1 / 14

Developments in Cybersecurity & Data Privacy Law: A Review

This presentation outlines key developments in cybersecurity and data privacy law, including the New York DFS Cybersecurity Rules, EU General Data Protection Regulation, California Consumer Privacy Act, data breach notification laws, enforcement matters, and regulatory amendments.

dabbs
Download Presentation

Developments in Cybersecurity & Data Privacy Law: A Review

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. For Your Eyes Only:A Review of Developments in Cybersecurity and Data Privacy Law NCHER 2018 Fall Legal Meeting October 5, 2018 Hinshaw & Culbertson | Chicago, Illinois

  2. Presentation Outline New York DFS Cybersecurity Rules EU General Data Protection Regulation California Consumer Privacy Act of 2018 Data Breach Notification Laws Enforcement Matters Reg. P Amendments

  3. NY DFS Cybersecurity Rules Cybersecurity Rule, 23 NYCRR Part 500, applicable to “covered entities” Effective March 1, 2017, with various compliance deadlines September 3, 2018 – Sections 500.06 (audit trails), 500.08 (application security), 500.13 (limitation on data retention), 500.14(a) (regular monitoring) and 500.15 (encryption of nonpublic information) March 1, 2019 – Section 500.11 (third-party service provider security policy)

  4. EU GDPR – Scope • GDPR, effective May 25, 2018, applies to: “the processing of personal data of data subjects who are in the [EU] by a controller or processor not established in the [EU], where the processing activities are related to: (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the [EU]; or (b) the monitoring of their behaviour as far as their behaviour takes place within the [EU].” GDPR Art. 3.2.

  5. EU GDPR – Requirements Consent Requirements Required Disclosures When Collecting Personal Data Right of Access Right to Rectification Right to Be Forgotten Right to Restriction of Processing Right to Data Portability Data Security Requirements Data Breach Procedures

  6. CA Consumer Privacy Act Cal. Civ. Code §§ 1798.100 et seq. Enacted on June 28, 2018, effective January 1, 2020 S.B. 1121 CA AG regulations on or before January 1, 2020 CA AG cannot bring an enforcement action until the earlier of July 1, 2020 or 6 months after publication of the final regulations

  7. CA Consumer Privacy Act • Scope • Applies to “businesses” that collect “personal information” regarding California residents • Annual gross revenue in excess of $25m • Exemptions • Comply with federal, state, or local laws, or subject to GLBA

  8. CA Consumer Privacy Act • Requirements and Rights • Right to know what personal information is being collected, whether personal information is sold or disclosed, and to whom • Right to “opt-out” of sale of certain personal information • Right “to be forgotten” • Right to equal service and price

  9. Data Breach Notification Laws State Law Developments • Alabama Data Breach Notification Act of 2018, Ala. Code § 8-19F-1 • Arizona, H.B. 2154 • Colorado, H.B. 18-1128 • Connecticut, S.B. 472 • Oregon, S.B. 1551 • South Dakota, S.D. Codified Laws, Chapter 22-40 (S.B. 62)

  10. Data Breach Notification Laws Federal Developments Economic Growth, Regulatory Relief, and Consumer Protection Act (2018), Sec. 301 Treasury Dep’t Report, “A Financial System That Creates Economic Opportunities Nonbank Financials, Fintech, and Innovation” (July 2018) Consumer Information Notification Requirement Act (Rep. Luetkemeyer, H.R. 6743)

  11. Enforcement Matters • Federal Enforcement • LabMD, Inc. v. FTC (11th Cir. June. 6, 2018) • State Enforcement Actions • State of Pennsylvania v. Uber • State of Washington v. Motel 6

  12. Reg. P Amendments – Privacy Notices • FAST Act of 2015 • GLBA § 503(f) • Financial institutions that meet certain conditions are not required to provide annual privacy notices to customers • CFPB implementing regulations (Aug. 17, 2018) • 83 Fed. Reg. 40945 • Effective Sept. 17, 2018

  13. Questions?

  14. Contact Information Peter Cockrell Associate, Washington, DC McGlinchey Stafford (202) 802-9954 pcockrell@mcglinchey.com

More Related