Photo of Daniel Ilan

Daniel Ilan’s practice focuses on intellectual property law.

In 2018, data privacy and cyber breaches made headlines throughout the year.

Major companies continued to suffer data breaches, highlighting the risks and potential costs of cyber incidents across industries.  At the same time, a growing and overlapping thicket of data security and privacy regulations—within the U.S., European Union, Latin America, and elsewhere—continued to increase

On the heels of the European Union’s implementation of the General Data Protection Regulation (“GDPR”) and public outcry over the Cambridge Analytica scandal, on June 28, 2018, California enacted the most comprehensive data privacy law to date in the United States. The California Consumer Privacy Act of 2018 (the “CCPA”) was hastily passed by the

In the aftermath of the Facebook-Cambridge Analytica data privacy controversy, Senators Edward J. Markey (D-Mass.) and Richard Blumenthal (D-Conn.) introduced a federal data privacy bill on April 10, 2018 titled the Customer Online Notification for Stopping Edge-provider Network Transgressions Act, or the CONSENT Act (the “Act”).  While the Act is unlikely to pass in the near term given the lack of a Republican sponsor, it reflects increasing attention to privacy concerns in the United States, including consideration by both federal and state legislatures of significantly more prescriptive privacy requirements.
Continue Reading

Over the last year, the existential risk posed by cyberattacks and data security vulnerabilities has become one of the top concerns for boards of directors, management, government agencies, and the public.

This memo surveys some of the key cybersecurity and data privacy developments of 2017, including the major data breaches and cyberattacks, regulatory and legislative

As the implementation of China’s first comprehensive cybersecurity law (the “CCL”) progresses, concern is mounting in the international business community regarding the law’s expansive scope, prescriptive requirements and lack of clarity on a range of critical issues. Vocalizing such concern, on September 25, 2017, the United States government asked China to halt its implementation of

New York’s new cybersecurity regulations (the “Regulations”) become effective on August 28, 2017, marking a significant milestone in what is likely to be a new era in cybersecurity regulation on both a national and international level.

As governments grapple with how best to address cyber threats to their citizens, businesses and national security, there is

On August 1, 2017, the United States Court of Appeals for the D.C. Circuit held that policyholders of the health insurer CareFirst had standing to sue the company after their information was compromised during a cyberattack.

Wading into a vigorously contested area between plaintiffs and companies that have suffered data breaches, the court held that

Late last month, Target Corporation reached an $18.5 million settlement with the Attorneys General of 47 states and the District of Columbia, resolving the AGs’ investigation into Target’s 2013 data security breach.

Target’s recent settlement, when viewed in conjunction with other recent developments, provides a roadmap for prophylactic measures that companies may implement to limit

From May 2018, organizations established or providing services in the EU will be subject to new national and EU-wide cybersecurity legislation, as regulators in EU Member States begin to apply both the General Data Protection Regulation and national legislation implementing the Network and Information Security Directive.

These new laws will significantly increase the territorial and

On March 1, 2017, the New York Department of Financial Services’ Cybersecurity Regulations entered into effect.

The Regulations impose on financial institutions minimum cybersecurity standards that exceed existing federal standards and introduce new requirements, including obligations to critically evaluate cybersecurity practices, maintain detailed documentation demonstrating compliance and report cyber events to the New York Department