In a recent decision upholding the denial of a motion to compel arbitration, a panel of the Ninth Circuit provided new guidance about the formation of online contracts under California and New York law.1 The court held that, to
Inside Cybersecurity & Privacy Law
Exploring the evolution of cybersecurity and privacy law
Latest from Inside Cybersecurity & Privacy Law - Page 2
US SEC Cyber Risk Management Proposed Rules: Analysis for Investment Advisers, Investment Companies, BDCs and Broader Implications for Private Sector
On February 9, 2022, the Securities Exchange Commission (“SEC” or “Commission”) voted 3-1 to propose rules, forms and amendments concerning cybersecurity risk management, as well as registered investment adviser and fund disclosures. As we have previously discussed, the proposal…
Minor(s) Regulation, Major Consequences? Cyberspace Administration of China’s New Draft Regulations for Online Protection of Minors
New draft Regulations on the Online Protection of Minors (Draft Regulations) were released by the Cyberspace Administration of China (CAC) on 14 March 2022. They update the 2016 Draft Regulations of the same name which were released for public comment…
Filing Instructions Released for New US Bank Incident Reporting Requirement
On March 29, 2022, the US federal banking regulators released instructions on how financial institutions should comply with recently adopted computer-security incident notification requirements.1 These instructions will assist financial institutions in satisfying their obligations under the new requirements once…
US and EU Announce New Trans-Atlantic Data Privacy Framework
On March 25, 2022, the United States and the European Union jointly announced an “agreement in principle” to a new trans-Atlantic data privacy framework to facilitate the cross-border transfer of personal data (the “Framework”).1 As part of the Framework,…
Utah Passes Comprehensive Privacy Law: How the UCPA Compares to Other State Privacy Laws
Following in the footsteps of California, Virginia and Colorado, Utah has become the fourth state to pass comprehensive consumer data privacy legislation. Utah Governor Spencer Cox signed Utah Consumer Privacy Act (“UCPA”) into law on March 24, 2022—the first major…
Standard contracts for transfers of personal data outside the UK enter into force
Today, 21 March 2022, the International Data Transfer Agreement (IDTA) and the UK Addendum to the EU standard contractual clauses have entered into force.
The IDTA and the UK Addendum can be used for transfers of personal data outside the…
Pushing the Envelope? The CAC’s Draft Regulations on Push Notifications
On 2 March 2022, the Cyberspace Administration of China (“CAC”) issued draft regulations on the administration of internet pop-up push notifications (the “Draft Regulations”). The Draft Regulations were issued pursuant to a number of laws, including the Cybersecurity Law.
The…
Looking to Invest In or Acquire a Digital Assets Business? Watch Where You Step—Realizing Value and Managing Risk
The upshot, for busy people:
- Realizing value and managing risk in investments and acquisitions of digital assets businesses means understanding several key areas of the target’s business—among them, cybersecurity, data privacy and regulatory positions.
- This is particularly challenging in light
…
Cyber Incident Reporting for Critical Infrastructure Act Signed Into US Law as Part of Omnibus Appropriations Legislation
On March 15, 2022, President Biden signed into law the Consolidated Appropriations Act, 2022, H.R. 2471. Division Y of this omnibus appropriations legislation—the Cyber Incident Reporting for Critical Infrastructure Act of 2022—will create significant new rules requiring US critical infrastructure…