Data Law Insights
142 FOLLOWERS
Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery.
Data Law Insights
3M ago
Text messages and other non-email, electronic communications have become increasingly important in securities fraud matters. These communications are often sent from personal mobile devices and often provide key evidence. It has become clear that the most interesting, and sometimes most problematic, communications often do not take place via email.
Messages sent via text and other messaging applications are increasingly being relied upon as evidence in securities fraud investigations and litigations. Since 2021, the SEC has investigated large trading firms for “off-channel communic ..read more
Data Law Insights
4M ago
The U.S. Securities and Exchange Commission (“SEC”) adopted a final rule on July 26, 2023 that requires public companies to disclose material cybersecurity incidents under new Item 1.05 of Form 8-K. Since its adoption, public companies have faced practical challenges in determining whether and when a cybersecurity incident warrants disclosure under Item 1.05.
On May 21, 2024, roughly six months after the final rule’s effective date, Erik Gerding, Director of the SEC’s Division of Corporation Finance, issued a statement signaling that public companies should consider disclosing incidents in a d ..read more
Data Law Insights
7M ago
“Browsing and location data are sensitive . . .. Full stop,” says the Federal Trade Commission. As is all granular data that can reveal “insights” that “can be attributed to particular people” through a “re-identification” procedure. This is one basis of complaints the FTC filed against Avast, X-Mode Social, and InMarket. A March 4, 2024 FTC blog post titled FTC Cracks Down on Mass Data Collectors: A Closer Look at Avast, X-Mode, and InMarket describes why these three companies’ collection of consumers’ browsing and location data raised concerns for the agency, and looks at two other data gove ..read more
DoD’s New Year Resolution: A Cybersecurity Maturity Model Certification Program (CMMC) Proposed Rule
Data Law Insights
10M ago
On December 26, 2023, the Department of Defense (DoD) released the highly anticipated proposed rule for the Cybersecurity Maturity Model Certification Program (CMMC), a cybersecurity regulatory program that will likely impact most of the government contractor community. Every contractor who handles sensitive data such as Controlled Unclassified Information (CUI) or Federal Contract Information (FCI) during DoD contract performance will be covered by this regulation. While the CMMC program builds upon the security requirements included in Defense Federal Acquisition Regulation Supplem ..read more
Data Law Insights
10M ago
Public companies now have a pathway to request a delay in their cybersecurity incident disclosure to the U.S. Securities and Exchange Commission (“SEC”). On December 6, 2023, the Federal Bureau of Investigation (“FBI”) Cyber Division published the “Cyber Victim Requests to Delay Securities and Exchange Commission Public Disclosure Policy Notice” (the “Policy Notice”) in response to the SEC’s finalized disclosure rules (the “Final Rules”). Published on July 26, 2023, the Final Rules established guidelines around cybersecurity risk management, strategy, governance, and incidents for public ..read more
Data Law Insights
11M ago
On November 9, 2023, the European Parliament has adopted the final version of the Data Act, marking a significant milestone in the evolving landscape of digital regulation. The Data Act is part of the European Commission’s broader strategy to shape Europe’s digital future (see our earlier posts here and here).
The widespread use of internet-connected products (the so-called Internet of things or “IoT”) has notably increased the volume and potential value of data for consumers, businesses, and society at large. Recognizing that barriers to data sharing hinder optimal data allocation for societa ..read more
Data Law Insights
11M ago
On October 24, 2023, the European Data Protection Supervisor (EDPS), which is the supervisory authority for the EU institutions, bodies, offices and agencies (EUIs), published a new opinion on the widely discussed proposal for an EU Regulation laying down harmonized rules on artificial intelligence (commonly known as the AI Act Proposal). Although the EDPS does not supervise the private sector, it plays an influential role in both the European and global regulatory community and this new opinion is, thus, a valuable addition to the current legislative debate.
The AI Act Proposal was published ..read more
Data Law Insights
1y ago
The summer has been anything but slow in the People’s Republic of China. China is leaning into its regulation of emerging technologies, while attempting to strike a balance with its domestic economic priorities. In just the past few weeks, state authorities have issued a slew of draft measures and announced new initiatives – all with significant ramifications for businesses processing data within the PRC. From personal information processing to facial recognition to cross-border data transfers, what follows is a highlight reel of what you may have missed while you were away on vacation, with t ..read more
Data Law Insights
1y ago
On July 25, 2023, the Senate Judiciary Committee held its fifth hearing this year on artificial intelligence (AI). This is the second hearing held by the Subcommittee on Privacy, Technology, and the Law, and it highlighted the “bipartisan unanimity” in regulating AI technology.
Overview
Chairman Richard Blumenthal (D-CT) opened the hearing by recognizing “the future is not science fiction or fantasy. It’s not even the future. It’s here and now.”
Last week, the Biden administration secured voluntary commitments focused on managing the risks posed by artificial intelligence. Blumenthal ..read more
Data Law Insights
1y ago
On July 24, 2023, an en banc Eleventh Circuit joined the majority of circuits to find that just one text is sufficient to establish standing to bring a Telephone Consumer Protection Act (“TCPA”) claim. The decision, Drazen v. Pinto, — F.4th —, 2023 WL 4699939 (11th Cir. July 24, 2023), not only undoes the panel’s original holding, but also reverses course from the Eleventh Circuit’s prior decision in Salcedo v. Hanna, 936 F.3d 1162 (11th Cir. 2019), which held that a Plaintiff who received a single text message did not have TCPA standing.
The original Drazen panel ap ..read more