Data Security

SEC Focused on Protecting Customer Accounts from Credential Stuffing Attacks

September 24, 2020 By Kate Hanniford

OCIE has released a risk alert regarding credential stuffing in the context of compliance with Regulation S-P and Regulation S-ID, and is encouraging firms to both (i) review and update their policies and procedures to address the risks associated with credential stuffing and (ii) consider proactive outreach to customers regarding measures taken to safeguard their […]

Brazil’s General Data Protection Law: A Comparison Between Brazil’s Newly Effective Law and the GDPR

September 19, 2020 By Dorian Simmons

Brazil’s General Data Protection Law (the “LGPD”), a law similar to the European Union’s General Data Protection Regulation (the “GDPR”) is now effective. On April 29 of this year, Brazil’s President issued Provisional Measure 959 that, amongst other things, postponed the effective date of the LGPD, which was originally set to be effective August 2020, […]

Massachusetts AG Announces Division Focused on Data Privacy and Security

August 18, 2020 By Consumer Finance Team

On August 13, Massachusetts Attorney General Maura Healey announced the creation of a Data Privacy and Security Division with the AG’s office, and named Sara Cable as Chief of the new division. The new division is intended to protect Massachusetts consumers from increased threats to the privacy and security of their data.

After Schrems II: A Proposal to Meet the Individual Redress Challenge

August 18, 2020 By Paul Greaves

On July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated the EU-U.S. Privacy Shield in the Schrems II case. In an article written by Georgia Tech professor and Alston & Bird Senior Counsel Peter Swire with co-author Kenneth Propp, entitled ‘After Schrems II: A Proposal to Meet the Individual Redress Challenge’, […]

EU Announces First Sanctions under EU Cyber Sanctions Regime

July 31, 2020 By Privacy, Cyber & Data Strategy Team

On July 30, 2020, the European Council announced sanctions against six individuals and three organizations for their involvement in a series of cyber-attacks that have caused significant damage in the EU and around the world over the last several years. The announcement follows the EU’s adoption last year of Decision (CFSP) 2019/797, which established the […]