In our January 2023 blog post, Study Finds Average Cost of Data Breaches Reaches All-Time High in 2022, we highlighted the key findings of the Ponemon Institute’s Cost of a Data Breach Report 2022. Each year, the report sets forth a vast dataset analyzing data breaches at hundreds of organizations to spot trends and developments in security risks and best practices. Recently, Ponemon Institute published its Cost of a Data Breach Report 2023, showing an increase in data breach costs in many areas of business.
Tech & Sourcing @ Morgan Lewis
TECHNOLOGY TRANSACTIONS, OUTSOURCING, AND COMMERCIAL CONTRACTS NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
Despite Delayed Adoption of Final Regulations, CPRA Is Enforceable As of Initial Enforceability Date
The Court of Appeal of the State of California (the Court of Appeals) recently ruled that Proposition 24, the California Privacy Rights Act of 2020 (CPRA), is enforceable without any further delay. The CPRA contains important changes to the California Consumer Privacy Act, including with respect to online advertising.
Join partners Don Shelkey, Kirstin Hadgis, and Ezra Church at 11:30 am–1:00 pm ET on Tuesday, February 27, 2024 as they discuss key considerations that may impact M&A transactions related to privacy and data security. The session will include a spotlight on the impact of artificial intelligence on such transactions.
The Federal Trade Commission (FTC) recently adopted a final rule amending its Standards for Safeguarding Customer Information (commonly referred to as the “Safeguards Rule”) to require financial institutions to report certain data breaches and other security events to the FTC.
In October, California enacted its newest privacy legislation, commonly referred to as the “Delete Act” (California Senate Bill No. 362). The Delete Act will allow consumers to request that any data broker that maintains any personal information related to that consumer delete such personal information.
The UK government has announced the UK extension to the EU-US Data Privacy Framework, known as the UK-US data bridge. The new framework will allow businesses to transfer personal data between the United Kingdom and the United States. This blog post explores the significance of the UK-US Data Bridge and what it means for businesses on both sides of the Atlantic.
The United Kingdom’s Information Commissioner’s Office and data protection authorities from Canada, Australia, Hong Kong, Mexico, Switzerland, Norway, New Zealand, Colombia, Jersey, Morocco, and Argentina have released a joint statement on data scraping and its impact on data privacy.
In a recent LawFlash, George Cyriac and Dr. Axel Spies reviewed key features of India’s new privacy law—the Digital Personal Data Protection Act, 2023 (DPDP Act). They also discussed what to expect regarding and how to prepare for these new requirements, including that India’s central government may enact separate rules to give effect to certain provisions of the DPDP Act.
In recent years, the gambling industry has seen significant growth, with online betting and gaming platforms becoming increasingly popular. However, this rapid expansion has also raised concerns about the potential for money laundering, fraud, and problem gambling. To address these issues, the UK Information Commissioner's Office (ICO) issued an open letter to UK Finance (an industry body for banking and financial services) urging the association to support responsible data sharing for financial checks in the gambling industry.
In a major victory for privacy professionals, technology companies, and those intending to use healthcare data to feed artificial intelligence algorithms, the US Court of Appeals for the Seventh Circuit recently rejected a putative class action regarding the collection and exchange of anonymized healthcare data.