Privacy & Data Protection

  • Agnès Dunogué, Christopher LaVigne and Jeewon Kim Serrato Co-Author Article on Microsoft Corp. v. United States

    Sep 2017

    On July 14, 2016, the United States Court of Appeals for the Second Circuit released its decision in Microsoft Corp. v. United States, rejecting the U.S. government’s efforts to require Microsoft to turn over emails held overseas in its data center in Dublin, Ireland, pursuant to a judicially authorized search warrant. Partners Agnès Dunogué and Christopher LaVigne (both New York-Litigation) and counsel Jeewon Kim Serrato (San Francisco-Privacy & Data Protection) co-authored “Implications of Microsoft’s Win in Overseas Server Email Case” for E-Commerce Law and Policy in which they explain how this decision, while narrow, runs counter to a trend in which courts have generally accepted the U.S. government’s efforts to obtain evidence stored abroad. They also discuss how the case may have meaningful implications for where corporations store their data in the future and on the U.S. government’s ability to use certain investigative techniques to obtain data stored overseas.

  • Connecting the Dots: Key Developments and Best Practices for Evaluating Privacy and Security Risks in IoT Investments

    6 Sep 2017

    The market for internet-connected devices (often referred to as the Internet of Things, or IoT) is growing rapidly. Investment in this burgeoning space can be attractive, and according to research firm IDC, the worldwide spending on IoT could reach up to $1.4 trillion in 2021. There are unique risks associated with IoT investments, however, and potential investors should assess certain privacy and data protection issues when considering potential opportunities.

  • Podcast: Jeewon Kim Serrato on the Connected World and Privacy

    28 Aug 2017

    Counsel Jeewon Kim Serrato (Privacy & Data Protection-San Francisco) joined host Mari Frank on her weekly podcast, Privacy Piracy, for the University of California at Irvine radio program, to highlight  privacy and data protection issues in the growing “Internet of Things” world.  Exploding on the market over the last few years, more and more everyday consumer objects – cars, refrigerators, wearables, health devices like pacemakers and insulin pumps, even cities – are connecting to the internet and transmitting potentially private data.  With upwards of 20 billion connected devices anticipated by 2020, consumers, companies and legislators need to take a detailed look at how to balance innovation with privacy concerns. 

  • New York State Cybersecurity Regulations: First milestone in sight, what is next on the horizon?

    22 Aug 2017

    The New York State Department of Financial Services (“NYDFS”) enacted final cybersecurity regulations (“Regulations”) for NYDFS regulated entities that went into effect on March 1, 2017. The first deadline for compliance under the Regulations is August 28, 2017, by which date covered entities are required to, among other things, create a written cybersecurity policy and appoint a Chief Information Security Officer (“CISO”). The Regulations also require an annual certification by the Chairperson of the covered entity’s Board of Directors (or a senior officer) as to the entity’s compliance with the Regulations. As the first such certification is required to be made by February 15, 2018, and the NYDFS has issued updated Frequently Asked Questions (“FAQs”) that provide additional compliance guidance, now is the time to look beyond the first deadline and begin taking action.

  • Donegan & Serrato Discuss the Emergence of U.K. Crowdfunding as a Mainstream Financial Service in Payments & FinTech Lawyer

    1 Aug 2017

    Partner Thomas Donegan (London-Financial Institutions Advisory & Financial Regulatory), counsel Jeewon Kim Serrato (San Francisco-Privacy & Data Protection)and associate Anna Doyle (London-Financial Institutions Advisory & Financial Regulatory), discuss the growth of crowdfunding following the Financial Conduct Authority’s (FCA) granting of full authorisation to two of the U.K.'s largest peer-to-per lending platforms in the August 2017 issue of Payments & FinTech Lawyer.

  • Law360 Expert Analysis: Privacy & Cybersecurity Considerations For U.S. Fintech When Going Global

    11 Jul 2017

    In an article for Law360, counsel Jeewon Kim Serrato (San Francisco-Privacy & Data Protection) and associate Oliver Linch (London-Financial Institutions Advisory & Financial Regulatory) discuss recent cybersecurity attacks in the FinTech industry, as well as preventative measures that companies can implement to protect themselves from future risks.

  • Italy Follows France and Germany in Investigating Big Data

    6 Jun 2017
    The Italian Competition Authority, together with the national regulators for communications and data protection, opened a joint market investigation on Big Data. The investigation appears to be wide-ranging, covering not only competition issues, but data protection, consumer protection and pluralism in the digital ecosystem. The investigation follows closely, in time, the report published by the French and the German competition authorities on 16 May 2016, thus signalling a high level of attention across the EU towards the ever-increasing role played in our economies by data collection, processing and use.
  • WannaCry Global Ransomware Attack: What You Need to Know

    25 May 2017

    The WannaCry ransomware attack was first reported on Friday, May 12. Within hours, it shut down thousands of computer systems, locking users out of their own files. The latest report estimates over 300,000 computers in 150 countries were affected, which could cost as much as $8 billion in lost revenue due to business disruptions. Banks, hospitals, telecommunications services, train stations, and other mission-critical organizations in multiple countries were all hit, including the UK government’s National Health Service, which was one of the first and worst hit by WannaCry. Thousands of operations and appointments had to be canceled as the WannaCry malware locked users out of their computers and threatened to delete patient files unless ransoms of $300 were paid.

  • Lavigne and Serrato Co-Author Article in Street & Smith’s Sports Business Journal on Hacking Scandals and Vulnerabilities

    15 May 2017
    Partner Christopher LaVigne (New York-Litigation) and counsel Jeewon Kim Serrato (San Francisco-Privacy & Data Protection) co-authored an article discussing the recent hacking scandals in the sports industry as well as possible vulnerabilities for professional sports teams and leagues.
  • Video Series: Serrato on Connected Cars and Data Privacy

    24 Apr 2017

    Counsel Jeewon Serrato takes a 360o look at the data privacy implications of connected cars. In the four videos below, she examines how the Federal Automated Vehicles Policy provides a framework for thinking about data privacy in connected cars; the challenges of regulation and jurisdiction in a global privacy context; insurance and liability concerns and how self-driving cars will change the transportation landscape.

Connect With Us