Eversheds Sutherland Cybersecurity and Privacy Insights Blog
content top

Coronavirus – Data Protection considerations for alternative communication platforms – Global

Because of coronavirus, more and more companies are closing down their locations and relocating business operations to home offices. As a result, the way of communication among employees is changing. While the latest technology greatly facilitates these remote communications, there are important privacy and cybersecurity considerations, which we discuss in this article. Learn more.
Continue Reading

Cybersecurity and coronavirus—Guarding against hackers in this heightened risk environment

Hackers thrive amidst confusion and distraction, so it is important that with all the focus on coronavirus, companies—including their lawyers—remain on guard against cyber attacks. This Alert provides a series of quick, simple and crucial steps companies can take to improve cyber preparedness and response, including: Ensure employees are reminded of the critical need for cyber hygiene, especially when teleworking. Confirm that Cyber Incident Response Teams have hard copy access to response plans at home, not just in the office. Ensure that key members have a good sense of the regulatory and...
Continue Reading

Accessibility—The hidden A in the CCPA

In the scramble to come into compliance before the January 1, 2020, deadline, companies may have overlooked a key—and potentially costly—requirement in the California Consumer Privacy Act (CCPA). Under the draft regulations to the CCPA, businesses are required to ensure that their internal and external notice and privacy policies are reasonably accessible to individuals with disabilities. If they are not, stiff fines could follow, in addition to costly litigation under other California laws and the Americans with Disabilities Act (ADA). The CCPA imposes penalties of up to $7,500 per...
Continue Reading

Microsoft – Eversheds Sutherland Whitepapers: Responding to the evolving cyberthreat landscape in the financial services sector

Eversheds Sutherland, in collaboration with Microsoft, is delighted to announce the launch of our latest thought leadership paper on cyber threats to the financial services sector. The biggest changes to the threat environment are the growing scale, frequency and sophistication of the attacks—as well as the identity of the actors and their objectives. It is no longer just about theft of data, or even ransomware. We live in a world where malicious actors could launch an attack designed to disrupt and undermine the entire global financial system. Download the whitepaper for practical...
Continue Reading

Twisting in the Wind—California Attorney General issues revised CCPA regulations

On February 10, 2020, the California Attorney General published revisions to the proposed regulations to implement the California Consumer Privacy Act of 2018 (CCPA). The changes largely clarify and soften some of the more onerous or prescriptive requirements of the proposed regulations—although many challenging aspects of the regulations remain, and new concepts make an appearance as well. Limited relief from searching and disclosing personal information that is not reasonably accessible A new requirement for just-in-time notices Notice exemption for information collected from a third party...
Continue Reading

Biometrics litigation in healthcare—Symptoms may include statutory damages

Over the last few years, hundreds of putative class actions have been filed under the Illinois Biometric Information Privacy Act (BIPA), which governs the collection, use, and storage of biometric information belonging to Illinois residents. Among the biggest targets of recent BIPA lawsuits are healthcare providers, including hospitals, long-term care facilities and nursing homes. In their article for HIT Consultant, Frank Nolan, Erin Pope and Andrew Weiner discuss why it is important for companies that collect, use, or store biometric data from Illinois residents should review their...
Continue Reading

US Cybersecurity and Data Privacy review and update: Looking back on 2019 and planning ahead for 2020

The reality of cybersecurity and data privacy threats and regulations proved a sobering one for many companies in 2019. The cost of data privacy began to hit home in January, with French regulators imposing a record fine for General Data Protection Regulation (GDPR) violations, and with subsequent global data privacy fines increasing in amount and frequency throughout the year. As the year progressed, regulators did not relent, presenting a flurry of comprehensive and demanding data privacy and cybersecurity regulations, including for the California Consumer Protection Act (CCPA). The year...
Continue Reading

Your quarterly privacy & cybersecurity update

Welcome to the sixth edition of Updata! Updata is an international update produced by Eversheds Sutherland’s dedicated Privacy and Cybersecurity team – it provides you with a compilation of key privacy and cybersecurity regulatory and legal developments from the past quarter. This edition covers October to December 2019 and is full of newsworthy items from our team members around the globe, including: updates from our team in the United States on the CCPA and efforts towards a federal privacy law; in Europe, our round-up of the status of the EU’s proposed ePrivacy Regulation, the third...
Continue Reading

The state of US data privacy and cybersecurity laws in 2019

US data privacy and cybersecurity laws developed rapidly in 2019, especially in California, New York, Nevada and Massachusetts. While there are ongoing efforts to pass a federal privacy law, states are leading the way. Learn more.
Continue Reading

Update: Advocate General advises that the validity of standard contractual clauses is not affected by complaints made in Schrems II

On Thursday 19 December, Advocate General Saugmandsgaard Øe published his Opinion in Case C-311/18 Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems (widely referred to as “Schrems II”). The Opinion is not binding, however it provides us with a strong indication as to what the Court of Justice of the European Union’s (“CJEU”) judgment will be. Learn...
Continue Reading

In the spotlight—Cyber resilience and risks around outsourcing

The operational resilience of financial institutions has come under increased scrutiny following a number of recent high-profile IT failures and cyberattacks. Operational resilience itself is much broader than merely IT and cyber events: it covers events ranging from natural disasters to civil unrest, and those impacting critical national and market infrastructure. Learn more.
Continue Reading

FTC effectively shuts down Utah company’s operations pending compliance with mandated data security plan

On November 12, 2019, the FTC announced that InfoTrax, a Utah technology company, agreed to implement an overhauled data security program as part of a 20-year consent agreement in the wake of a hack to the company’s network. InfoTrax is prohibited from collecting, selling, sharing, or storing personal information pending the overhaul of security operations—temporarily shutting down the company’s operations. The settlement highlights that the FTC is continuing to take a strong stance on cybersecurity. Companies that are not consumer-facing nonetheless have an obligation to maintain sound...
Continue Reading

The CLOUD Act – A cross-border data access agreement rises from the fog

The UK and the US inch closer toward easier access to certain electronic data from technology companies. It’s the first agreement of its kind under the Clarifying Lawful Overseas Use of Data Act. The US is in formal talks with Australia to enter into a similar agreement. The agreements are controversial given concerns over data privacy rights. Learn more....
Continue Reading

Your quarterly privacy and cybersecurity update

Welcome to the fifth edition of Updata! Updata is an international update report produced by Eversheds Sutherland’s dedicated Privacy and Cybersecurity team. Within, we provide you with a compilation of key privacy and cybersecurity regulatory and legal developments from the past quarter. This edition covers July to September 2019 and is packed full of interesting news items from our contributors around the globe, including: latest amendments passed into law for the California Consumer Privacy Act; new guidelines from the European Commission on Ethics in AI; the CNIL’s guidelines on cookies...
Continue Reading