In February 2023, the Cybersecurity Administration of China (CAC) issued the Measures for the Standard Contract for Outbound Cross-Border Transfer of Personal Information (the Measures) which became effective on June 1, 2023. It will be important for global companies to comply with these Measures. In February 2023, the Cybersecurity Administration of China (CAC) issued the Measures for the Standard Contract for Outbound Cross-Border Transfer of Personal Information (the Measures) which became effective on June 1, 2023. It will be important for global companies to comply with these Me ..read more

California has enacted the Genetic Information Privacy Act (GIPA), the nation’s first privacy law specifically targeting the use of genetic information. California has enacted the Genetic Information Privacy Act (GIPA), the nation’s first privacy law specifically targeting the use of genetic information. The law targets direct-to-consumer genetic testing companies to provide—prior to collection of the sample—certain information about the types of data to be collected and how the information will be used. The law also gives consumers rights including the right to opt out of the sale of the pers ..read more

The Biden Administration has signaled that it views national cybersecurity as an important enforcement priority. The Biden Administration has signaled that it views national cybersecurity as an important enforcement priority. In May 2021, President Biden signed an Executive Order on Improving the Nation’s Cybersecurity, stating that “the Federal Government must bring to bear the full scope of its authorities and resources to protect and secure its computer systems.” That same month, Deputy AG Monaco ordered a comprehensive cyber review “aimed at developing actionable recommendations to enhance ..read more

On August 30, 2021, the Securities and Exchange Commission (SEC) published a press release announcing that it has penalized eight investment advisory firms in three enforcement actions for failing to adopt written policies and procedures reasonably designed to safeguard customer records and information, in violation of Rule 30(a) of Regulation S-P (17 C.F.R. § 248.30(a)) (the Safeguards Rule). On August 30, 2021, the Securities and Exchange Commission (SEC) published a press release announcing that it has penalized eight investment advisory firms in three enforcement actions for failing to ado ..read more

China is poised to significantly update its current data-protection legal and regulatory framework by the upcoming passage of two new key laws. China is poised to significantly update its current data-protection legal and regulatory framework by the upcoming passage of two new key laws: 1) The PRC Personal Information Protection Law (PIPL); and 2) The PRC Data Security Law (DSL). The PIPL and DSL will have wide-ranging impact on current data regulation practices, key among which will be the changes in which these laws regulate the cross-border transfer of data, particularly where such transfer ..read more

Many issues keep employee benefit plan administrators, committees, and sponsors (plan fiduciaries) awake at night, but cybersecurity is especially troubling for many reasons. Many issues keep employee benefit plan administrators, committees, and sponsors (plan fiduciaries) awake at night, but cybersecurity is especially troubling for many reasons. Employee benefit plans face significant cybersecurity threats and, given the incredibly significant amount of assets involved, the consequences of even one single attack can be devastating. Further, plan fiduciaries can have the best cybersecurity pr ..read more

Chi Lung “Winsman” Ng, a Hong Kong citizen, was recently charged by the United States Department of Justice for conspiracy to steal trade secrets relating to sensitive semiconductor technology from U.S. company General Electric (GE) with the intention of producing it in mainland China. Chi Lung “Winsman” Ng, a Hong Kong citizen, was recently charged by the United States Department of Justice for conspiracy to steal trade secrets relating to sensitive semiconductor technology from U.S. company General Electric (GE) with the intention of producing it in mainland China. The technology at issue is ..read more

This week, an Illinois House Judiciary Committee advanced House Bill 559, which would require potential plaintiffs to give employers a 30-day opportunity to cure alleged violations of the Biometric Information Privacy Act (BIPA) prior to filing a lawsuit. This week, an Illinois House Judiciary Committee advanced House Bill 559, which would require potential plaintiffs to give employers a 30-day opportunity to cure alleged violations of the Biometric Information Privacy Act (BIPA) prior to filing a lawsuit. BIPA, passed in 2008, regulates the collection and use of biometric information. As it c ..read more

Last month, the District of Minnesota found that agricultural technology company Syngenta Seeds had plausibly stated a claim for trade secret misappropriation and denied the defendant’s motion to dismiss as to that claim.  Last month, the District of Minnesota found that agricultural technology company Syngenta Seeds had plausibly stated a claim for trade secret misappropriation and denied the defendant’s motion to dismiss as to that claim. Syngenta Seeds, LLC v. Warner, 2021 WL 679289 (D. Minn. Feb. 22, 2021). The court’s opinion provides a useful illustration of allegations that sa ..read more

On March 2, 2021, Virginia Governor Ralph Northam signed the Virginia Consumer Data Protection Act (CDPA) into law, setting up the newest state to enact broad privacy legislation aimed at giving consumers more control over their personal data. The bill will go into effect on January 1, 2023. On March 2, 2021, Virginia Governor Ralph Northam signed the Virginia Consumer Data Protection Act (CDPA) into law, setting up the newest state to enact broad privacy legislation aimed at giving consumers more control over their personal data. The bill will go into effect on January 1, 2023. Once in effect ..read more