Eversheds Sutherland Cybersecurity and Privacy Insights Blog
content top

Dangerous seas ahead – the California Consumer Privacy Act and litigation risk

The California Consumer Privacy Act (CCPA) exposes companies doing business in California to certain litigation risks. The CCPA creates a private right of action that increases class action litigation risk for data breaches. Plaintiffs might try to use California’s Unfair Competition Law (UCL) to expand the scope of the CCPA’s private right of action. Businesses can proactively engage in compliance strategies to minimize CCPA litigation risk. Learn...
Continue Reading

Your quarterly privacy and cybersecurity update

Welcome to the latest edition of Updata – the international quarterly update from Eversheds Sutherland’s dedicated Privacy and Cybersecurity team. Updata provides you with a compilation of privacy and cybersecurity regulatory  and legal updates from our contributors around the globe over the past quarter. This quarter’s report features commentary on a number of important developments, including: Cross-border data transfer news in relation to the EU Standard Contractual Clauses and the Privacy Shield; New Chinese cybersecurity and information security guidelines and standards; Commentary from...
Continue Reading

Insuring against a data breach in the construction industry

Although hacking attempts may be most commonly directed at financial and health institutions housing troves of financial and personal data, the construction industry is not immune from the risk of a data breach. Like most industries, the construction industry continues to advance in technological innovation—projects are becoming increasingly dependent on mobile connectivity and there is a growing reliance on cloud-based storage and sharing services. In their article for Construction Executive, Eversheds Sutherland attorneys Jesse Lincoln and Margaret Flatt discuss how such innovation comes...
Continue Reading

Newfound consumer privacy focus could transform debate over expiring US surveillance authorities

Last month, partner and co-lead of Eversheds Sutherland’s global cybersecurity and data privacy practice, Michael Bahar, was invited to testify before the US Privacy and Civil Liberties Oversight Board, an independent federal agency tasked with ensuring that efforts to protect the nation from terrorism also appropriately safeguard privacy and civil liberties. The panel was focused on the expiring provisions of the USA FREEDOM Act, which reformed a provision of the Foreign Intelligence Surveillance Act related to the Government’s collection of telephone metadata (or “call detail...
Continue Reading

The global cyber scourge continues— Hong Kong Monetary Authority alerts banks on recent cyber security incidents

On May 24, 2019, the Hong Kong Monetary Authority (HKMA) issued an alert regarding eight cyber security incidents involving a total sum of HK$70,000 (Alert). While not necessarily a lot of money, it is a timely reminder to banks and the public to stay vigilant across global operations, and to maintain an up-to-date global regulatory strategy. Introduction From the Alert, three banks reported eight cases of unauthorised payment transactions of a total of HK$70,000 over a period of three weeks. It is suspected that the cyber criminals have stolen the customers’ internet banking login passwords...
Continue Reading

Is the CCPA proliferating? A midyear data privacy legislative round-up

While the California Consumer Privacy Act (CCPA) and its potential amendments are still a top concern for businesses, other states are showing that they will not be left behind. With the CCPA still set to go into effect on January 1, 2020, and enforcement delayed until July 2020, we review the major amendments to the CCPA still in play. Not to be outdone by the West Coast, New York is considering its own comprehensive data privacy bill, which may be even bolder than the CCPA. The flurry of state legislative activity during the first half of 2019 shows that cybersecurity and data privacy...
Continue Reading

The new Swedish Protective Security Act

Sweden has joined a growing number of jurisdictions that have passed strict laws to protect security-sensitive activities including cybersecurity laws that extend beyond the protection of personal data and which extend beyond national borders. Learn more.
Continue Reading

Your quarterly privacy & cybersecurity update

Welcome to the third edition of Updata – the international quarterly update from Eversheds Sutherland’s dedicated Privacy and Cybersecurity team. Updata provides you with a compilation of privacy and cybersecurity regulatory and legal updates from our contributors around the globe over the past quarter. This quarter’s report features commentary on a number of interesting developments, including: Updated guidance from the EU’s ENISA on What is “state of the art” in IT security? and a new cybersecurity standard on internet-connected consumer devices. New laws in China, including a draft...
Continue Reading

Microsoft – Eversheds Sutherland Whitepapers: Cyber threats and data sovereignty in the oil & gas industry

Eversheds Sutherland, in collaboration with Microsoft, is delighted to announce the launch of our latest thought leadership papers: Cyber threats in the oil and gas sector: The cyber threat is changing and increasingly in the crosshairs is the energy sector. If you’re an oil and gas company, you can’t afford the loss of confidential information or disruption to operations. Download the whitepaper for practical suggestions on how to keep your organization safe. Data Sovereignty – the oil and gas perspective: Companies are increasingly running up against legal barriers to the free flow and...
Continue Reading

Biometrics beware – Compliance and the Biometric Information Privacy Act

In light of the rising tide of costly class action lawsuits brought under the Illinois Biometric Information Privacy Act (BIPA), companies that use biometrics—even, in some cases, companies outside of Illinois that do not themselves collect biometric information—should be become familiar with this statute’s strict requirements. • Even photographs, when used for security purposes like automated facial recognition, may trigger BIPA under certain circumstances. • BIPA imposes several important requirements relating to consent to collect, store, and use biometric data, as well as destruction and...
Continue Reading

The New Vendor Management World Under NYDFS’ New Cyber Regulation

As of March 1, 2019, the New York State Department of Financial Services’ (NYDFS) cybersecurity regulation, 23 NYCRR Part 500, requires financial services institutions regulated by NYDFS to implement policies and procedures to address the cybersecurity risks posed by third-party service providers to the institutions’ nonpublic information (NPI). Learn more.
Continue Reading

Know Your Tech

Technologies often provide solutions, if not game-changing solutions; but there is no solution that comes without its own challenges. Knowing what those potential challenges are up front is becoming increasingly critical. For both pragmatic and regulatory reasons, it is more important than ever that boards, senior executives and general counsels sufficiently understand technologies such as blockchain, artificial intelligence (AI) and integrated “smart” components to recognize their potential risks, not just their promise. In their article for Cybersecurity Law and Strategy, Eversheds...
Continue Reading

Will you meet the new cybersecurity vendor management requirements? ATTORNEY ADVERTISING

March 1 is upon us, now what? The deadline for the NY Department of Financial Services’ “first of its kind” cyber regulation has arrived for financial services institutions to implement programs that properly evaluate and manage the data security risks posed by their vendors. To manage these risks, institutions must go beyond the traditional vendor management function and far deeper into the contracting process.  Vendor management takes the forefront As part of our approach to advising clients in this new world of cyber regulation, our proprietary methodology includes the use of artificial...
Continue Reading

FTC Issues Largest Fine Ever Under COPPA

On February 27, the Federal Trade Commission announced a settlement with video social networking app TikTok, in which the company agreed to pay $5.7 million for violating the Children’s Online Privacy Protection Act (COPPA), the largest fine issued under the law to date. According to the FTC, the company was aware that children under 13 were using the app but failed to obtain parental consent prior to collecting the children’s names, email addresses, and phone numbers, among other information. The FTC also alleged the company failed to inform parents of its information collection...
Continue Reading