Eversheds Sutherland Cybersecurity and Privacy Insights Blog
content top

No rest for the weary: cybersecurity and privacy enforcement actions heat up

A recent wave of cybersecurity and privacy enforcement actions cautions businesses dealing in personal data to strengthen their security and compliance plans. The New York Department of Financial Services recently announced its first enforcement action under its cybersecurity regulation. The California Attorney General began enforcement-related inquiries under the newly enacted California Consumer Privacy Act just as plaintiffs bring the first wave of class actions under the same. These actions give businesses the opportunity to incorporate key lessons and update digital strategies to...
Continue Reading

FinCEN advisory highlights increased cybercrime risks during COVID-19

FinCEN Advisory Zeroes in on Opportunistic Cybercrime During the COVID-19 Pandemic: Cybercriminals are hard at work taking advantage of weaknesses in remote processing; FinCEN issues Advisory highlighting red flags that compliance officers should be familiar with to help shore up compliance gaps; Advisory issuance signals possible increased attention by FinCEN on these crimes and lapses in AML/BSA and compliance programs. Learn more.
Continue Reading

The seismic shift of Schrems ll and what you can still do to transfer personal data to the US from the EU

If you transfer data from the EU to the US, or if your trusted service providers do, the Schrems II European Court decision has seismic significance— even if you do not rely on Privacy Shield, recent FAQs issued by the European Data Protection Board further highlight the changes: The FAQs provide further clarification on whether there is a “grace period” for those companies that had relied on the Privacy Shield. Standard Contractual Clauses now require significant additional due diligence. Binding Corporate Rules now face some of the same issues as SCCs Learn...
Continue Reading

White Paper: Implications of US laws on collection, storage, and use of biometric information

The use of biometric technology in everyday life has increased dramatically over the last few years. As a result, private entities are collecting, using, and storing biometric information from employees and consumers more than ever before. Unfortunately, the legal landscape for the private use of biometrics in the United States is unsettled. In this comprehensive white paper, we explain that landscape for private entities that seek the many benefits inherent in biometrics while mitigating the attendant legal risks. A small number of state statutes specifically govern the collection, use, and...
Continue Reading

Your quarterly privacy & cybersecurity update

Welcome to the eighth edition of Updata! Updata is an international report produced by Eversheds Sutherland’s dedicated Privacy and Cybersecurity team – it provides you with a compilation of key privacy and cybersecurity regulatory and legal developments from the past quarter. This edition covers April to June 2020 and is full of newsworthy items from our team members around the globe, including: from the USA: as of 1 July 2020, California’s Attorney General may take direct action against businesses that violate the privacy protection requirements of the California Consumer Privacy Act...
Continue Reading

Coronavirus – Data Protection considerations for alternative communication platforms – Global

Because of coronavirus, more and more companies are closing down their locations and relocating business operations to home offices. As a result, the way of communication among employees is changing. While the latest technology greatly facilitates these remote communications, there are important privacy and cybersecurity considerations, which we discuss in this article. Learn more.
Continue Reading

Cybersecurity and coronavirus—Guarding against hackers in this heightened risk environment

Hackers thrive amidst confusion and distraction, so it is important that with all the focus on coronavirus, companies—including their lawyers—remain on guard against cyber attacks. This Alert provides a series of quick, simple and crucial steps companies can take to improve cyber preparedness and response, including: Ensure employees are reminded of the critical need for cyber hygiene, especially when teleworking. Confirm that Cyber Incident Response Teams have hard copy access to response plans at home, not just in the office. Ensure that key members have a good sense of the regulatory and...
Continue Reading

Accessibility—The hidden A in the CCPA

In the scramble to come into compliance before the January 1, 2020, deadline, companies may have overlooked a key—and potentially costly—requirement in the California Consumer Privacy Act (CCPA). Under the draft regulations to the CCPA, businesses are required to ensure that their internal and external notice and privacy policies are reasonably accessible to individuals with disabilities. If they are not, stiff fines could follow, in addition to costly litigation under other California laws and the Americans with Disabilities Act (ADA). The CCPA imposes penalties of up to $7,500 per...
Continue Reading

Microsoft – Eversheds Sutherland Whitepapers: Responding to the evolving cyberthreat landscape in the financial services sector

Eversheds Sutherland, in collaboration with Microsoft, is delighted to announce the launch of our latest thought leadership paper on cyber threats to the financial services sector. The biggest changes to the threat environment are the growing scale, frequency and sophistication of the attacks—as well as the identity of the actors and their objectives. It is no longer just about theft of data, or even ransomware. We live in a world where malicious actors could launch an attack designed to disrupt and undermine the entire global financial system. Download the whitepaper for practical...
Continue Reading

Twisting in the Wind—California Attorney General issues revised CCPA regulations

On February 10, 2020, the California Attorney General published revisions to the proposed regulations to implement the California Consumer Privacy Act of 2018 (CCPA). The changes largely clarify and soften some of the more onerous or prescriptive requirements of the proposed regulations—although many challenging aspects of the regulations remain, and new concepts make an appearance as well. Limited relief from searching and disclosing personal information that is not reasonably accessible A new requirement for just-in-time notices Notice exemption for information collected from a third party...
Continue Reading

Biometrics litigation in healthcare—Symptoms may include statutory damages

Over the last few years, hundreds of putative class actions have been filed under the Illinois Biometric Information Privacy Act (BIPA), which governs the collection, use, and storage of biometric information belonging to Illinois residents. Among the biggest targets of recent BIPA lawsuits are healthcare providers, including hospitals, long-term care facilities and nursing homes. In their article for HIT Consultant, Frank Nolan, Erin Pope and Andrew Weiner discuss why it is important for companies that collect, use, or store biometric data from Illinois residents should review their...
Continue Reading

US Cybersecurity and Data Privacy review and update: Looking back on 2019 and planning ahead for 2020

The reality of cybersecurity and data privacy threats and regulations proved a sobering one for many companies in 2019. The cost of data privacy began to hit home in January, with French regulators imposing a record fine for General Data Protection Regulation (GDPR) violations, and with subsequent global data privacy fines increasing in amount and frequency throughout the year. As the year progressed, regulators did not relent, presenting a flurry of comprehensive and demanding data privacy and cybersecurity regulations, including for the California Consumer Protection Act (CCPA). The year...
Continue Reading

Your quarterly privacy & cybersecurity update

Welcome to the sixth edition of Updata! Updata is an international update produced by Eversheds Sutherland’s dedicated Privacy and Cybersecurity team – it provides you with a compilation of key privacy and cybersecurity regulatory and legal developments from the past quarter. This edition covers October to December 2019 and is full of newsworthy items from our team members around the globe, including: updates from our team in the United States on the CCPA and efforts towards a federal privacy law; in Europe, our round-up of the status of the EU’s proposed ePrivacy Regulation, the third...
Continue Reading

The state of US data privacy and cybersecurity laws in 2019

US data privacy and cybersecurity laws developed rapidly in 2019, especially in California, New York, Nevada and Massachusetts. While there are ongoing efforts to pass a federal privacy law, states are leading the way. Learn more.
Continue Reading