Privacy & Data Protection

  • Connecting the Dots: Key Developments and Best Practices for Evaluating Privacy and Security Risks in IoT Investments

    6 Sep 2017

    The market for internet-connected devices (often referred to as the Internet of Things, or IoT) is growing rapidly. Investment in this burgeoning space can be attractive, and according to research firm IDC, the worldwide spending on IoT could reach up to $1.4 trillion in 2021. There are unique risks associated with IoT investments, however, and potential investors should assess certain privacy and data protection issues when considering potential opportunities.

  • Lavigne and Serrato Co-Author Article in Street & Smith’s Sports Business Journal on Hacking Scandals and Vulnerabilities

    24 Aug 2017
    Partner Christopher LaVigne (New York-Litigation) and counsel Jeewon Kim Serrato (San Francisco-Privacy & Data Protection) co-authored an article discussing the recent hacking scandals in the sports industry as well as possible vulnerabilities for professional sports teams and leagues.
  • New York State Cybersecurity Regulations: First milestone in sight, what is next on the horizon?

    22 Aug 2017

    The New York State Department of Financial Services (“NYDFS”) enacted final cybersecurity regulations (“Regulations”) for NYDFS regulated entities that went into effect on March 1, 2017. The first deadline for compliance under the Regulations is August 28, 2017, by which date covered entities are required to, among other things, create a written cybersecurity policy and appoint a Chief Information Security Officer (“CISO”). The Regulations also require an annual certification by the Chairperson of the covered entity’s Board of Directors (or a senior officer) as to the entity’s compliance with the Regulations. As the first such certification is required to be made by February 15, 2018, and the NYDFS has issued updated Frequently Asked Questions (“FAQs”) that provide additional compliance guidance, now is the time to look beyond the first deadline and begin taking action.

  • Donegan & Serrato Discuss the Emergence of U.K. Crowdfunding as a Mainstream Financial Service in Payments & FinTech Lawyer

    1 Aug 2017

    Partner Thomas Donegan (London-Financial Institutions Advisory & Financial Regulatory), counsel Jeewon Kim Serrato (San Francisco-Privacy & Data Protection)and associate Anna Doyle (London-Financial Institutions Advisory & Financial Regulatory), discuss the growth of crowdfunding following the Financial Conduct Authority’s (FCA) granting of full authorisation to two of the U.K.'s largest peer-to-per lending platforms in the August 2017 issue of Payments & FinTech Lawyer.

  • Law360 Expert Analysis: Privacy & Cybersecurity Considerations For U.S. Fintech When Going Global

    11 Jul 2017

    In an article for Law360, counsel Jeewon Kim Serrato (San Francisco-Privacy & Data Protection) and associate Oliver Linch (London-Financial Institutions Advisory & Financial Regulatory) discuss recent cybersecurity attacks in the FinTech industry, as well as preventative measures that companies can implement to protect themselves from future risks.

  • Italy Follows France and Germany in Investigating Big Data

    6 Jun 2017
    The Italian Competition Authority, together with the national regulators for communications and data protection, opened a joint market investigation on Big Data. The investigation appears to be wide-ranging, covering not only competition issues, but data protection, consumer protection and pluralism in the digital ecosystem. The investigation follows closely, in time, the report published by the French and the German competition authorities on 16 May 2016, thus signalling a high level of attention across the EU towards the ever-increasing role played in our economies by data collection, processing and use.
  • WannaCry Global Ransomware Attack: What You Need to Know

    25 May 2017

    The WannaCry ransomware attack was first reported on Friday, May 12. Within hours, it shut down thousands of computer systems, locking users out of their own files. The latest report estimates over 300,000 computers in 150 countries were affected, which could cost as much as $8 billion in lost revenue due to business disruptions. Banks, hospitals, telecommunications services, train stations, and other mission-critical organizations in multiple countries were all hit, including the UK government’s National Health Service, which was one of the first and worst hit by WannaCry. Thousands of operations and appointments had to be canceled as the WannaCry malware locked users out of their computers and threatened to delete patient files unless ransoms of $300 were paid.

  • Video Series: Serrato on Connected Cars and Data Privacy

    24 Apr 2017

    Counsel Jeewon Serrato takes a 360o look at the data privacy implications of connected cars. In the four videos below, she examines how the Federal Automated Vehicles Policy provides a framework for thinking about data privacy in connected cars; the challenges of regulation and jurisdiction in a global privacy context; insurance and liability concerns and how self-driving cars will change the transportation landscape.

  • Altman and Serrato Contribute to Mergermarket Report on Data Privacy Issues in M&A

    28 Mar 2017

    Partner Jordan Altman (New York-IP Transactions) and counsel Jeewon Kim Serrato (San Francisco-Privacy & Data Protection) contributed to a Mergermarket report on data privacy considerations in M&A transactions.  The article discusses the due diligence process, negotiating agreements and the evolving regulatory landscape.

  • Video Series: Serrato on Connected Cars and Data Privacy

    14 Mar 2017

    Counsel Jeewon Serrato looks at how the Federal Automated Vehicles Policy provides a framework for thinking about data privacy in connected cars and the challenges of regulation and jurisdiction in a global privacy context.

Connect With Us