Eversheds Sutherland Cybersecurity and Privacy Insights Blog
content top

Your quarterly privacy & cybersecurity update

Welcome to the sixth edition of Updata! Updata is an international update produced by Eversheds Sutherland’s dedicated Privacy and Cybersecurity team – it provides you with a compilation of key privacy and cybersecurity regulatory and legal developments from the past quarter. This edition covers October to December 2019 and is full of newsworthy items from our team members around the globe, including: updates from our team in the United States on the CCPA and efforts towards a federal privacy law; in Europe, our round-up of the status of the EU’s proposed ePrivacy Regulation, the third...
Continue Reading

The state of US data privacy and cybersecurity laws in 2019

US data privacy and cybersecurity laws developed rapidly in 2019, especially in California, New York, Nevada and Massachusetts. While there are ongoing efforts to pass a federal privacy law, states are leading the way. Learn more.
Continue Reading

Update: Advocate General advises that the validity of standard contractual clauses is not affected by complaints made in Schrems II

On Thursday 19 December, Advocate General Saugmandsgaard Øe published his Opinion in Case C-311/18 Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems (widely referred to as “Schrems II”). The Opinion is not binding, however it provides us with a strong indication as to what the Court of Justice of the European Union’s (“CJEU”) judgment will be. Learn...
Continue Reading

In the spotlight—Cyber resilience and risks around outsourcing

The operational resilience of financial institutions has come under increased scrutiny following a number of recent high-profile IT failures and cyberattacks. Operational resilience itself is much broader than merely IT and cyber events: it covers events ranging from natural disasters to civil unrest, and those impacting critical national and market infrastructure. Learn more.
Continue Reading

FTC effectively shuts down Utah company’s operations pending compliance with mandated data security plan

On November 12, 2019, the FTC announced that InfoTrax, a Utah technology company, agreed to implement an overhauled data security program as part of a 20-year consent agreement in the wake of a hack to the company’s network. InfoTrax is prohibited from collecting, selling, sharing, or storing personal information pending the overhaul of security operations—temporarily shutting down the company’s operations. The settlement highlights that the FTC is continuing to take a strong stance on cybersecurity. Companies that are not consumer-facing nonetheless have an obligation to maintain sound...
Continue Reading

The CLOUD Act – A cross-border data access agreement rises from the fog

The UK and the US inch closer toward easier access to certain electronic data from technology companies. It’s the first agreement of its kind under the Clarifying Lawful Overseas Use of Data Act. The US is in formal talks with Australia to enter into a similar agreement. The agreements are controversial given concerns over data privacy rights. Learn more....
Continue Reading

Your quarterly privacy and cybersecurity update

Welcome to the fifth edition of Updata! Updata is an international update report produced by Eversheds Sutherland’s dedicated Privacy and Cybersecurity team. Within, we provide you with a compilation of key privacy and cybersecurity regulatory and legal developments from the past quarter. This edition covers July to September 2019 and is packed full of interesting news items from our contributors around the globe, including: latest amendments passed into law for the California Consumer Privacy Act; new guidelines from the European Commission on Ethics in AI; the CNIL’s guidelines on cookies...
Continue Reading

Dangerous seas ahead – the California Consumer Privacy Act and litigation risk

The California Consumer Privacy Act (CCPA) exposes companies doing business in California to certain litigation risks. The CCPA creates a private right of action that increases class action litigation risk for data breaches. Plaintiffs might try to use California’s Unfair Competition Law (UCL) to expand the scope of the CCPA’s private right of action. Businesses can proactively engage in compliance strategies to minimize CCPA litigation risk. Learn...
Continue Reading

Your quarterly privacy and cybersecurity update

Welcome to the latest edition of Updata – the international quarterly update from Eversheds Sutherland’s dedicated Privacy and Cybersecurity team. Updata provides you with a compilation of privacy and cybersecurity regulatory  and legal updates from our contributors around the globe over the past quarter. This quarter’s report features commentary on a number of important developments, including: Cross-border data transfer news in relation to the EU Standard Contractual Clauses and the Privacy Shield; New Chinese cybersecurity and information security guidelines and standards; Commentary from...
Continue Reading

Insuring against a data breach in the construction industry

Although hacking attempts may be most commonly directed at financial and health institutions housing troves of financial and personal data, the construction industry is not immune from the risk of a data breach. Like most industries, the construction industry continues to advance in technological innovation—projects are becoming increasingly dependent on mobile connectivity and there is a growing reliance on cloud-based storage and sharing services. In their article for Construction Executive, Eversheds Sutherland attorneys Jesse Lincoln and Margaret Flatt discuss how such innovation comes...
Continue Reading

Newfound consumer privacy focus could transform debate over expiring US surveillance authorities

Last month, partner and co-lead of Eversheds Sutherland’s global cybersecurity and data privacy practice, Michael Bahar, was invited to testify before the US Privacy and Civil Liberties Oversight Board, an independent federal agency tasked with ensuring that efforts to protect the nation from terrorism also appropriately safeguard privacy and civil liberties. The panel was focused on the expiring provisions of the USA FREEDOM Act, which reformed a provision of the Foreign Intelligence Surveillance Act related to the Government’s collection of telephone metadata (or “call detail...
Continue Reading

The global cyber scourge continues— Hong Kong Monetary Authority alerts banks on recent cyber security incidents

On May 24, 2019, the Hong Kong Monetary Authority (HKMA) issued an alert regarding eight cyber security incidents involving a total sum of HK$70,000 (Alert). While not necessarily a lot of money, it is a timely reminder to banks and the public to stay vigilant across global operations, and to maintain an up-to-date global regulatory strategy. Introduction From the Alert, three banks reported eight cases of unauthorised payment transactions of a total of HK$70,000 over a period of three weeks. It is suspected that the cyber criminals have stolen the customers’ internet banking login passwords...
Continue Reading

Is the CCPA proliferating? A midyear data privacy legislative round-up

While the California Consumer Privacy Act (CCPA) and its potential amendments are still a top concern for businesses, other states are showing that they will not be left behind. With the CCPA still set to go into effect on January 1, 2020, and enforcement delayed until July 2020, we review the major amendments to the CCPA still in play. Not to be outdone by the West Coast, New York is considering its own comprehensive data privacy bill, which may be even bolder than the CCPA. The flurry of state legislative activity during the first half of 2019 shows that cybersecurity and data privacy...
Continue Reading

The new Swedish Protective Security Act

Sweden has joined a growing number of jurisdictions that have passed strict laws to protect security-sensitive activities including cybersecurity laws that extend beyond the protection of personal data and which extend beyond national borders. Learn more.
Continue Reading