As we start down the path of 2023, with the pandemic not quite behind us and economic uncertainty looming, the world can seem unsettled. Some things do appear to be a constant. Included in those are regulatory and court scrutiny on privacy and cybersecurity. As companies’ privacy and security teams make plans for their 2023 compliance efforts, it can be helpful to look back at last year’s developments.
Just as we thought 2022 was going to be significantly different than 2021, December 2021 and January 2022 events have thrown us for another (pandemic) loop. We anticipate that some of the privacy and cybersecurity developments from 2021 may similarly repeat in 2022. To help prepare for privacy and cybersecurity program plans for the year, we have created a comprehensive resource of all our www.eyeonprivacy.com posts from last year. From artificial intelligence, biometrics, new US privacy laws, ongoing scrutiny of breach and security issues, to concerns over global data flows, 2021 was a busy year. We have also included several articles focused specifically on managing privacy compliance, and include an examination of right-sized privacy programs, regulatory priorities, and managing “unknown” and unpredictable risks.
Continue Reading 2021 Privacy Year In Review
As we reach the end of January 2021, it is becoming increasingly clear that this will be a busy year in the areas of privacy and data security. Following up on our posts discussing some of the important trends from last year, the Sheppard Mullin Privacy and Cyber Security team has put together a comprehensive resource containing all of our posts from last year. From a focus on artificial intelligence, to international data flow and vendor transfer concerns, to ongoing enforcement of a patchwork of laws, we anticipate many of the issues facing companies in 2020 will not go away this year.
Continue Reading 2020 Privacy Year In Review
As we wrote yesterday, the CIO of Equifax is currently facing civil and criminal liability following trading he made after his employer suffered a major cybersecurity breach. As we indicated in our prior blog post, the SEC has filed a complaint alleging liability because he independently figured out that his employer was the victim of a breach and traded on that information.
Continue Reading You Might Be an Inside Trader If: Insider Trading and Data Breaches Part II
Earlier this year, the SEC released cybersecurity guidance addressing, among other things, the risk of insider trading in the event of a data breach. The insider trading risk includes risk that the intruder will trade on stolen information and risk that insiders will trade on the knowledge of the breach itself. In this manner, the SEC has added itself to the ever-growing pool of potential regulatory enforcers who may be quick to act in the event of a data breach.