In response to pressure from advocacy group Californians for Consumer Privacy, on June 21, 2018, California lawmakers proposed a new law, the California Consumer Privacy Act of 2018, which would significantly expand consumers’ rights over their data.  The proposed law would apply to entities that do business in California, collect consumers’ personal information or determine the purpose and means of processing such data, and satisfy at least one of the following: (i) have over $25 million in annual gross revenue, (ii) buy or receive, sell or share for commercial purposes, the personal information of 50,000 or more consumers, households or devices, or (iii) derive 50 percent or more of revenue from the sale of consumer personal information.
Continue Reading California Introduces Bill Expanding Consumer Rights Over Data Privacy

On October 23, 2017, the Reserve Bank of India (“RBI”), India’s central banking institution, imposed a $1 million fine on Yes Bank Ltd. for failure to report a data breach within two to six hours as mandated by the “Cyber Security Framework in Banks” issued by RBI in June 2016.  Under the framework, regulated banks must report all unusual cybersecurity incidents (whether they were successful or were attempts which did not fructify) to the Reserve Bank within a two-to-six hour timeframe and provide timely updates if new information comes to light. 
Continue Reading Failure to Comply with Breach Notification Requirement in India Costs Yes Bank $1 Million

On October 16, 2017, the U.S. Supreme Court agreed to review a highly publicized Second Circuit decision, which held that the federal government cannot use warrants issued under the Stored Communications Act to seize customer emails stored exclusively on foreign servers.  Under the decision, Microsoft was permitted to refrain from producing emails stored on a