On 1 March 2021, Federal Law No. 519-FZ on Amendments to the Federal Law on Personal Data dated 30 December 2020 (the “Law”) came into force. The Law places additional burdens on companies operating in Russia to obtain consents from individuals whose personal data will be posted on a publicly available website, for example, while creating a profile on a…

On April 14, 2021, the New York State Department of Financial Services (the “DFS”)  announced that its cyber enforcement action against National Securities Corporation (“National Securities”) has been resolved by a Consent Order that imposes a $3 million penalty. This is the latest step in the DFS’s very active cyber-enforcement agenda.  The charges against First American Title Insurance Company are…

March gave companies plenty to take stock of.  A multi-million euro fine for deficient vendor oversight, scrutiny of unlawful data transfers to a well-known U.S. email marketing service provider, and a €475,000 penalty for late reporting of a data breach affecting just a few thousand individuals, and more.  Here are our highlights of what you need to know. Spanish DPA…

On March 15, 2021, California’s Attorney General announced the adoption of updates to the regulations implementing the California Consumer Protection Act (“CCPA”).  The final (for now) regulations are available here. These latest updates are effective immediately. The version that took effect yesterday is substantially identical to the draft updates that the Attorney General proposed on December 10, 2020.  (We discussed…

There were a few European data protection developments in February that companies may want to have on their radar.  These include a draft adequacy decision for EU-UK data transfer, renewed focus from data protection authorities (“DPAs”) on cookies compliance, and guidance from the English courts on what constitutes unsolicited marketing.  We cover those developments (and more) below. EU publishes draft…