Eversheds Sutherland Cybersecurity and Privacy Insights Blog
content top

January’s Privacy Blizzard

The start to 2019 provided scant respite from the frenetic pace of privacy and cybersecurity developments. Already this year, regulators have amended and enforced existing regulations; courts have issued significant interpretations of law; and legislators have proposed new rules aimed at increasing privacy obligations and liability for businesses. This alert highlights the pressing...

The floodgates open – Illinois Supreme Court issues landmark ruling in biometrics case

In a unanimous decision on January 25, 2019, the Illinois Supreme Court found that a plaintiff need not show actual harm to seek relief under the state’s Biometric Information and Privacy Act (BIPA). This is welcome news for plaintiffs’ attorneys who have already used BIPA as a vehicle to file dozens of class action lawsuits against businesses across a wide swath of industries in each...

New guidance proposed on the extra-territorial scope of the GDPR

The agency responsible for administering the General Data Protection Regulation (GDPR) recently proposed guidelines to clarify the extra-territorial scope of Europe’s sweeping new privacy law. While these guidelines are not yet finalized, they indicate that the reach of the GDPR spreads far beyond the European Union. American businesses that had concluded that they were likely exempt...

Right out of the box – California enacts first-of-its-kind statute regulating internet-of-things

The California legislature had a big year in 2018. While a great deal of attention has focused on the California Consumer Privacy Act of 2018 (CCPA), California also passed a less-publicized, but highly critical, statute that will regulate certain aspects of Internet of Things (IoT or connected) device security. The IoT law, known as SB-327, should have a significant impact that...

India’s highest court defends data privacy

India’s Supreme Court recently issued a holding that increases the data privacy protection that businesses operating in India must provide. The holding strikes down the portion of Section 57 of the Aadhaar Act that had previously allowed businesses to require national ID numbers, known as Aadhaar numbers, for “any purpose.” The industries most impacted by this ruling will likely be...

Malaysia seeks to expand personal data protection

Malaysia is looking to impose a data breach notification (DBN) requirement to its existing data privacy law, which would impact companies around the world who do business in Malaysia. The Malaysian Personal Data Protection Commissioner is currently hearing feedback on Public Consultation Paper No. 1/2018, which would impose a DBN requirement on companies that need to be registered with...

« Older Entries