*written with assistance from co-author and W&L law student, Isabella Gray.

On May 28, 2019, the Cyberspace Administration of China (“Cybersecurity Administration”) released a set of draft Measures for Data Security Management (the “Draft Measures”).  The Draft Measures provide articles governing how network operators, defined as someone who owns and administrates a network or a

In our Southeast Financial Litigation Monitor, our own Lindsey Catlett posts about a recent opinion in Southern Independent Bank vs. Fred’s Inc., in which the Middle District of Alabama denied class certification following a data breach which allegedly affected over 2,000 financial institutions across the country. Southern Independent, a community bank located in south

In an opinion issued today (January 25, 2019), the Illinois Supreme Court found that a Six Flags season pass holder can claim a violation of the state’s biometric privacy law by collecting the thumbprint of plaintiff Stacy Rosenbach’s son without permission, even without alleging any actual harm.  This is an important ruling that could impact

On January 21, 2019, the French Data Protection Authority, the Commission Nationale de L’Informatique et de Libertés (“CNIL”) announced a sanction of 50 million euros against Google.  On May 25 and 28, 2018, the CNIL received complaints from two different associations, asserting that Google did not have a valid legal basis for the processing of

The Federal Financial Institutions Examination Council (FFIEC) has issued a joint statement providing guidance for financial institutions about the role of cyber insurance in risk management of informational technology systems. The FFIEC comprises the principals of the following: The Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration,

Over a dozen lawsuits have been filed by users and investors against Facebook after it was revealed last month that Cambridge Analytica, a political research firm, obtained personal information on millions of Facebook users. Cambridge Analytica obtained the data through a personality test app linked to Facebook accounts. Many of the lawsuits claim the information

On Wednesday, March 28, 2018, the Alabama Data Breach Notification Act of 2018 (SB318) was signed into law by the Governor, making Alabama round out the roster of 50 states with data breach notification laws.  (South Dakota’s data breach notification was signed by its governor on March 21, 2018, making it the 49

A Berlin regional court recently ruled that Facebook’s use of personal data was illegal because the social media platform did not adequately secure the informed consent of its users. A German consumer rights group, the Federal of German Consumer Organisations (vzvb) said that Facebook’s default settings and some of its terms of service were in

On January 28, 2017, as part of Data Privacy Day, Facebook shared its data privacy principles for the first time. In a blog post drafted by Erin Egan, Facebook’s Chief Privacy Officer, Facebook posted these principles to help users understand how data is used and managed on the site. Among other things, Facebook’s data privacy

With the May 25, 2018 deadline quickly approaching, many businesses are scrambling to prepare for compliance with the EU’s General Data Protection Regulation (GDPR), and questions and conversations are heating up.  Still others are still trying to wrap their arms around what GDPR is and what it means for U.S. businesses.  For those of you