The Brazilian General Data Protection Law (the “LGPD”—Lei Geral de Proteção de Dados)[1] came into effect in September 2020.  Given the LGPD’s relatively recent adoption, there has been uncertainty surrounding how public authorities and courts in Brazil will interpret and apply the law.  On February 27, 2023, the Brazilian national data protection authority (the “ANPD” Autoridade Nacional de Proteção de Dados) addressed some of this uncertainty when it issued sanctioning guidelines for the LGPD (the “Sanctioning Guidelines”).[2]  The Sanctioning Guidelines offer insight into the types of sanctions companies may face and the factors the ANDP will consider when imposing such sanctions.

Continue Reading Recent Developments In Data Privacy Enforcement In Brazil And A Comparison With The U.S. Regime

On January 10, 2023, the Resolution of the National Cybersecurity Agency’s of January 3, 2023, which includes the taxonomy of incidents affecting networks, information systems, and information services other than ICT Assets to be notified by entities included in the National Cybersecurity Perimeter, was published in the Italian Official Journal.

Please click here to read

On March 15, 2023, the U.S. Securities and Exchange Commission (“SEC”) issued proposed amendments (the “Proposal”) to Regulation S-P, which governs the treatment of nonpublic personal information about consumers by broker-dealers, registered investment advisers, registered investment companies, and transfer agents.  The Proposal would broaden the existing “safeguards” and “disposal” rules under Regulation S-P, and would require the entities to adopt “incident response programs.”

Continue Reading SEC Continues to Shine Light on Cyber and Data Security: Proposes Amendments to Regulation S-P

On March 15, 2023, the U.S. Securities and Exchange Commission (“SEC”) proposed three new cybersecurity rulemakings that, if adopted, would affect a wide range of market participants, including SEC-registered broker-dealers.

Continue Reading SEC Proposes Major New Cybersecurity Rules for Market Participants

On March 9, 2023, the Securities and Exchange Commission (“SEC”) brought an enforcement action against a public company, Blackbaud Inc. (“Blackbaud” or the “Company”), alleging that it had made misleading disclosures about a 2020 ransomware attack.[1]  This is the fourth SEC settled enforcement action concerning disclosures following a cyberattack.[2]  This development highlights increased regulatory scrutiny that public companies face related to cyberattacks and serves as a potential prelude to the SEC’s aggressiveness in enforcing its upcoming revised rules on cybersecurity incident disclosures. 

Continue Reading SEC Charges Public Company For Alleged Misleading Disclosures Surrounding Ransomware Attack

The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2023”.

As the value of data continues to increase exponentially, so too do the associated risks, including risk of cyberattacks, data breaches or data-related litigation, as well as rising regulation throughout the world

The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2023”.

In a recent survey of almost 2,800 global organizations, one in five respondents reported experiencing a ransomware attack in 2021—with almost half of those respondents suffering significant operational impacts as a result.

On 24 November 2022, the UK government announced its adequacy decision for the Republic of Korea, which will allow UK organizations to share personal data with Korean organizations more freely under the UK General Data Protection Regulation (“UK GDPR”).

Continue Reading The United Kingdom and the Republic of Korea Finalize Data Sharing Agreement

The Information Commissioner’s Office (“ICO”) has opened a consultation on new draft guidance on monitoring at work (the “Draft Guidance”).  The Draft Guidance applies in both the private and public sectors in respect of any worker, a term which is used to include employees as well as non-employee workers, independent contractors and volunteers.
Continue Reading UK ICO Issues Draft Guidance on Monitoring at Work