On June 10, 2021, almost exactly three years after the passing of its Cybersecurity Law (CSL), the National People’s Congress of China passed a new Data Security Law (DSL) (click here for an unofficial English translation of the DSL), which … [Read more] about People’s Republic of China Passes the Data Security Law: A Summary of What We Know
The New York Department of Financial Services (NYDFS) issued new guidance this week intended to assist organizations in thwarting ransomware attacks. The guidance clarifies the NYDFS’ expectation that NYDFS-regulated companies should “implement these … [Read more] about NYDFS Issues Guidance on Cybersecurity Controls to Combat Ransomware and Clarifies Reporting Obligations
As ransomware attacks continue to dominate the news cycle, legislation has recently been introduced in several states that would place limits on certain entities’ ability to pay a ransom payment in the event of a ransomware attack. Although the … [Read more] about State Legislatures Consider Bans on Ransomware Payments
Our Privacy, Cyber & Data Strategy Team answers five questions about the standard contractual clauses that aim to ensure compliance with Articles 28(3) and (4) of the General Data Protection Regulation: Are controllers and processors obliged … [Read more] about Alston & Bird Publishes FAQs – Standard Contractual Clauses for Controllers and Processors in the EU/EEA
The SEC has settled an enforcement action against a large title insurer in connection with public statements and disclosures made by the company in May 2019 relating to a data security incident. The underlying data security incident was the subject … [Read more] about SEC Settles Enforcement Action for Disclosure Controls Violations Stemming from Data Security Incident