From our colleagues Carla Small, Jim Halpert and Anne Kierig

Governor Andrew Cuomo has announced final cybersecurity rules for New York’s financial services sector.

The Cybersecurity Requirements for Financial Services Companies (the Final Rule), promulgated by the New York Department of Financial Services, is the most specific cybersecurity regulation in the country to apply to companies that are not critical infrastructure operators.

They apply to all New York-licensed financial services companies including banking, insurance and money transmission business lines, with very limited exceptions.

Read more here.

Continue Reading NYDFS Announces Final Cybersecurity Rules for Financial Services Sector

In this recent post to our fellow DLA blog – Technology’s Legal Edge – our colleague Giulio Coraggio identifies some of the legal issues that are being sorted out with respect to the Internet of Things, including the following:

  • Is “industrial” data personal data?
  • How do you protect data and IoT technologies?
  • Who is the owner of the data?
  • Is data kept secure?
  • What liability if things go wrong?

He also notes some EU-specific questions.  His full post can be found here.
Continue Reading The Internet of Things and its Legal Dilemmas

Today, April 14, 2016, the EU Parliament adopted the long awaited General Data Protection Regulation (GDPR). The Regulation will have a considerable impact on all organizations based in the European Union that process personal data, but also on organizations based outside of Europe providing services to the European market. The GDPR contains many key changes, among them a single set of rules applicable across all member states, stricter requirements for transparency and consent, and tougher enforcement. Non-EU companies whose businesses target EU countries will also be subject to the Regulation.

From our colleagues, Michelle J. Anderson and Jim Halpert, originally published as a Data Protection, Privacy and Security Alert (US)

According to the Data Quality Campaign, 36 states considered 110 student data privacy bills in 2014, and 20 states enacted 28 such bills into law.  At least eight of these new laws may have significant implications for businesses that provide services involving student data to schools, and most of these laws have already taken effect.

IMPLICATIONS FOR VENDORS: Some of the new state student privacy laws specifically require
Continue Reading New student data privacy laws: top points for school contractors and K-12 education sites, apps and online services

Compliments of our DLA Piper colleagues in the data protection and privacy practice, and co-editors Kate Lucente and Paul McCormack, here is the DLA Piper 2014 Data Protection Laws of the World Handbook.  This new online edition of the handbook offers a high-level snapshot of selected features of international laws as they currently stand in 72 jurisdictions across the world.  For example, here is a heat map that provides a visual representation of the privacy challenges faced in certain jurisdictions.

Here is a .pdf of the full 349-page handbook
Continue Reading Interactive 2014 Data Protection Laws of the World Handbook

Megan Muir

As companies struggle to protect and safeguard personal information, managing the legal responsibilities related to processing personal data consistent with applicable laws is a growing challenge. A well-constructed and comprehensive compliance program can provide an effective risk-management tool. Our colleagues from the DLA Piper Information Law Team have published a handbook with an overview of the applicable privacy and data protection laws and regulations across 58 different jurisdictions, including a section on enforcement. Edited by Cameron Craig, Paul McCormack, Jim Halpert, Kate Lucente,

CONTRIBUTED BY Jennifer Kashatus

Virtually every company maintains some personal information – your company might hold personal information about employees, customers, or both. The precise definition of personal information varies by state and/or statute, but, as a general matter, includes information that is capable of identifying a natural person such as (but not limited to) first name and/or initial plus last name, in combination with a postal address, social security number, driver’s license number or other state issued identification number, or financial account number, such as a bank account number or a credit card number.

Whatever personal information your company possesses, your company should take measures—and, in fact, may be required by law to take measures—to protect that information. To appropriately handle personal information and to protect one of your most valuable assets—information—take stock of the information that your company maintains as the starting point to getting your privacy house in order.

Continue Reading Getting Your Privacy House In Order

Courtesy of our DLA Piper colleagues Jim Halpert, Sydney M. White, Kate Lucente, and Haris H. Khan is a summary of the FTC’s recent proposal for modifying the Children’s Online Privacy Protection Act (COPPA) Rule.  COPPA heavily regulates the collection, use and disclosure of personal information from online users who are known to be under 13 years old and from sites and online services targeted to this population.
Continue Reading FTC Proposes Revamping Children’s Online Privacy Protection Act (COPPA) Rule