Cyber Security, Information Governance & Privacy

On February 4, the New York Department of Financial Services (DFS) released the Cyber Insurance Risk Framework (Framework), which is considered the first guidance by a U.S. regulator on cyber insurance. The Framework is aimed at property and casualty insurers that provide cyber insurance, as well as other insurers that do not write specific cyber

Last Thursday, the Eleventh Circuit affirmed a district court’s dismissal for lack of standing in a data incident case. The majority opinion, written by Senior Judge Gerald Bard Tjoflat and joined by Judge Adalberto Jordan and Senior Fourth Circuit Judge William Traxler sitting by designation, highlighted the disagreement among federal appellate courts about the type

Last week, Judge Sue Myerscough declined to certify a class of employees whose personal information was disclosed when Driveline Retail Merchandising fell prey to a phishing scam. While nearly 16,000 employees were allegedly affected, “issues of causation and injury” were insufficiently common to satisfy the requirements for class certification.

The factual background will resonate with

In Wengui v. Clark Hill, PLC, Judge Boasberg of the District Court for the District of Columbia, granted the plaintiff’s motion to compel the defendant to produce a report and additional materials associated with a cyberattack. In its ruling, the court emphasized that materials that would otherwise be created in the ordinary course of

On January 11, the Federal Trade Commission (FTC) announced it has settled with a California-based photo app developer involving allegations that it was building and using its users’ photos and videos to create facial recognition technology without their express consent.

Facial recognition software is typically comprised of three steps: detection, mapping, and identification. During the

A federal court in California has ruled that the plaintiff in a putative class action alleging theft of non-sensitive personal information arising from a cybersecurity data breach lacks Article III standing to maintain his claims. In Rahman v. Marriott International, Inc., the Plaintiff asserted claims for violation of the California Consumer Privacy Act (“CCPA”),

Do you want a simple way to keep current on important privacy changes? Avoid sleepless nights wondering whether you missed a privacy speed bump or pothole between annual updates? Worry no longer. Troutman Pepper is pleased to offer More Privacy Please, a monthly newsletter recapping significant industry and legal developments, as well as trends

On November 17, the U.S. Senate unanimously approved the Internet of Things Cybersecurity Improvement Act (H.R. 1668). The bill had strong bipartisan support and easily passed in the U.S. House of Representatives in September. The bill now waits to be signed by President Trump.

This bill mandates the creation of baseline security standards for all

Date: November 17, 2020

Time: 2-3pm ET

In this TPPPA webinar, Troutman Pepper attorneys, Ashley Taylor, Ron Raether, Sharon Klein, and Alex Nisenbaum will provide you with some key strategies to comply with the California Consumer Privacy Act (CCPA). They will discuss potential areas of regulatory enforcement, and practical takeaways that can

California voters passed Proposition 24 in last week’s general election to adopt the California Privacy Rights Act of 2020 (CPRA), which amends the California Consumer Privacy Act of 2018 (CCPA) in several ways intended to enhance consumer privacy protections. The CPRA becomes effective on January 1, 2023, except for certain provisions that will take effect