Eversheds Sutherland Cybersecurity and Privacy Insights Blog
content top

Taking a stand on standing in data breach cases

At the crossroads of the California Consumer Privacy Act and Article III standing: Plaintiffs continue to test the boundaries of the CCPA’s Private Right of Action for data breaches;Courts, however, are standing firm on Article III standing requirements;That said, the costs of data breaches are rising with increased litigation and regulatory risk, so to reduce the chances of a breach,...

A Cybersecurity Storm and Winds of Change: NY DFS requires all New York financial institutions to report effects of SolarWinds hack

The New York Department of Financial Services (NY DFS) issued an alert on Friday, December 18, 2020, requiring all NY DFS regulated entities to immediately report whether they have been affected in any way by the massive, state-sponsored security breach of SolarWinds.  NY DFS’s request for immediate notification from all affected entities goes beyond what is normally required...

Once more unto the breach: The Supreme Court weighs in on a circuit split on what constitutes a hack

The United States Supreme Court hears arguments to decide the reach of the Computer Fraud and Abuse Act (CFAA). The Court is poised to decide whether to “exceed authorized access” constitutes a hack.The CFAA’s ambiguous language has created a circuit split the Supreme Court will now resolve.This decision will have far reaching implications for employers, employees, and...

No rest for the weary: cybersecurity and privacy enforcement actions heat up

A recent wave of cybersecurity and privacy enforcement actions cautions businesses dealing in personal data to strengthen their security and compliance plans. The New York Department of Financial Services recently announced its first enforcement action under its cybersecurity regulation. The California Attorney General began enforcement-related inquiries under the newly enacted...

The seismic shift of Schrems ll and what you can still do to transfer personal data to the US from the EU

If you transfer data from the EU to the US, or if your trusted service providers do, the Schrems II European Court decision has seismic significance— even if you do not rely on Privacy Shield, recent FAQs issued by the European Data Protection Board further highlight the changes: The FAQs provide further clarification on whether there is a “grace period” for those companies...

« Older Entries