilianna Rembar

January 27, 2021

On January 12, 2021, the United States District Court for the Central District of California granted Marriott’s motion to dismiss in Arifur Rahman v. Marriott International, Inc. et al[1], a class action filed against the company following its disclosure of a data breach in March 2020. The court held that Plaintiff lacked standing to sue, breathing life into a defense that has been unsuccessful in several recent cases. Background The litigation against Marriott…

Cleary Cybersecurity and Privacy Watch

2020 Cybersecurity and Privacy Developments: A Year in Review

By Katherine Mooney Carroll, Alexis Collins, Jonathan S. Kolodner, Daniel Ilan, Rahul Mukhi, Daniel Montgomery, Natalie Farmer & Emmanuel Ronco

January 25, 2021

Cybersecurity and data privacy, topics that were already top of mind for companies at the start of 2020, were pushed even further to the forefront due to the COVID-19 pandemic, significant data security enforcement actions, and the SolarWinds breach discovered in December. The increased prevalence of remote work made it all the more critical for companies to manage cybersecurity risk. In a recent survey of business and technology executives, 96% of respondents said that they…

Cleary Cybersecurity and Privacy Watch

Cybersecurity: Another Year of Intrusions and Regulation Punctuated by a Pandemic

By Rahul Mukhi & Daniel Montgomery

January 22, 2021

The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2021”. Cybersecurity, a topic that was already top of mind for boards and corporate stakeholders at the start of the year, was pushed even further to the fore in the wake of the COVID-19 pandemic. The increased prevalence of remote working made it all the more critical for companies to manage cybersecurity risk.…

Cleary Cybersecurity and Privacy Watch

New York Lawmakers Introduce Biometric Privacy Bill with Private Right of Action

By Rahul Mukhi & Nicholas Evert

January 21, 2021

On January 6, 2021, a bipartisan group of state legislators introduced the “Biometric Privacy Act,” (Assembly Bill 27), which would make New York only the second state with a private right of action against entities that improperly use or retain biometric information. This is the third time that New York lawmakers have proposed such a bill. The bill would protect individuals’ biometric identifiers, defined as fingerprints, voiceprints, retina or iris scans, and scans…

Cleary Cybersecurity and Privacy Watch

The Privacy Law Plot Continues to Thicken: Compliance Considerations for 2021

By Daniel Ilan, Emmanuel Ronco, Megan Medeiros, Natalie Farmer & Daniel Montgomery

January 21, 2021

The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2021”. Patchwork and continually changing regulation continues to be the trend in data privacy law, with 2020 adding new legislation to the fray and striking down some existing privacy structures. 2021 will likely be a time of reflection for businesses trying to adjust to impending new requirements in the face of an increasingly…

Cleary Cybersecurity and Privacy Watch

UK ICO Data Breach Fines – What Can We Learn From British Airways and Marriott?

By Natalie Farmer & Louie Ka Chun

December 17, 2020

In July 2019, the UK Information Commissioner’s Office (“ICO”) issued two notices of intent (“NOIs”) to fine British Airways (“BA”) and Marriott International Inc. (“Marriott”) for violations of the EU General Data Protection Regulation (“GDPR”), both related to high-profile personal data breaches. The NOIs proposed staggering fines of £183.39 million and £99.2 million, respectively, which would have constituted the largest penalties levied under the GDPR to date. More than a year later, the UK…

Cleary Cybersecurity and Privacy Watch

Global Legal Developments related to Cybersecurity Incidents, Cyber Corporate Governance and Regulation Issues, and Privacy and Data Protection Laws

Blog Authors

Ready to Pounce: Regulators Are Intensifying GDPR Enforcement

First Circuit Upholds Border Searches of Electronic Devices Without Probable Cause

New York Department of Financial Services Issues New Guidance on Cyber Threats

D.C. District Court Rejects Privilege Claim for Post-Data Breach Forensic Report

The Central District Court of California Grants Marriott International’s Motion to Dismiss in Data Breach Suit

2020 Cybersecurity and Privacy Developments: A Year in Review

Cybersecurity: Another Year of Intrusions and Regulation Punctuated by a Pandemic

New York Lawmakers Introduce Biometric Privacy Bill with Private Right of Action

The Privacy Law Plot Continues to Thicken: Compliance Considerations for 2021

UK ICO Data Breach Fines – What Can We Learn From British Airways and Marriott?

Stay Connected

Company

Products

Support

New to the Network