Cybersecurity

Subscribe to Cybersecurity via RSS

On February 2, 2022, the UK privacy regulator (i.e., the Information Commissioner’s Office or the ICO) issued new model clauses to support data transfers from the UK. Subject to approval by the UK Parliament, the new model clauses will become effective March 21, 2022. Companies transferring personal data outside the UK will have until March 21, 2024 to update existing contracts, but should use the new model clauses for any new contracts they sign as of September 21, 2022.

Background
Continue Reading New Model Clauses for Personal Data Transfers Outside the UK

So you’re a fintech startup, buying a fintech company, or expanding the technical capabilities of your financial business. Or you’re a tech company that is getting into the payments space. Where do you start when it comes to figuring out what consumer protection laws apply to you? You should be aware that, for the past several years, the Federal Trade Commission (FTC) and the Consumer Financial Protection Bureau (CFPB) have been actively enforcing consumer protection laws in the fintech space. For example, the FTC has recently brought cases involving an online lender that allegedly charged undisclosed fees, a mobile banking app that falsely promised high interest rates and 24/7 access to funds, promoters of cryptocurrency money-making schemes, and tech platforms offering in-app purchases. The CFPB most recently shuttered a VC-backed online lender for false advertising related to interest rates and loan amounts. Earlier last year, the CFPB had obtained refunds and a civil penalty against a fintech company for enabling merchants to obtain loans for consumers without their authorization.
Continue Reading Fintech and Financial Privacy: Regulatory Developments on the Use of Financial Data

On December 6, 2021, the Belgian Data Protection Authority (Belgian DPA) issued its recommendation on biometric data processing (Recommendation).[1] The Recommendation provides guidance on how to comply with the General Data Protection Regulation (GDPR) when processing biometric data.
Continue Reading Belgian Data Protection Authority Clarifies Key Rules on Biometric Data Processing

FTC Activities in 2021 and Likely Trends for 2022

2021 saw the kickoff of the Khan era at the Federal Trade Commission (FTC). During FTC Chair Lina Khan’s first nine months on the job, she has announced privacy and security initiatives that offer important insights into her priorities. Companies should pay close attention to FTC activity in 2021 and public statements from FTC’s leadership to prepare for 2022. Here’s a list of 10 likely trends we can expect to see in 2022 (in no particular order):
Continue Reading 2021 Privacy and Cybersecurity Year in Review

On November 10, 2021, the UK Supreme Court ruled[1] that class representatives in data privacy class action suits need to prove damage or distress suffered to be successful. Compensation cannot be granted simply by virtue of proving that a company violated the law. The case was heard under the UK’s pre-2018 data protection law, but the UK GDPR arguably does not change the essence of the Court’s ruling.[2]
Continue Reading Lloyd v. Google: UK Supreme Court Rejects Data Protection Class Action in Landmark Ruling

As of September 27, 2021, companies relying on Standard Contractual Clauses (SCCs) to transfer personal data outside the European Union (EU) must use the new Standard Contractual Clauses (New SCCs) when signing data processing agreements. As a result, it is time to update template data processing agreements to ensure that your company can meet this deadline.
Continue Reading Don’t Forget to Use the New SCCs to Transfer EU Personal Data as of September 27, 2021