“Browsing and location data are sensitive . . .. Full stop,” says the Federal Trade Commission. As is all granular data that can reveal “insights” that “can be attributed to particular people” through a “re-identification” procedure. This is one basis
Data Law Insights
Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery
Blog Authors
Latest from Data Law Insights
DoD’s New Year Resolution: A Cybersecurity Maturity Model Certification Program (CMMC) Proposed Rule
On December 26, 2023, the Department of Defense (DoD) released the highly anticipated proposed rule for the Cybersecurity Maturity Model Certification Program (CMMC), a cybersecurity regulatory program that will likely impact most of the government contractor community. Every contractor who…
FBI Offers Pathway to Request Delay of SEC Cybersecurity Incident Disclosures
Public companies now have a pathway to request a delay in their cybersecurity incident disclosure to the U.S. Securities and Exchange Commission (“SEC”). On December 6, 2023, the Federal Bureau of Investigation (“FBI”) Cyber Division published the “Cyber Victim…
European Parliament Adopts Final EU Data Act
On November 9, 2023, the European Parliament has adopted the final version of the Data Act, marking a significant milestone in the evolving landscape of digital regulation. The Data Act is part of the European Commission’s broader strategy to…
European Data Protection Supervisor Releases New Opinion on the EU’s Proposed AI Act
On October 24, 2023, the European Data Protection Supervisor (EDPS), which is the supervisory authority for the EU institutions, bodies, offices and agencies (EUIs), published a new opinion on the widely discussed proposal for an EU Regulation laying down harmonized…
Uncharted Territory: The SEC Sues SolarWinds and its CISO for Securities Laws Violations in Connection with SUNBURST Cyberattack
On October 30, 2023, the Securities and Exchange Commission (the “SEC”) filed a civil lawsuit charging SolarWinds Corporation (“SolarWinds” or the “Company”) and its chief information security officer, Timothy G. Brown (“Brown”), with securities fraud, internal controls failures, misleading investors…
Catch Up Fast: The “Data Days” of Summer in China
The summer has been anything but slow in the People’s Republic of China. China is leaning into its regulation of emerging technologies, while attempting to strike a balance with its domestic economic priorities. In just the past few weeks, state…
The Future is Here: Senate Judiciary Committee’s Oversight of AI and Principles for Regulation
On July 25, 2023, the Senate Judiciary Committee held its fifth hearing this year on artificial intelligence (AI). This is the second hearing held by the Subcommittee on Privacy, Technology, and the Law, and it highlighted the “bipartisan unanimity” in…
The First Text Cuts the Deepest: Eleventh Circuit Aligns with Other Circuits on TCPA Standing
On July 24, 2023, an en banc Eleventh Circuit joined the majority of circuits to find that just one text is sufficient to establish standing to bring a Telephone Consumer Protection Act (“TCPA”) claim. The decision, Drazen v. Pinto, — F.4th…
Five Key Takeaways from the SEC’s Final Cybersecurity Rules for Public Companies
On July 26, 2023, the SEC finalized long-awaited disclosure rules (the “Final Rules”) regarding cybersecurity risk management, strategy, governance, and incidents by public companies that are subject to the reporting requirements of the Securities Exchange Act of 1934. While the…