Cybersecurity, Privacy and Data Protection > AG Data Dive
19 Jul '19

Akin Gump published a client alert on Bulgaria’s biggest ever data breach. On 15 July 2019, an unprecedented cyber-attack in Bulgaria was announced. Hackers have stolen data from the National Revenue Agency (“NRA”) relating to around 70% of Bulgaria’s population, including foreign nationals and businesses, and comprising names of individuals and companies, personal and corporate identification numbers, email addresses, healthcare and pension contributions information and income details. According to news reports, the Bulgarian Government had thus far considered the NRA system to be one of the most advanced systems, into which substantial and continuous investment has been made. By contrast, the hackers claimed the opposite. The Chairman of Bulgaria’s Commission for Personal Data Protection announced that he would commence an investigation against NRA. In the wake of such a large-scale cyber-attack, we consider certain steps which organisations and individuals might take in the context of cybersecurity and data breach.

Please click here to read the full alert.

Read More

10 Jul '19

On 9 July 2019, the Court of Justice of the European Union (CJEU) in Luxembourg heard a case brought by privacy-rights activist Max Schrems (C-311/18, Data Protection Commissioner v Facebook Ireland Limited, Maximilliam Schrems (“Schrems II”)). The CJEU sat in its Grand Chamber consisting of 15 judges, which takes place only in respect of particularly complex or important cases. Previously, in 2013, Max Schrems brought a complaint before the Irish Data Protection Commissioner (Irish DPC) on the basis that the so-called Safe Harbour agreement between the European Union (EU) and the United States (US) permitting data transfers was invalid. Broadly, Max Schrems argued that the transfer of personal data from the EU to the US (specifically to the US National Security Agency), particularly in light of who could access such data and what information was available to the owners of such data in that regard, amounted to a breach of EU law, including under the European Convention on Human Rights and the Charter of Fundamental Rights of the EU. In a landmark ruling on 6 October 2015, the Safe Harbour agreement was struck down by the CJEU for violating fundamental rights to privacy and data protection in not providing a level of protection for personal data equivalent to that which is afforded under EU law (Maximillian Schrems v Data Protection Commissioner (C-362/14) (“Schrems I”)).

Read More

25 Jun '19

Akin Gump published a client alert outlining the steps that the Trump administration and Congress have taken to implement artificial intelligence (AI) initiatives, advance private industry partnerships and research possible applications for AI. Steps include an updated R&D plan from the Trump administration February Executive Order, “Maintaining American Leadership in Artificial Intelligence”, the bipartisan Artificial Intelligence Initiative Act (AI-IA) and several hearings focusing on AI initiatives in the House of Representatives. Please click here to read the full alert.

Read More

18 Jun '19

These days, companies conducting background checks on job applicants have a lot to think about. Most companies are aware of the Fair Credit Reporting Act (FCRA) and FCRA’s various state analogs. FCRA, one of a number of federal statutes concerning collection and use of consumer data, specifically governs how and when companies can obtain and use “consumer reports,” including background checks and credit reports. Most companies are also aware that the FCRA requires employers, before obtaining a consumer report regarding a job applicant, to provide the applicant with a “clear and conspicuous disclosure” that the employer might obtain such a report. But what constitutes “clear and conspicuous”? And what does it mean for notice to be provided to the job applicant “in a document that consists solely of the disclosure”? This last issue alone has spawned a wave of class-action lawsuits all over the country.

Read More

18 Jun '19

Once again, the question of federal preemption of state laws has created battle lines within the halls of Congress. As with past fights over vehicle fuel efficiency standards, voting rights protections or myriad areas of the law where Congress explicitly chose to preempt state law, members of Congress are again divided along ideological and partisan lines. This time the divisions are over Congress’s approach to data privacy legislation and the potential of preempting California’s new privacy law.

Read More

26 Apr '19

Akin Gump published a client alert regarding a recent Risk Alert issued by the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE). The Risk Alert warned investment advisors and broker-dealers to review their policies and procedures regarding Regulation S-P (“Reg S-P”), a privacy rule designed to safeguard customer records and information and is also known as the Safeguards Rule and the Identity Theft Red Flags Rule. OCIE issued this alert after seeing repeated deficiencies in Reg S-P compliance during examinations.

Please click here to read the full alert.

Read More

12 Mar '19

Akin Gump published a client alert on the Court of Appeals for the Third Circuit issuing a precedential opinion upholding dismissal of a putative consumer class action where the plaintiff failed to plead a concrete injury-in-fact stemming from an alleged technical violation of the Fair and Accurate Credit Transactions Act of 2003. In Kamal v. J. Crew Group, Inc., the court ruled that the plaintiff failed to plead a concrete harm sufficient to confer Article III standing under the analysis set forth by the U.S. Supreme Court in Spokeo, Inc. v. Robins. The Kamal decision is notable because the Third Circuit has upheld Article III standing in other post-Spokeo cases, where an alleged injury from a procedural violation “had already materialized.” According to the court, the Kamal decision was its first “occasion to review standing where a procedural violation allegedly presents a ‘material risk of harm.’”

Please click here to read the full alert.

Read More

08 Mar '19

We attended Shoptalk 2019 for the second year in a row where we heard from industry leaders on the digital transformation affecting nearly all consumer-facing businesses, and added our perspectives on the changing legal and compliance landscape. The concepts of retail evolution, rapid innovation cycles, growing omnichannel business, increased automation and product and experiential differentiation framed this event. Leaders from many of the world’s leading businesses in retail, technology, media, direct-to-consumer, financial services, shipping and logistics, and grocery—as well as private equity firms, venture capital investors, consulting firms, business school professors and start-ups—led five tracks of substantive sessions, gave keynote addresses and presented “tabletalk” lectures.

Read More