Page 2 of 36

SEC Issues Risk Alert Regarding Reg S-P, Privacy, Safeguarding, and Registrant Compliance

Share

The SEC’s OCIE recently issued a Risk Alert focusing on compliance issues related to Regulation S-P, the primary SEC rule governing compliance practices for privacy notices and safeguard policies for investment advisers and broker-dealers. The Risk Alert summarizes the OCIE’s findings from two-year’s worth of issues identified in deficiency letters to assist investment advisers and broker-dealers in adopting and implementing effective policies and procedures for safeguarding customer records and information pursuant to Regulation S-P.

In this alert, partner Jim Lundy outlines the Regulation S-P requirements, the OCIE’s Regulation S-P findings and key takeaways for SEC registrants.

Read the full alert.

DOJ White Paper Answers Questions about the Scope and Applicability of the CLOUD Act

Share

Last year Congress enacted the CLOUD Act (the Clarifying Lawful Overseas Use of Data Act) to clarify the means for foreign legal authorities to access electronic information held by U.S.-based global providers. The U.S. Department of Justice (DOJ), in April 2019, issued a White Paper entitled “Promoting Public Safety, Privacy, and the Rule of Law Around the World: The Purpose and Impact of the CLOUD Act.” This White Paper lays out the policy and legal reasons for enactment of the CLOUD Act, and explains how the CLOUD Act overlays and interacts with existing laws and established inter-governmental practices.

Continue reading

The Sedona Conference Publishes Its Final, April 2019 Version of A Commentary on Information Governance, Second Edition

Share

The Sedona Conference® has released the Final Version of its Commentary on Information Governance, Second Edition (April 2019). The Second Edition of this Commentary again sets out 11 principles of information governance that provide a strategic framework for senior management to make decisions with respect to all information within an enterprise. However, the latest Commentary has been revised to incorporate changes and advances in technology and law, including on privacy, that have occurred over the past four years, and in particular in an expanded set of footnotes it includes updated references to publications of The Sedona Conference that have been issued in the intervening years since 2014.

Continue reading

Hand Me the Map, Please: Webinar Recap

Share

The critical role of data mapping in CCPA readiness and compliance

Although the California Consumer Privacy Act (CCPA) does not explicitly require that businesses engage in data mapping or relationship mapping, they probably won’t be able to develop effective CCPA compliance strategies without having both. Businesses that have engaged in data mapping in preparation for GDPR compliance will be able to leverage some of that work.

Continue reading

Datapocalypse Now: Will The CCPA Cancel Digital Advertising?

Share

When people talk about data privacy, or data collection, or tracking technology, or analytics, or click farms, or bots, or data brokers, or geolocation, or mobile apps, or social media, or influencers, in the end what they’re really talking about is digital advertising. Yet while we may feel comfortable using the phrase to broadly describe any online marketing efforts, the purpose of digital advertising is quite different from the goal of a 30 second radio spot, and shares little with its Mad Men-era ancestors beyond the name.

But today, faced with a variety of new laws and regulations designed to protect consumer privacy, lawyers and their clients are obliged to take a much deeper and more nuanced dive into modern methods of digital advertising. And many are surprised at what they find.

Continue reading

The Trump Administration Signals Heightened Scrutiny of Chinese Investment in Companies with Access to Americans’ Personal Data

Share

According to recent disclosures, the Trump Administration has been acting aggressively to control Chinese investment in companies that have access to Americans’ personal data. Last week, it was revealed that the Committee on Foreign Investment in the United States (CFIUS) has ordered Chinese company Beijing Kunlun Tech Co. Ltd. to sell its majority stake in on-line dating app Grindr over concerns that Chinese access to personal data held by Grindr could pose a threat to U.S. national security. Then, on April 4, 2019, it was announced that CFIUS had also ordered Chinese investor and digital healthcare company iCarbonX to sell its stake in the U.S. company PatientsLikeMe. PatientsLikeMe is an on-line service that links individuals suffering the same health issues in an effort to improve disease detection and treatment. Again, the concern reportedly prompting the CFIUS action is Chinese access to the personal data of Americans and the national security risk that could pose.

Continue reading

« Older posts Newer posts »

© 2019 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Disclaimer/Privacy Policy