Eversheds Sutherland Cybersecurity and Privacy Insights Blog
content top

California’s GDPR has become law

The California legislature passed the California Consumer Privacy Act, a sweeping new law that imposes stringent new GDPR-style privacy standards across sectors. Beginning in January 2020, California consumers will be granted new rights regarding how businesses collect and use their personal data, including a “right-to-be-forgotten” in certain circumstances. The law applies to...

About face: court finds biometric information creates unique privacy rights

A recent decision from a California federal court increases the risks to companies that use biometric information and reinforces the need to strictly comply with the requirements of biometric protection statutes. Key Takeaways The suit arises from the Illinois Biometric Information Privacy Act (BIPA), which governs the collection, storage, and use of biometric information, including...

Stand Up, Sit Down, Stand Up: Ninth Circuit Revives Spokeo No-injury Suit

In a decision surely welcomed by the plaintiffs’ bar, the US Court of Appeals for the Ninth Circuit held, on August 15, 2017, that a putative class action plaintiff has Article III standing as long as the plaintiff alleges just slightly more than a mere statutory violation. The case, Robins v. Spokeo, was on remand from the United States Supreme Court following that Court’s well-known...

NAIC Takes Major Step Toward Final Approval of Insurance Data Security Model Law

In a flurry of approvals last week, the National Association of Insurance Commissioners (NAIC) took substantial steps toward finalizing its proposed Insurance Data Security Model Law during the 2017 NAIC Summer National Meeting in Philadelphia. The Model Law establishes minimum cybersecurity standards consistent with New York’s cybersecurity regulation. The approval of the Model Law by...

What European Financial Institutions need to know about New York’s Cybersecurity Regulations

From 28 August 2017, banks, insurers, and other financial institutions operating in New York will be required to comply with the New York Department of Financial Services (“NYDFS”) Cybersecurity Requirements for Financial Services Companies (the “Regulations”). Finalized on March 1, 2017, firms had 180 days from the effective date to comply with the core requirements of the...

« Older Entries