Global Privacy & Security Compliance Law Blog

Category Archives: Security

The EDPB’s Draft Data Transfer Guidance Following Schrems II – A Close Look

The EDPB takes a strict approach in its recent guidance on international data transfers following Schrems II, posing a difficult challenge for businesses. By Gail Crawford, Ian Felstead, Fiona Maclean, Serrin Turner, Tim Wybitul, Victoria Wan and Amy Smyth On 10 November, the European Data Protection Board (EDPB) released its much anticipated draft guidance on … Continue Reading

China Issues Draft Data Security Law for Public Comment

By Latham & Watkins on August 19, 2020 Posted in Security

The proposed Data Security Law has a broad jurisdictional scope and will expand the PRC’s regulatory framework for information and data. By Hui Xu, Gail E. Crawford, Jennifer C. Archie, Kieran Donovan, and Aster Y. Lin On July 3, 2020, the Standing Committee of the National People’s Congress of the People’s Republic of China (PRC) … Continue Reading

The Pervasive Threat of Business Email Compromise Fraud — and How to Prevent It

By Latham & Watkins on February 20, 2020 Posted in Privacy, Security

Eliminating the risk of business email compromise (BEC) attacks requires all parties to a financial transaction to pay close attention to email security, financial controls, and communication protocols. By Jennifer C. Archie, Serrin Turner, and Tim Wybitul Key Points: The FBI has identified BEC fraud as the No. 1 financial threat to businesses in the US. … Continue Reading

China Issues New Cybersecurity Law to Protect Children

By Latham & Watkins on September 9, 2019 Posted in GDPR, Privacy, Security

China’s PCPPIC protects children’s personal information in much the same way as COPPA and the GDPR, but with a few differences. By Wei-Chun (Lex) Kuo, Weina (Grace) Gao, and Cheng-Ling Chen On August 22, 2019, the Cyberspace Administration of China (CAC) released a new data privacy regulation related to children, the Provisions on Cyber Protection … Continue Reading

Post-Brexit Implications for NIS Representative Requirements

By Latham & Watkins on August 13, 2019 Posted in Legislative & Regulatory Developments, Privacy, Security

UK confirms reciprocal requirements for digital services providers to appoint UK representatives for NIS purposes, following Brexit. By Gail E. Crawford, Fiona Maclean, and Amy Smyth Following a consultation process, the UK government has now confirmed that it will put forward legislation to require non-UK-based digital services providers — larger cloud providers, search engines, and … Continue Reading

France’s CNIL Publishes New Guidance on Cookies

By Latham & Watkins on August 7, 2019 Posted in GDPR, Privacy, Security

The guidance provides general requirements for obtaining valid consent and details conditions under which audience management cookies may be exempt. By Myria Saarinen and Camille Dorval On 4 July 2019, one day after the UK Information Commissioner’s Office (ICO) published new guidance on cookies, the French Data Protection Authority (CNIL) released its own new guidance … Continue Reading

New UAE Health Law Enters Into Effect

By Latham & Watkins on June 20, 2019 Posted in Legislative & Regulatory Developments, Security

Healthcare entities should immediately assess whether Federal Law No. 2 of 2019 applies to their practices. By Brian A. Meenagh On 6 February 2019, the President of the United Arab Emirates (UAE) in conjunction with the UAE Minister of Health and Prevention (the Minister) issued a new law on the use of information and communications … Continue Reading

RuNet Law: New Russian Law Could Significantly Impact Telecom and Internet Providers and Social Media Platforms

By Latham & Watkins on May 22, 2019 Posted in Legislative & Regulatory Developments, Privacy, Security

Broadly written rules would allow the Russian government greater central control over content and data flows, and greater access to users’ information. By Fiona M. Maclean and Ksenia Koroleva On May 1, 2019, the Russian President signed draft law No. 608767-7, commonly referred to as the Russian Internet Law, or “RuNet Law” (Federal Law No. … Continue Reading

4 Questions to Consider When Dealing With Children’s Data in the US

By Latham & Watkins on February 25, 2019 Posted in GDPR, Legislative & Regulatory Developments, Privacy, Security

The FTC and many state attorneys general aggressively monitor apps, websites, and internet-connected products for COPPA compliance. By Jennifer C. Archie, Michael H. Rubin, and Alexander L. Stout In the United States, collecting data directly from children under 13 years of age is tightly regulated by a federal statute, which is aggressively monitored and enforced. … Continue Reading

GDPR & PSD2: Squaring the Circle

By Latham & Watkins on August 13, 2018 Posted in Legislative & Regulatory Developments, Privacy, Security

GDPR and PSD2 are two legal initialisms that have both generated a great deal of press coverage in recent months, but they are seldom considered together. By Christian F. McDermott, Calum Docherty and Brett Carr There were around 122 billion non-cash payments in the European Union (EU) in 2016, with card payments accounting for 49% … Continue Reading

A New Era for Data Protection in Brazil

By Latham & Watkins on August 9, 2018 Posted in Legislative & Regulatory Developments, Security

Brazilian Congress passes a data protection bill that seeks to improve privacy and cybersecurity. By Amadeu Ribeiro and Thiago Luís Sombra (Mattos Filho, Veiga Filho Marrey Jr e Quiroga Advogados) and Jennifer Archie and Terese Saplys The Brazilian Congress has been working on a bill relating to the protection of personal data for over eight … Continue Reading

FCA Speaks Out on the Ethics of Big Data

By Latham & Watkins on July 16, 2018 Posted in Privacy, Security

FCA Chair hints that new regulation addressing data ethics in the FinTech space may be on the horizon. By Nicola Higgs, Fiona Maclean and Terese Saplys Will societies of the future be ruled by algocracy, in which algorithms decide how humans are governed? Charles Randell, Chair of the Financial Conduct Authority (FCA) and Payment Systems … Continue Reading

National Cyber Security Centre Releases NIS Directive Guidance

By Latham & Watkins on February 21, 2018 Posted in Legislative & Regulatory Developments, Security

The UK agency’s principles-based guidance on cybersecurity for OES adds important detail to NIS Directive obligations. By Gail Crawford, Mark Sun, Fiona Maclean, and Malika Sajdik The National Cyber Security Centre (NCSC) has published introductory guidance for operators of essential services (OES) on the new cybersecurity rules under the EU’s Security of Network and Information … Continue Reading

US Government Contractors Face New Cybersecurity Requirements

By Latham & Watkins on December 22, 2017 Posted in Legislative & Regulatory Developments, Security

By Jennifer Archie, Serrin Turner, Kyle Jefcoat, Dean Baxtrasser and Morgan Maddoux As of December 31, 2017, many United States government contractors face a new compliance requirement involving cybersecurity. This requirement will govern most new Department of Defense (DoD) contracts and, significantly, will apply to many current DoD contracts that include the applicable standard contract … Continue Reading

Call for Cybersecurity Guidelines in International Arbitration

By Latham & Watkins on November 24, 2017 Posted in Security

By Hanna Roos and Jennifer Archie Cybercrime has become a regular feature of global news. The question is not if another attack will happen, but when. Prominent examples include the leak of millions of attorney-client documents from law firms Appleby and Mossack Fonseca, and the “Petya” attack, which brought DLA Piper’s system to a standstill. … Continue Reading

Court Rules on D-Link Motion to Dismiss in FTC Matter

By Latham & Watkins on September 22, 2017 Posted in Security

By Michael Rubin, Scott Jones, Cooper Rekrut On September 19, 2017, Judge Donato of the Northern District of California ruled on Defendant D-Link System Inc.’s (D-Link) Motion to Dismiss, which challenged claims by the Federal Trade Commission (FTC) that D-Link’s conduct constituted unfair and deceptive trade practices in violation of Section 5 of the FTC Act. … Continue Reading

Trump Administration Issues New Executive Order Focused on Strengthening Federal Cybersecurity

By Latham & Watkins on May 18, 2017 Posted in Legislative & Regulatory Developments, Security

By Steven Croley*, Jennifer Archie and Serrin Turner The Trump Administration has issued a much anticipated Executive Order (EO),“Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” directing federal executive agency heads to undertake various cyber-related reviews and to report findings back to the White House within prescribed timetables. Unlike some of the Trump Administration’s … Continue Reading

Ransomware Attacks: When Is Notification Required?

By Latham & Watkins on May 4, 2017 Posted in Security

By Jennifer C. Archie, Serrin Turner and Marissa Boynton Ransomware is one of the most prevalent cybersecurity threats afflicting businesses today. When an attack hits, a victim company must confront the difficult question whether to pay the ransom demanded in order to regain access to the company’s files and restore business operations. But there is an … Continue Reading

Germany Implements GDPR

By Latham & Watkins on April 28, 2017 Posted in Privacy, Security

By Ulrich Wuermeling Well ahead of the implementation deadline for the European General Data Protection Regulation (GDPR), the German Parliament (Bundestag) passed a new Federal Data Protection Act (Bundesdatenschutzgesetz) on April 27, 2017. The Federal Council (Bundesrat) could confirm the Act before the summer, but may require further amendments. If the Parliament and the Council fail to … Continue Reading