On Feb. 9, 2022, the SEC released its long-awaited proposed cybersecurity rule, and there’s a lot to unpack. As GT reported previously, the SEC increased enforcement of cybersecurity compliance in 2021. As recently as Jan. 24, 2022, Chair Gary Gensler made cybersecurity the focus of his speech at Northwestern Law School’s Securities Regulation
Federal Banking Regulators Issue 36-Hour Cybersecurity Breach Notification Requirement
Beginning in April 2022, banking organizations and bank service providers will be subject to the shortest regulatory breach notification reporting time frame of any law to date – 36 hours.
Sept. 29 – Oct. 1 | 2021 Virtual Privacy + Security Forum
Greenberg Traurig is sponsoring the Virtual Fall Academy 2021 Privacy + Security Forum, taking place Sept. 29 through Oct. 1, 2021.
On Sept. 29, Shareholder Ian C. Ballon, co-chair of the firm’s Global Intellectual Property & Technology Practice, will join a workshop panel on “Surprising Trends and Important Lessons from Recent Developments…
With New Cybersecurity Enforcement, the SEC Puts Its Money Where Its Mouth Is
The past 12 months have seen an increase in cybersecurity attacks against major companies, placing data breaches on the front page of virtually every major newspaper. The U.S. government has taken notice. In May, the Biden administration issued an executive order requiring government agencies and certain government contractors to comply with cybersecurity requirements. In July,…
Jena Valdetero Named to Cybersecurity Docket’s 2021 Incident Response 40 List
Jena M. Valdetero, co-chair of global law firm Greenberg Traurig, LLP’s U.S. Data, Privacy & Cybersecurity Practice, has been named to Cybersecurity Docket’s 2021 Incident Response 40 list, which “recognizes the 40 best data breach response attorneys in the business.” This year’s honorees were announced at the annual Incident Response Forum Masterclass,…
Did the CPRA expand the scope of the private right of action?
Section 1798.150 of the CCPA permits consumers to “institute a civil action” if consumer “personal information, as defined in subparagraph (A) of paragraph (1) of subdivision (d) of Section 1798.81.5, is subject to unauthorized access and exfiltration, theft, or disclosure,” and where that unauthorized access was “a result of the business’s violation” of a duty…
What categories of information could trigger a consumer class action if breached?
Consumers are permitted to bring suit under the CCPA if they can prove the following five elements:
- A business incurred a data breach;
- The data breach involved a sensitive category of information identified in California Civil Code Section 1798.81.5;
- The business had a legal duty to protect the personal information from breach;
- The business failed
Jena Valdetero Quoted in Law360 Article: “COVID Inflamed Damaging Year For Data Breach Victims”
Shareholder Jena M. Valdetero is quoted in a Law360 article titled “COVID Inflamed Damaging Year For Data Breach Victims.” Click here to access the Law360 article (subscription required).
Protecting Your Most Valuable Intellectual Property From Cyberattacks
Innovation and ingenuity captured by companies in the form of intellectual property (IP) can be some of the greatest corporate assets and as such, require protection. Trade secrets, in particular, are sensitive intellectual property rights because they consist of proprietary information that maintains its value based on its confidentiality or secret status.
If stolen, the…
Does a company need to treat exfiltration of personal data by a former employee as a data breach under the GDPR?
Possibly. The European Data Protection Board (EDPB) issued draft practical guidance on various types of data breaches to assist companies with identifying situations in which a data security incident may need to be reported to EU supervisory authorities (the government regulator for privacy in various EU member countries). The guidance addresses the common scenario of…