Eversheds Sutherland Cybersecurity and Privacy Insights Blog
content top

FTC Reviews Security Updates Practices of Eight Mobile Device Manufacturers

The Federal Trade Commission is requiring eight mobile device manufacturers to provide the FTC with information about how they determine to issue security updates to address vulnerabilities in smartphones, tablets, and other mobile devices. The FTC plans to use these filings to study policies, procedures, and practices used to notify customers and determine whether to provide security...

EU-U.S. Privacy Shield – Full Text Released

On February 29, 2016, the European Commission released the text of the EU-U.S. Privacy Shield. The text reveals the details of a new framework that will place stronger obligations on U.S. companies to protect the personal data of EU citizens. It will also involve heightened compliance requirements and authorizes enforcement measures by the U.S. Department of Commerce (Commerce) and the...

EU-US Privacy Shield: European Union and U.S. Reach Agreement in Principle for New Data Transfer Framework – But Uncertainty Remains

On February 2, 2016, the European Commission (EC) and the U.S. Department of Commerce (Commerce) announced that they had reached agreement on a new data transfer safe harbor arrangement for the transfer of personal data from Europe to the U.S. The new safe harbor pact, called the EU-US Privacy Shield, was negotiated in the wake of the EU Court of Justice’s (CJEU) decision in October...

The New York Department of Financial Services Releases Potential New Cybersecurity Rules

On November 9, Anthony Albanese, Acting Superintendent of the New York Department of Financial Services (NYDFS), sent a letter to the 18 members of the Financial and Banking Information Infrastructure Committee that outlines key regulatory proposals that NYDFS is considering as new regulations to increase financial sector cybersecurity defenses. The letter is written to “help spark...

The SEC’s Cybersecurity Enforcement Action: Rulemaking by Enforcement

The Securities and Exchange Commission recently brought an enforcement action against an investment adviser that, like a large number of companies, was the victim of a cyberattack. Although the SEC did not allege that any of the firm’s clients suffered harm, the Commission nonetheless sanctioned the firm for its allegedly unreasonable policies and procedures. In their article for...

« Older Entries