Eversheds Sutherland Cybersecurity and Privacy Insights Blog
content top

January’s Privacy Blizzard

The start to 2019 provided scant respite from the frenetic pace of privacy and cybersecurity developments. Already this year, regulators have amended and enforced existing regulations; courts have issued significant interpretations of law; and legislators have proposed new rules aimed at increasing privacy obligations and liability for businesses. This alert highlights the pressing cybersecurity and data privacy updates from the month of January and explains what they mean for companies. Google recently received the largest fine issued under the General Data Protection Regulation (GDPR),...
Continue Reading

Data protection and Brexit – What you can do to prepare

After the historic defeat on 15 January of the draft withdrawal agreement (defeated deal), we consider below what the implications of a no-deal Brexit would be for data protection, and the extent to which the defeated deal would have dealt with any of those issues. We also provide a checklist of actions that businesses can take to help prepare for the outcome in default – a “no deal” Brexit. Learn more.
Continue Reading

The floodgates open – Illinois Supreme Court issues landmark ruling in biometrics case

In a unanimous decision on January 25, 2019, the Illinois Supreme Court found that a plaintiff need not show actual harm to seek relief under the state’s Biometric Information and Privacy Act (BIPA). This is welcome news for plaintiffs’ attorneys who have already used BIPA as a vehicle to file dozens of class action lawsuits against businesses across a wide swath of industries in each of the last few years. According to the Illinois Supreme Court, there is an inherent right to privacy associated with biometric information, which can include data relating to fingerprints, retinas, gait and...
Continue Reading

Updata – Your quarterly privacy & cybersecurity update

Welcome to the second edition of Updata – the international quarterly update from Eversheds Sutherland’s dedicated Privacy and Cybersecurity team. Updata provides you with a compilation of privacy and cybersecurity regulatory and legal updates from our contributors around the globe over the past quarter. You can find previous editions on our dedicated webpage.  
Continue Reading

New guidance proposed on the extra-territorial scope of the GDPR

The agency responsible for administering the General Data Protection Regulation (GDPR) recently proposed guidelines to clarify the extra-territorial scope of Europe’s sweeping new privacy law. While these guidelines are not yet finalized, they indicate that the reach of the GDPR spreads far beyond the European Union. American businesses that had concluded that they were likely exempt from the GDPR based on previous interpretations should review the new guidelines to confirm that they are not subject to the GDPR’s requirements. This need to double check the applicability is especially...
Continue Reading

Vietnam sheds light on impending cybersecurity law

Vietnam recently issued a draft decree that clarifies the scope of its impending cybersecurity law and its impact on foreign businesses. The law is set to go into effect on January 1, 2019, though the implementation of certain requirements that impact foreign companies the most will likely be delayed. Unlike other cybersecurity and data privacy laws passed this year, which were inspired by Europe’s GDPR, Vietnam’s law emulates the cybersecurity regulations in place in China, and it creates a mechanism for the government to control the flow of information, including through a data...
Continue Reading

Right out of the box – California enacts first-of-its-kind statute regulating internet-of-things

The California legislature had a big year in 2018. While a great deal of attention has focused on the California Consumer Privacy Act of 2018 (CCPA), California also passed a less-publicized, but highly critical, statute that will regulate certain aspects of Internet of Things (IoT or connected) device security. The IoT law, known as SB-327, should have a significant impact that extends well beyond California’s borders when it goes into effect in 2020. Read this article to learn how companies impacted by SB-327—especially manufacturers and distributors of IoT devices—should work to ensure...
Continue Reading

FERC Issues Geomagnetic Disturbance Final Rule

FERC has approved reliability requirements to address the impacts of geomagnetic disturbances. The requirements were proposed by the North American Electric Reliability Corporation (NERC) as revisions to NERC’s mandatory and enforceable reliability standards applicable to owners and operators of major electric transmission facilities. FERC determined that NERC’s standard “better addresses the risks posed by geomagnetic disturbances (GMDs) to the Bulk-Power System” than the currently effective NERC standard. The new NERC standard revises the benchmark GMD event definition, requires the...
Continue Reading

SEC and CFTC continue efforts to regulate cryptocurrency

Important events at the Commodity Futures Trading Commission (CFTC) and the Securities and Exchange Commission (SEC) last week further indicate these regulators’ strong intent to oversee cryptocurrency markets. On November 7, 2018, the CFTC Chairman gave a speech encouraging regulators to leverage technology to help keep pace with technological advancements in the cryptocurrency space. On November 8, 2018, the SEC brought its first enforcement action against an individual for operating an unregistered crypto-exchange, moving away from previous actions relating to initial coin offerings and...
Continue Reading

California Consumer Privacy Act preparation website launched by Eversheds Sutherland

In anticipation of the California Consumer Privacy Act (CCPA), set to take effect on July 1, 2020, Eversheds Sutherland created a one-stop information hub to help companies prepare for the impending legislation that affects many organizations doing business in California. The CCPA website provides a much-needed resource that assists companies with preparation and compliance through a variety of webcasts, articles and videos. www.californiaconsumerprivacy.com Learn...
Continue Reading

India’s highest court defends data privacy

India’s Supreme Court recently issued a holding that increases the data privacy protection that businesses operating in India must provide. The holding strikes down the portion of Section 57 of the Aadhaar Act that had previously allowed businesses to require national ID numbers, known as Aadhaar numbers, for “any purpose.” The industries most impacted by this ruling will likely be banking, e-commerce and fintech industries because the Aadhar numbers helped those companies comply with India’s Know Your Customer (KYC) law. The holding left unclear the fate of legacy data which had been linked...
Continue Reading

Malaysia seeks to expand personal data protection

Malaysia is looking to impose a data breach notification (DBN) requirement to its existing data privacy law, which would impact companies around the world who do business in Malaysia. The Malaysian Personal Data Protection Commissioner is currently hearing feedback on Public Consultation Paper No. 1/2018, which would impose a DBN requirement on companies that need to be registered with the Commissioner. The industries most likely to be impacted by the DBN requirement are the financial, insurance, communication, and healthcare sectors. The DBN requirement would differ from other breach...
Continue Reading

Videocast: Blockchain technology in the financial services industry

Blockchain and distributed-ledger technology hold tremendous promise, far beyond cryptocurrencies. However, there are also real pitfalls, which are often not identified until it is too late. This Bottom Line videocast discusses: What is blockchain, and how is it broader than bitcoin and other cryptocurrencies? Why it may be revolutionary, but why it will not solve all problems—and why it can create problems of its own. Why lawyers and boards must be involved early and often to stop the problems, design solutions and identify further opportunities. This is the third in a series of three...
Continue Reading

Virtual currencies as commodities—CFTC wins battle in the fight to define cryptocurrencies as commodities but has it won the war?

A federal court in Massachusetts allowed the US Commodity Futures Trading Commission’s fraud case against virtual currency operators to continue by finding that the digital coin met the definition of “commodity” under the Commodity Exchange Act. The court rejected the defendants’ argument that the virtual currency at issue was not a “commodity” because there was no futures contract underlying the digital coin. The court applied an expansive definition of “commodity” finding the virtual currency to be within the same class as Bitcoin for which a futures contract (Bitcoin futures) trades. The...
Continue Reading