In response to pressure from advocacy group Californians for Consumer Privacy, on June 21, 2018, California lawmakers proposed a new law, the California Consumer Privacy Act of 2018, which would significantly expand consumers’ rights over their data. The proposed law would apply to entities that do business in California, collect consumers’ personal information or determine the purpose and means of processing such data, and satisfy at least one of the following: (i) have over $25 million in annual gross revenue, (ii) buy or receive, sell or share for commercial purposes, the personal information of 50,000 or more consumers, households or devices, or (iii) derive 50 percent or more of revenue from the sale of consumer personal information.
Continue Reading California Introduces Bill Expanding Consumer Rights Over Data Privacy
Daniel J. Esannason
Failure to Comply with Breach Notification Requirement in India Costs Yes Bank $1 Million
On October 23, 2017, the Reserve Bank of India (“RBI”), India’s central banking institution, imposed a $1 million fine on Yes Bank Ltd. for failure to report a data breach within two to six hours as mandated by the “Cyber Security Framework in Banks” issued by RBI in June 2016. Under the framework, regulated banks must report all unusual cybersecurity incidents (whether they were successful or were attempts which did not fructify) to the Reserve Bank within a two-to-six hour timeframe and provide timely updates if new information comes to light.
Continue Reading Failure to Comply with Breach Notification Requirement in India Costs Yes Bank $1 Million
U.S. Supreme Court To Hear Privacy Case Regarding Emails Stored On Microsoft Servers Overseas
On October 16, 2017, the U.S. Supreme Court agreed to review a highly publicized Second Circuit decision, which held that the federal government cannot use warrants issued under the Stored Communications Act to seize customer emails stored exclusively on foreign servers. Under the decision, Microsoft was permitted to refrain from producing emails stored on a…
London Plans New Court for Cyber-Crime
On October 9, 2017, the City of London announced a plan to build a new centralized court that will hear a range of criminal and civil cases, but will be primarily focused on fraud, economic crime, and cyber-crime. The proposal comes as the Financial Conduct Authority increases its focus on cyberattacks on U.K. financial institutions,
…