Publications
-
Utah Consumer Privacy Act
Utah Consumer Privacy Act
March 16, 2022
The Utah Consumer Privacy Act, once signed into law, will take effect December 31, 2023, and make Utah the fourth state with a comprehensive consumer privacy law. The Act provides consumers with broad protection and rights concerning the collection, use, processing, sharing and sale of their personal information. Businesses that fail to comply may be subject to significant fines and penalties.
-
Ukraine Crisis Increases Supply Chain Cyber Risk
Ukraine Crisis Increases Supply Chain Cyber Risk
March 11, 2022
Last year, cyber threats on global supply chains were in the spotlight following the unprecedented cyber-attacks on Colonial Pipeline, JBS and SolarWinds, attacks that had far-reaching consequences for downstream businesses, customers and individual consumers. The current geopolitical climate and escalating crisis in Ukraine is amplifying concerns about the increased cyber threat to global supply chains already strained by the COVID-19 pandemic..
-
China’s New Personal Information Protection Law
China’s New Personal Information Protection Law
December 2, 2021
China’s new Personal Information Protection Law affords the country’s residents greater protection and rights over their personal data. Domestic and foreign organizations are subject to the heightened requirements, and failure to comply may subject organizations to substantial regulatory fines and penalties, revocation of business licenses, legal action and even personal liability. -
Mitigating Supply Chain Cyber Risk
Mitigating Supply Chain Cyber Risk
October 25, 2021
Blissful ignorance is not a viable defense to an organization’s third-party cyber risk, and its supply chain is one of the most vulnerable areas when it comes to data security. As ransomware attacks increase, regulators are directing their scrutiny toward companies’ information security programs. While management has responded by increasing their information security program budgets, supply chain risk departments continue to be ignored. Supply chain cyber risk is a large task, but it can be brought under control by focusing on a few key steps to manage third-party risk.
-
Ransom Demands: To Pay or Not to Pay?
U.S. Treasury Advisory on Cyber Ransom Demands
September 24, 2021
On September 21, 2021, the U.S. Department of the Treasury issued an updated advisory cautioning companies against the potential to incur sanctions by making ransom payments to cybercriminals, putting pressure on companies not to pay.
-
New Law Expands California Consumer Privacy Rights and Protections
California Consumer Privacy Rights & Protections
August 24, 2021
Any organization that conducts business in the state of California, collects or processes personal information, and meets one or more select criteria should assess their compliance with the California Privacy Rights Act, set to take effect on January 1, 2023. Failure to comply may subject companies to enforcement actions and stiff fines and penalties by regulators.
-
New York City Introduces Biometric Identifier Information Act
New York City Biometric Identifier Information Act
August 18, 2021
Following in the footsteps of the Illinois Biometric Information Privacy Act, the City of New York has enacted its own Biometric Identifier Information Act. Like its root, this new law is designed to protect and limit the use of consumers’ biometric data, which is highly personal and irreplaceable. Companies that fail to adhere to the new law may be subject to lawsuits and sizeable statutory damages.
-
New York Cracks Down on Cybersecurity Compliance
New York FAQs on Cybersecurity Compliance
August 9, 2021
-
Trifecta of New Privacy Laws Protect Personal Data
Three States’ Privacy Laws Protect Personal Data Rights
August 3, 2021
The Colorado Privacy Act and the Virginia Consumer Data Protection Act mimic California privacy laws and the EU General Data Protection Regulation (GDPR) by imposing stringent requirements on companies that collect or process personal data of state residents.
-
U.S. Government Warns Companies of Legal Risk for Paying Ransom to Cybercriminals
Legal Risk of Paying Ransom to Cybercriminals
October 6, 2020
On October 1, 2020, the U.S. Department of the Treasury issued an advisory on potential risks of sanctions for organizations that facilitate ransom payments. Companies, their cyber insurers and third parties that assist in facilitating payments to cybercriminals might be subject to liability and hefty penalties under federal laws. -
California Consumer Privacy Act: Are You Ready?
January 3, 2020
Effective January 1, 2020, the California Consumer Privacy Act (CCPA) recognizes and enforces California consumers’ right to privacy and control over their personal information. -
Check the boxes to help ensure compliance with HIPAA security and privacy rules!
December 16, 2019
As the year draws to a close, it’s an especially good time to review your businesses’ cybersecurity policies and procedures as they relate to electronic protected health information under HIPAA regulations. -
California Consumer Privacy Act Update: Amendments and Proposed Regulations
California Consumer Privacy Act Effective January 1: UPDATE
December 3, 2019
Public hearings were scheduled for the first week in December to receive comments on proposed regulations to the California Consumer Privacy Act, which goes into effect on January 1, 2020. Written comments will be accepted by the California Attorney General until 5:00 p.m. on December 6, 2019. The final regulations are expected to be released in early 2020 and will be enforced beginning in July 2020.
-
No Damages Required to Sue Under Illinois Biometric Information Privacy Act
Illinois Biometric Information Privacy Act
February 20, 2019
The Illinois Supreme Court gave the state’s Biometric Information Privacy Act more “punch” in a recent opinion holding that an individual does not need to prove harm to recover − a technical violation of the Act is sufficient to constitute standing.
-
Global Privacy Law Update
July – August 2018
-
Strict Notification & Disclosure Requirements for Government Contractors
Notification & Disclosure Requirements for Government Contractors
August 30, 2018
Businesses that seek to obtain and preserve contracts with the U.S. government, or to deal in certain enumerated defense articles and services, are subject to strict privacy regulations. These include the Defense Federal Acquisition Regulation Supplements, which impose stringent minimum security requirements and reporting obligations, and the International Traffic in Arms Regulations, which contain approval, registration and records maintenance requirements.
-
U.S. Companies Still Grappling with GDPR
Implications of GDPR for U.S. Companies
August 21, 2018
The extra-territorial reach of the EU’s new General Data Protection Regulation means that non-EU companies that collect, store, transfer or otherwise process personal data of EU residents may be required to obtain express consent to use an individual’s personal data, in addition to maintaining internal records of the company’s personal data processing activities. Moreover, companies may have a mere 72 hours to notify EU regulatory authorities of a data breach involving the personal data of EU residents.
-
Uptick in Australian Data Breach Notifications
Australian Data Breach Notifications Increase
July 30, 2018
Under Australia’s Notifiable Data Breach Scheme, organizations, not limited to Australian companies, will be forced to promptly respond to and investigate actual or suspected data breaches concerning personal information. Failure to do so may result in the commencement of a regulatory action and/or the imposition of civil penalties. Companies with potential exposure are encouraged to become familiar with the new legal requirements.
-
Canada’s New Data Breach Notification Law
Canada’s Personal Information Protection and Electronic Documents Act
July 23, 2018
On November 1, 2018, the long-awaited amendments to Canada’s Personal Information Protection and Electronic Documents Act will go into effect. These amendments and related regulations impose new mandatory notification obligations on companies in the event of a breach involving the personal information of Canadians.
-
New Sweeping California Privacy Law
New Sweeping California Privacy Law
July 11, 2018
While the California Consumer Privacy Act does not take effect until 2020, it is likely to spur other states – and perhaps the federal government – to enact broader legislative protections for the collection and use of individuals’ personal information. Meanwhile, all entities that do business in California and collect personal information of Californians should take prompt action to review and revise related assets and materials.
-
Equifax and SEC Breaches Show You Can’t Hide from Hackers
The Equifax and SEC Breach Impact
September 28, 2017
The speed of events and the fast-breaking news on the recent Equifax data breach discovered on July 29, 2017, has gone from bad to worse. An investigation revealed that the incident impacted 143 million consumers’ personally identifiable information, including names, social security numbers, dates of birth and driver’s license numbers.
-
Weapons in the Cyber Defense Arsenal
Global Cyberattack Readiness
May 22, 2017
The world recently experienced an unprecedented global cyberattack that targeted the public and private sectors, encrypting and locking electronic files. So far, it is estimated that hundreds of thousands of entities worldwide were victims of WannaCry ransomware; and just as WannaCry is subsiding, a new attack, Adylkuzz, is taking its place, crippling computers by diverting their processing power. Now the world needs to begin building a Cyber Defense Arsenal.
-
Update from Wilson Elser’s D&O Insurance Digest
Update from Wilson Elser’s D&O Insurance Digest
October 20, 2015
Wilson Elser Chicago partner Anjali Das has compiled a roundup of recent news, including litigation and mega settlements, developments in Delaware D&O law, D&O cyber liability, and recent D&O insurance coverage decisions.
-
SEC Steps Up Cybersecurity Enforcement
SEC Steps Up Cybersecurity Enforcement
October 6, 2015
In what appears to be an all-out assault on lax cybersecurity, the SEC has issued a new Alert in connection with its cybersecurity examination of Wall Street firms, entered a Cease and Desist Order against a firm for failing to adopt written policies or procedures to protect customer information, and issued an Investor Alert that highlights actions individuals should take if their personal information is compromised.
-
A Guide to Cyber Coverage
Insurance Coverage, Vol. 24, No. 4 | ABA Section of Litigation
July-August 2014
-
SEC Polices Cybersecurity on Wall Street
SEC Polices Cybersecurity on Wall Street
June 4, 2014
The SEC’s new disclosure guidance was intended to bring greater awareness and transparency to actual or potential cybersecurity risk that might be considered material to investors. However, the SEC has acknowledged that this guidance alone might not be sufficient to address investor concerns.
-
Google and the Great Divide: U.S. Privacy Rights versus EU Privacy Rights
Court of Justice: U.S. versus EU Privacy Rights
June 2, 2014
On May 13, 2014, the Court of Justice of the European Union found that an individual has the right to demand that Google remove links about him that he claimed were old and irrelevant. But which approach is best – the right to be forgotten or the right to know? The “right to be forgotten” as currently described by the Court of Justice could create a clash between freedom of speech, which is supported in the United States, and the EU’s broader concept of privacy.
-
Data Breach and Privacy Update
Spring 2013
-
D&Os in Cyberspace: SEC Endorses Social Media for Corporate Communications with Investors
Corporate Communications with Investors @ Facebook?
April 9, 2013
Companies that plan to use social media to communicate material corporate information to investors should make sure they have effective policies, controls and safeguards in place to mitigate potential risk for violations of securities or other laws.
-
Supreme Court's New Ruling May Bolster Defense of Data Breach and Privacy Cases
U.S. Supreme Court Upholds Strict Article III Standing in Privacy Case
March 25, 2013
The U.S. Supreme Court’s reaffirmation of heightened standards for future harm may significantly aid corporations in obtaining dismissals for data security and cyber beach lawsuits where plaintiffs frequently cannot show that their personal information will subject them to identity theft or be used in a manner to cause them some other concrete financial harm.
-
FCPA: Defining D&O M&A Liability for Violations
Foreign Corrupt Practices Act
December 19, 2012
The long-awaited Guidance on potential violations of the Foreign Corrupt Practices Act may provide some relief and useful tips for directors and officers of companies that have been increasingly concerned about potential exposure for successor liability emanating from FCPA violations by the acquired entity.
-
Foreign Corrupt Practices Act Gives Rise to D&O Claims
Financial Fraud Law Report
October 2012
-
Foreign Corrupt Practices Act Gives Rise to D&O Claims
June 13, 2012
Walmart is the latest high-profile target of a string of D&O claims involving the increasingly enforced Foreign Corrupt Practices Act. The SEC and DOJ have maintained an aggressive stance on FCPA violations and enforcement actions, which can lead to shareholder derivative civil actions. -
Claims Against China-Based Reverse Merger Companies: A Tempest in a Teapot of Gunpowder or Green Tea?
July 2011
Many China-based issuers have been targeted by regulators and investors alike for purported securities and accounting fraud that could ultimately cost D&O insurers millions in losses. -
D&O Insurers Be Aware: U.K. Bribery Act Takes Effect on July 1
June 2011
In light of the potential long arm of the Bribery Act, directors and officers (“D&O”) liability carriers should familiarize themselves with the potential increased exposure to their insureds. In addition, D&O insurers would be well advised to consider potential coverage issues under their policies for claims and investigations under the Bribery Act. -
New FDIC Lawsuits Attack Former Bank D&Os
May 2011
Many financial industry insiders and their insurers have been wondering where the Federal Deposit Insurance Corporation (FDIC) has been during the recent financial industry meltdown. As the appointed receiver of failed banks that are federally insured, the FDIC is expected to be at the forefront of litigation against the directors and officers (D&Os) of failed financial institutions.
-
Impact of Dodd-Frank Act on D&O Liability: Corporate Governance, Compensation, Claw-Backs and More
November 2010
Recently enacted sweeping financial legislation embodied in the Dodd-Frank Wall Street Reform and Consumer Protection Act (the Act) creates new concerns for directors and officers of all public companies – not just financial institutions. D&Os will be subject to heightened public and regulatory scrutiny in connection with corporate governance and executive compensation. Broad disclosure requirements regarding executive pay, coupled with potentially enormous financial incentives to corporate whistle-blowers, could lead to increased liability exposure for D&Os and their insurers.
-
Delaware decisions reduce hurdles to defending D&O claims
September 2009
A typical claim targeting directors and officers ("D&Os") in the context of a merger or acquisition is that the D&Os breached their fiduciary duties of care and loyalty by failing to get the best deal for shareholders. However, in a boon to D&Os and their insurers, several recent Delaware court decisions have made it easier for defendants to successfully defend these types of claims.
Additional Publications
“SEC and Other U.S. Exchanges Crack Down on Chinese and Other Reverse Merger Companies,” D&O Diary Blog, November 2011.
“Claims Against China-Based Reverse Merger Companies: A Tempest in a Teapot of Gunpowder Green Tea?,” Wilson Elser Client Alert, July 2011.
“D&O Insurers Be Wary: U.K. Bribery Act Takes Effect July 1,” PLUS Journal, July 2011.
“New FDIC Lawsuits Attack Former Bank Directors and Officers,” Wilson Elser Client Alert, May 2011.
“Impact of Dodd-Frank Act on D&O Liability: Corporate Governance, Compensation, Clawbacks and More,” Wilson Elser Client Alert, November 2010.
“D&O Settlements: Straight or Crooked?,” Wilson Elser Client Alert, 2009.
“Recent Delaware Decisions Reduce Hurdles in Defending D&O Claims,” Wilson Elser Client Alert, September 2009.
“Ninth Circuit Holds that Insured v. Insured Exclusion in D&O Policy is not ‘Gobbledygook’,” Wilson Elser Client Alert, 2009.
“The ABCs of D&O Insurance,” Illinois Bar Journal, June 2005.
“Developments in Delaware D&O Indemnification Law,” Andrews Corporate Officers and Directors Litigation Reporter, February 2005.
“D&O Insurers Personally Profit,” PLUS Journal, December 2004.