Publications
-
September 2023Security Breach Notification ChartLawyer Publications
Perkins Coie's Privacy & Security practice maintains this comprehensive chart of state laws regarding security breach notification. The chart is for informational purposes only and is intended as an aid in understanding each state’s sometimes unique security breach notification requirements.
-
01.24.2023EU Takes Step Toward Approval of EU-US Data Privacy FrameworkUpdatesThe European Commission released a draft adequacy decision approving the new EU-U.S. data privacy framework established in part by President Biden's Executive Order 14086.
-
10.10.2022President Biden Issues Executive Order Regarding Signals Intelligence Activities, Clearing Way for New Trans-Atlantic Data Privacy FrameworkUpdates
President Biden signed an executive order on October 7, 2022, changing U.S. surveillance laws to address perceived deficiencies in protecting personal data identified by European Union courts.
-
01.2022Cybersecurity RoundtableArticlesAmid colossal pandemic-generated disruption over the past two years, the global economy has witnessed burgeoning cyber crime – a complex and fervent landscape that has become increasingly sophisticated as cyber criminals continue, and even escalate, their activity in times of crisis.
-
08.12.2020President Trump Issues Executive Orders Prohibiting Transactions With the Makers of TikTok and WeChatUpdatesPresident Donald Trump signed two executive orders (the EOs) on August 6, 2020, an Executive Order on Addressing the Threat Posed by TikTok (TikTok EO) and an Executive Order on Addressing the Threat Posed by WeChat (WeChat EO).
-
07.20.2020EU Court Strikes Down EU-US Privacy ShieldUpdatesThe Court of Justice for the European Union (CJEU) on July 16, 2020, invalidated the EU-U.S. Privacy Shield as an approved mechanism for transferring personal data from the European Union to the United States.
-
02.12.2020FIRRMA Regulations FinalizedUpdatesThe Committee on Foreign Investment in the United States (CFIUS) published two final rules on January 17, 2019, to implement the Foreign Investment Risk Review Modernization Act (FIRRMA) enacted in August 2018.
-
06.27.2019States Continue to Expand Breach Notification Requirements in 2019UpdatesAs more and larger data breaches come to light, states continue to update and expand their breach notification statutes, adding to the patchwork of notification obligations that now exists in every state.
-
04.24.2019European Parliament Approves Amendments to Draft “Terrorist Content” LegislationUpdatesThe European Parliament approved several amendments to the European Commission’s proposed Regulation on preventing the dissemination of terrorist content online on April 17, 2019.
-
12.18.2018Is Your Business Prepared for Holiday Hacking?
Privacy Quick Tips
There is often an upsurge in hacking and online scams during the holidays, and businesses are not always prepared to respond. This tip includes five key steps you can take immediately to protect and defend against breaches. -
10.22.2018CFIUS Launches FIRRMA Pilot Program—Mandatory Filings for Foreign Investment in U.S. Critical TechnologiesUpdatesOn October 10, 2018, CFIUS issued interim pilot program regulations to review foreign investments in critical technologies to consider whether foreign investment might be eroding U.S. technological superiority.
-
10.19.2018European Commission Publishes Proposed Regulation Governing Online “Terrorist Content”UpdatesThe European Commission recently published its draft “Regulation on preventing the dissemination of terrorist content online.”
-
10.11.2018Keep Your Shield Up: FTC Settles With Four Companies Falsely Claiming They Comply With Privacy ShieldUpdatesThe FTC announced settlements with four companies last month of the FTC’s claims that the companies engaged in deceptive trade practices by falsely claiming to be certified under the EU-U.S. Privacy Shield.
-
06.12.2018New Data Breach Notification Laws Spring 2018: What You Need to KnowUpdatesThis spring has brought a particularly active round of revisions to state data breach notification laws.
-
04.12.20186 Ways to Improve Your Incident Response Plan for GDPRUpdatesThe General Data Protection Regulation (GDPR), which is effective May 25, 2018, requires notification to European regulators within 72 hours of the discovery of many types of data breaches. This deadline requires speed and organization that no other jurisdiction currently requires, especially in the United States. Organizations that hold personal data of EU residents and do not have an incident response plan should promptly develop one so they can comply with the GDPR’s requirements.
-
GDPR Data Breach Notification RequirementsLawyer PublicationsAny individual, corporation, business trust, estate, trust, partnership, limited liability company, association, joint venture, government, governmental subdivision, agency, or instrumentality, public corporation, or any other legal or commercial entity (collectively, Entity) that owns or licenses computerized data that includes an IA resident’s PI that is used in the course of the Entity’s business, vocation, occupation, or volunteer activities and that was subject to a breach of security.
-
11.13.2017Cybersecurity Threats—And What to do About ThemArticlesIt had been months since a data breach had consumed the news when Equifax burst on the scene in September, announcing that hackers may have accessed information on 145 million Americans.
-
11.2017/12.2017‘Is That a Target on Your Back?’: Board Cybersecurity Oversight Duty After the Target SettlementArticles
The Corporate Governance Advisor, Volume 25, Number 6
In the wake of the onerous settlement imposed on Target Corporation arising from its data breach, the cyberattack against Equifax and its aftermath, the U.S. Securities and Exchange Commission’s (SEC’s) own questionable handling of its data breach, and ongoing data breach lawsuits against directors, public company directors are rightfully concerned about their cybersecurity oversight duty. -
09.18.2017Give Your Customers the Gift of SecurityUpdates2017 has reminded us that data security threats continue to evolve and that the stakes for companies can be very high if their data security programs fail to evolve as well.
-
05.15.2017Ransomware: How to Avoid It and What to Do If You Have Been HitUpdatesComputer systems around the world have been impacted by the largest cyber-extortion attack in history.
This update has been republished in Computerworld on 05.30.2017, "Answering the WannaCry Wake-up Call." -
01.19.2017CFIUS: President-elect Trump’s Potential Big Stick for China and Foreign TradeUpdatesOn the campaign trail, President-elect Trump adopted a contentious approach towards foreign trade, focusing on Chinese “theft of American trade secrets” and suggesting, at times, potential isolationism for U.S. businesses.
-
07.13.2016Breach Response: New Laws To Know And 5 Questions To AskArticles
Law360
-
07.11.2016Data Breach Incident Response: 5 Questions to Ask and New Laws to Know NowUpdatesThe spring legislative sessions this year brought a now-familiar round of revisions to data breach notification laws, with states broadening their laws in often divergent ways.
-
02.02.2016The New EU-US Privacy Shield: Safe Harbor 2.0UpdatesTwo days after the expiration of the informal deadline to replace the Safe Harbor Framework invalidated by the Court of Justice of the European Union in October 2015, the EU and US have come to terms on a new framework—the “EU-US Privacy Shield.”
-
01.29.2016Data Breach Notification Law in California and Across the Nation Continues to EvolveUpdatesIn four of the last five years, California’s legislature has updated its data breach notification law, expanding its scope and making the required notifications more specific.
-
10.07.2015Navigating the Unsafe Harbor: Keep Calm and Carry OnUpdatesThe Court of Justice of the European Union (CJEU) issued its landmark decision in Maximillian Schrems v. Data Protection Commissioner on October 6, 2015, ultimately invalidating the U.S.-EU Safe Harbor Framework.
-
09.28.2015SEC’s Increased Cybersecurity Enforcement and How to Reduce Your RisksUpdatesThe SEC’s recent activity is part of a larger regulatory enforcement trend that should serve as a warning to all public companies that they would be wise to review and revise their cybersecurity policies, procedures and practices to ensure that they are adequate in today’s changing environment.
-
08.26.2015Third Circuit Affirms FTC Authority to Police Whether Companies Have Reasonable Data SecurityUpdatesSince at least 2005, the Federal Trade Commission has asserted that it may regulate lax data security practices as an “unfair” business practice under Section 5 of the FTC Act. The Wyndham hotel chain was the first to challenge this authority in court. In a highly anticipated opinion, the U.S. Court of Appeals for the Third Circuit resoundingly agreed with the FTC that a failure to implement reasonable data security measures may constitute an unfair business practice under Section 5.
-
06.24.2015Data Breach Requirements Expand in Nevada, Connecticut, Oregon and IllinoisUpdatesFour state legislatures closed their sessions with changes to their data breach notification laws, potentially imposing significant new compliance burdens.
-
06.10.2015The Latest CEO-CFO Cyber Scam: How To Avoid It, And What to Do If You Have Been HitArticlesThis article examine how cyber scam works, how to protect against the scam, steps to take if the scam hits your company and insurance coverage for scam damage.
-
06.04.2015Worldwide CEO-CFO Cyber Scam: Prevention and Recovery TipsUpdatesA simple yet highly effective and increasingly common cyber scam, based on social engineering and playing on fear, the desire to be helpful and other emotions, has caused U.S. companies of all sizes to lose millions of dollars in recent months.
-
05.15.2015Spring 2015 Legislative Roundup: States Expand Data Breach Notification RequirementsUpdatesDuring their spring 2015 legislative sessions, Washington, Wyoming, Montana, and North Dakota expanded their data security breach notification laws.
-
04.14.2015President Issues Executive Order to Block Assets of Foreign Cyber AttackersUpdatesPresident Obama recently issued Executive Order 13694 (EO 13694 or EO), “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities.” EO 13694 is aimed at deterring cyber attacks, cyber espionage and cyber thefts, which have become increasingly common in recent years.
-
01.08.2015Data Breach Plaintiffs Survive Dismissal Against TargetUpdatesTarget’s 2013 data breach has generated over 100 consumer lawsuits, which were consolidated last year before the U.S. District Court for the District of Minnesota. On December 18, 2014, Judge Paul A. Magnuson issued a decision on Target’s motion to dismiss the consolidated consumer cases.
-
11.28.2012National Security Law in the News: A Guide for Journalists, Scholars, and PolicymakersLawyer Publications
American Bar Association
-
05.31.2012A Brief Guide to CFIUSArticles
InsideCounsel Magazine
-
05.18.2012How Will New Cybersecurity Legislation Affect You and Your Company?Articles
InsideCounsel Magazine
-
05.04.2012
-
04.20.2012Assessing the Risks and Obligations of Network IntrusionsArticles
InsideCounsel Magazine
-
04.06.2012
-
03.23.20124 Measures to Help Protect Against Network IntrusionArticles
InsideCounsel Magazine
Presentations
-
10.10.2019
-
09.15.2016Tips for U.S. Companies in the Age of the GDPR & Privacy ShieldSpeaking Engagements
Privacy.Security.Risk.2016 / San Jose, CA
-
03.15.2016Data Security Breaches: Responding with Technology - 03/15/2016Speaking EngagementsCLE Presentation / Seattle, WAIn this program, we discussed the increasing prevalence of data security breaches and how discovery technology could expedite efficient and compliant response.
-
03.01.2016One Approach to Rule Them All—Global Privacy and SecuritySpeaking Engagements
RSA Conference-USA 2016 / San Francisco, CA
-
02.01.2016
-
09.15.2015Privacy 101: Emerging Issues in Privacy & Data SecuritySpeaking EngagementsArizona Chapter of the Association of Corporate Counsel / Phoenix, AZ
-
06.05.2015Data Breaches: Cases at the Intersection of Class Actions and Internet TechnologySpeaking EngagementsClass Actions, Law Seminars International / Seattle, WA
Perkins on Privacy
-
EU Takes Step Toward Approval of EU-US Data Privacy Framework
The European Commission released a draft adequacy decision on December 13, 2022, approving the new EU-U.S. data privacy framework established in part by President Biden’s Executive Order 14086 issued on October 7, 2022. The draft adequacy decision is the first step in the European Union’s adoption procedure. Click here to read the full Update. Continue Reading…
-
President Biden issued an executive order (EO) increasing protections and safeguards for personal data subject to signals intelligence activities. It also establishes a redress mechanism for residents of qualifying states who allege they were harmed by U.S. signals intelligence activity conducted in violation of U.S. law. The EO is intended to address perceived deficiencies in U.S. surveillance... Continue Reading…