Data Protection

• China Passes Long-Awaited Measures on Security Assessment for Data Export

  07.14/Alert

  On July 7, 2022, the Cyberspace Administration of China (CAC) of the People’s Republic of China (PRC or China) released the final version of the long-awaited Measures on Security Assessment for Data Export (Measures, “《数据出境安全评估办法》” in Chinese). The Measures specify the thresholds of data and information, the export of which is subject to CAC’s security assessment.

• Landmark Federal Privacy Bill Clears First Congressional Hurdle

  07.08/Alert

  In early June, Rep. Frank Pallone (D-NJ-6) and Rep. Cathy McMorris Rodgers (R-WA-5), the Chair and Ranking Member of the House Energy & Commerce Committee, along with Senator Roger Wicker (R-MS), Ranking Member of the Senate Science, Commerce & Transportation Committee, unveiled a draft federal privacy bill known as the “American Data Privacy and Protection Act.” The proposal—the first to garner bipartisan, bicameral support in Congress—would establish a national framework to protect consumer data privacy and security and bolster individual privacy rights.

• Data Privacy Fines and Damages “Double Jeopardy”: UK Supreme Court Hears Google “Class Action”

  04.29/Alert

  This week sees a key hearing before the UK Supreme Court in the case of Lloyd v Google, an event long awaited by those familiar with data protection law proceedings in Europe.

• New EU Data Laws—What Nonprofit Organizations Need To Know

  04.23/Alert

  Nonprofit organizations can often handle large amounts of data originating in the EU. Though it is a common misconception that nonprofits are exempt from GDPR compliance, the fact is they are not.

• Blockchain and the Legal Landscape

  03.26/Video

  In this video, Pillsbury partner Mercedes Tunstall discusses some of the important legal issues to consider when exploring a blockchain solution.

• Oh No, Mr. Robot Just Hacked Our Smart Building…

  03.26/Blog

  Despite some very real-world examples, such as a 2017 breach of Dallas' emergency siren system, there seems to be little recognition of the security risk that connected buildings and smart cities entail.

• Top Ten Emerging Trends in Pay Ratio Disclosure

  03.21/Alert

  Preliminary trends are emerging from the pay ratio disclosures filed by U.S. public companies in 2018.

• European Businesses Offering Payment Services Told How to Manage Operational and Security Risks

  01.29/Alert

  The European Banking Authority has unveiled nine operational and risk management guidelines with which all payment services providers are expected to comply.

• Time Is of the Essence: Multinational Companies Must Respond to Cyber Regulation

  11.30/Blog

  Cyberinsurance could help mitigate risk for companies impacted by the new EU General Data Protection Regulation when it takes effect in May.

• EU Data Transfer Solutions Under Further Judicial Scrutiny – What Next For Model Contract Clauses?

  11.16/Blog

  Many organizations rely on MCCs to transfer personal data worldwide. That's why data exporters await an EU ruling on the issue with bated breath.

• The ICO’s Draft Guidance Leaves Unanswered Questions on Processor Obligation to Notify Infringing Instructions

  11.13/Blog

  One GDPR requirement has been a particular source of angst for commercial and data protection professionals--especially those acting for processors and sub-processors.

• Cyberattacks Are the New Norm

  09.21/Alert

  Attorneys general are increasingly launching investigations and filing lawsuits against companies whose customer databases have been stolen. Because of the significant possibility of government action, companies should fully understand their liability insurance policies, obligations and risks.