Legal insights on navigating privacy, data protection, Cybersecurity, information governance, and e-discovery.
Data Law Insights Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery
- Mini-Series on CIPA – Part 4: How Big is the Risk?
by Jason Stiehl, Jacob Canter and Jazmine Buckley on February 13, 2025 at 6:51 pmJason, Jacob, and Jaz have prepared four brief posts on the California Invasion of Privacy Act (CIPA), an old law now applied to new technology. With damages of $5,000 per violation or treble damages, CIPA lawsuits cannot be ignored. If you have a website and want to protect your company from litigation costs, check out… Continue Reading…
- Mini-Series on CIPA – Part 3: Can I Eavesdrop on My Own Conversation?by Jason Stiehl, Jacob Canter and Jazmine Buckley on February 11, 2025 at 5:03 pm
Jason, Jacob, and Jaz have prepared four brief posts on the California Invasion of Privacy Act (CIPA), an old law now applied to new technology. With damages of $5,000 per violation or treble damages, CIPA lawsuits cannot be ignored. If you have a website and want to protect your company from litigation costs, check out… Continue Reading…
- Mini-Series on CIPA Part 2: What is a ‘Phone’?by Jason Stiehl, Jacob Canter and Jazmine Buckley on February 6, 2025 at 6:24 pm
Jason, Jacob, and Jaz have prepared four brief posts on the California Invasion of Privacy Act (CIPA), an old law now applied to new technology. With damages of $5,000 per violation or treble damages, CIPA lawsuits cannot be ignored. If you have a website and want to protect your company from litigation costs, check out… Continue Reading…
- Mini-Series on CIPA – Part 1: What is a ‘Communication’ Anyway?by Jason Stiehl, Jacob Canter and Jazmine Buckley on February 4, 2025 at 8:09 pm
Jason, Jacob, and Jaz have prepared four brief posts on the California Invasion of Privacy Act (CIPA), an old law now applied to new technology. With damages of $5,000 per violation or treble damages, CIPA lawsuits cannot be ignored. If you have a website and want to protect your company from litigation costs, check out… Continue Reading…
- The NIS2 Directive is on the Edge of Enforcement: What Now for EU/US Companies?by Crowell & Moring on August 26, 2024 at 1:14 pm
Key Takeaways 1. New cybersecurity measures and requirements are introduced by the EU for companies. 2. Contractual provisions with the supply chain may need to be revised. 3. High penalties and liability for management, including personal liability. I. Introduction On October 18, 2024, the requirements of Directive (EU) 2022/2555 on measures for a high common… Continue Reading…
- Text Messages Lead to $4.47B Liability in Securities Fraud Case
by John Sohn and Alicia Clausen on June 27, 2024 at 2:53 pmText messages and other non-email, electronic communications have become increasingly important in securities fraud matters. These communications are often sent from personal mobile devices and often provide key evidence. It has become clear that the most interesting, and sometimes most problematic, communications often do not take place via email. Messages sent via text and other… Continue Reading…
- SEC “Encourages” Public Companies to Disclose “Immaterial” Cybersecurity Incidents Under Item 8.01 of Form 8-Kby William J. Bruno, Anand Sithian, Jennie Wang VonCannon, Daniel L. Zelenko and Jacob Canter on May 23, 2024 at 7:16 pm
The U.S. Securities and Exchange Commission (“SEC”) adopted a final rule on July 26, 2023 that requires public companies to disclose material cybersecurity incidents under new Item 1.05 of Form 8-K. Since its adoption, public companies have faced practical challenges in determining whether and when a cybersecurity incident warrants disclosure under Item 1.05. On May… Continue Reading…
- DoD’s New Year Resolution: A Cybersecurity Maturity Model Certification Program (CMMC) Proposed Ruleby Michael G. Gruden, CIPP/G, Nkechi Kanu and Jacob Harrison on December 27, 2023 at 4:55 pm
On December 26, 2023, the Department of Defense (DoD) released the highly anticipated proposed rule for the Cybersecurity Maturity Model Certification Program (CMMC), a cybersecurity regulatory program that will likely impact most of the government contractor community. Every contractor who handles sensitive data such as Controlled Unclassified Information (CUI) or Federal Contract Information (FCI) during DoD contract… Continue Reading…
- FBI Offers Pathway to Request Delay of SEC Cybersecurity Incident Disclosuresby Daniel L. Zelenko, Jennie Wang VonCannon, William J. Bruno and Anand Sithian on December 19, 2023 at 3:15 pm
Public companies now have a pathway to request a delay in their cybersecurity incident disclosure to the U.S. Securities and Exchange Commission (“SEC”). On December 6, 2023, the Federal Bureau of Investigation (“FBI”) Cyber Division published the “Cyber Victim Requests to Delay Securities and Exchange Commission Public Disclosure Policy Notice” (the “Policy Notice”) in response… Continue Reading…
- European Parliament Adopts Final EU Data Actby Sari Depreeuw on November 17, 2023 at 2:00 pm
On November 9, 2023, the European Parliament has adopted the final version of the Data Act, marking a significant milestone in the evolving landscape of digital regulation. The Data Act is part of the European Commission’s broader strategy to shape Europe’s digital future (see our earlier posts here and here). The widespread use of internet-connected… Continue Reading…
