Privacy & Cybersecurity

In the current environment, there exists historic levels of “dry powder” in the private equity industry. We have previously provided thoughts regarding challenges and opportunities facing the private equity industry generally.

Amidst multiple investigations into the privacy and security practices at Zoom Video Communications (“Zoom”), New York Attorney General Letitia James recently announced a settlement agreement with Zoom after the failings of the platform were brought to light by the spike in Zoom video conference participants amid the COVID-19 pandemic.

Last month, we reported that the United States Senate, Committee on Commerce, Science, and Transportation, conducted a hearing on “Enlisting Big Data in the Fight Against Coronavirus.” Specifically, the Committee focused on “examin[ing] recent uses of aggregate and anonymized consumer data to identify potential hotspots of coronavirus transmission and to help accelerate the development of treatments.”

As we previously discussed, FINRA issued guidance to member firms and their associated persons in April 2020 to remain “vigilant in their surveillance against cyber threats and take steps to reduce the risk of cyber events.”

You might find some suggestions here to add to your lists!

In Part 5 of our Roadmap Series, we take a closer look at COVID-19 screening and testing, including best practices and legal implications, as potential tools to maintain a safe workplace.

The organization known as Californians for Consumer Privacy announced yesterday that it successfully secured enough signatures to qualify adding the California Privacy Rights Act (“CPRA”) to the state’s November 2020 ballot. The group’s founder Alastair Mactaggart is a well-know public figure who was the driving force behind the infamous California Consumer Privacy Act of 2018 (the “CCPA”), which just went into effect in January.

We have been discussing the abrupt roll-out of remote workforce capabilities both in this space and in our recent webinar. As companies raced to get employees up and running remotely, business continuity was the primary focus, while privacy and cybersecurity issues likely took a backseat.

Kestra Investment Services LLC (“Kestra”) was fined $125,000 by FINRA for sharing personal customer data with a third-party vendor.

The Coronavirus Aid, Relief and Economic Security (“CARES”) Act has created a flurry of far reaching considerations for affected businesses, ranging from tax, employment, and even telehealth.

The New York Department of Financial Services (“NYDFS”) recently issued new guidance to regulated entities regarding cybersecurity awareness during the COVID-19 pandemic - citing a significant increase in cybercrime and criminals seeking to exploit the pandemic.

The Mintz Privacy team has been tracking privacy issues related to COVID-19. We have been featured in various publications talking about cybersecurity risks, GDPR regulations, the California Consumer Privacy Act, and more.

If your company is marketing any smart device, particularly if the device is involved with home security and collects personal information from users, it’s time to pay attention to the story of Tapplock. Tapplock, Inc. (“Tapplock”), is a Canadian Internet of Things (“IoT”) company that sells fingerprint-enabled padlocks that are connected to the Internet (“smart locks”).

We recently provided some insights regarding how countries across the world are using data to fight COVID-19. The United States Senate, Committee on Commerce, Science, and Transportation, has recently conducted a hearing with witnesses from academia, industry, and interested organizations on “Enlisting Big Data in the Fight Against Coronavirus.”

The US Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security has issued a rare joint alert with the UK’s National Cyber Security Centre (NCSC) regarding coronavirus-related threats. The alert warns that cybercriminals and nation -state hackers are trying to take advantage of the pandemic for criminal gain.

The COVID-19 pandemic and resulting office shutdowns has required many organizations to quickly transition to remote working environments. Going remote often requires a number of technology solutions and tools such as video conferencing, email, cloud file storage, file sharing, chat and communication platforms, and remote desktop applications, just to name a few.

The NYDFS has announced that it has extended the deadline for compliance with certain cybersecurity requirements due to the coronavirus emergency. The announcement from the Superintendent of Financial Services of the State of New York recognizes that COVID-19 may present compliance challenges for regulated entities and covered persons in meeting reporting obligations.

K-12 schools, colleges, and universities around the country have shuttered their doors—most, for the rest of the academic school year—in response to the COVID-19 pandemic.  Educational institutions are in uncharted waters, but most are rising to the occasion to provide engaging and robust online curricula to keep students educated and entertained.

The COVID-19 global pandemic presents unique legal and practical challenges for companies across all industries, including with respect to privacy and cybersecurity risks and protections. Join Mintz, ML Strategies, and one of our industry partners, The Crypsis Group, for a webinar addressing these critical issues and the dynamic and evolving cybersecurity threats.

While many companies around the world are coping with a global pandemic, some are facing additional challenges in light of a looming deadline triggered by the California Consumer Privacy Act (“CCPA”).  Citing #covid19 concerns, a coalition of more than 60 such companies made a plea this week to California’s Attorney General Xavier Becerra (“AG”) to delay the AG’s enforcement of the CCPA.