Jun. 12, 2019

CCPA Priorities: Tackling Data Subject Rights Requests and Vendors

While changes to and further clarity on the California Consumer Privacy Act are expected, some requirements will not go away and certain tasks should be tackled as soon as possible. This second installment of our two-part article series on CCPA priorities focuses on how companies should prepare for the law’s requirements on vendor management and data subject rights requests – preparation that experts agree needs to happen no matter what amendments to the law may pass. Part one explored recommended privacy program goals in light of the CCPA, how to make the case for a holistic approach to implementation and why detailed compliance work should be ongoing. See also our two-part series on preparing for the CCPA: “Securing Buy-In and Setting the Scope” (Feb. 27, 2019); and “Best Practices and Understanding Enforcement” (Mar. 6, 2019).

There Really Isn’t a Quarterback: Uber and Equifax Executives Share Insights on Incident Response Best Practices and the Lawyer’s Role

As large multinational corporations that handle personal information, Uber and Equifax are no strangers to data breaches. At the recent Georgetown Cybersecurity Law Institute conference, Uber’s chief trust and security officer and Equifax’s chief privacy and data governance officer drew on their experiences to discuss best practices for incident response at large, multinational corporations, including the importance of identifying a “captain” – not necessarily from legal – to helm the response, the difficult art of escalating an incident to senior leadership, and how lawyers inadvertently end up hampering investigations. See “Lessons From the Equifax Breach on How to Bolster Incident Response Planning (Part One of Two)” (Sep. 27, 2017); Part Two (Oct. 11, 2017).

Dos and Don’ts of Choosing a Cyber Insurance Broker and Navigating the Application Process

Cyber liability insurance should be part of a company’s plan to combat the inevitable damage and business loss caused by a cyber attack. Complex insurance decisions require expertise and know-how, and to make it through the maze of cyber liability insurance options, many companies opt to work with qualified cyber liability insurance brokers. This guide outlines some dos and don’ts when selecting a broker and navigating the application process. See our three-part series on using cyber insurance to mitigate risk: “From Assessing the Need to Managing Existing Policies” (Oct. 3, 2018); “Getting Savvy About Cost and Policy Terms” (Oct. 10, 2018); and “Policy Management and Breach Response” (Oct. 17, 2018); and “Guidelines for Securing Effective Cyber Insurance Policy Terms” (Apr. 17, 2019).

Manatt Welcomes Co-Chair of Privacy and Data Security Group in Boston

Scott Lashway has joined Manatt as a partner and co-leader of the firm’s privacy and data security group based in its newly launched Boston office. For previous insight from Lashway, see “Tech Meets Legal Spotlight: Advice on Working With Information Security” (Jan. 11, 2017). For more from Manatt, see “Gathering and Analyzing Compliance Data” (Dec. 6, 2017).

National Guard Association Cyber Task Force Chair Joins Warner Norcross + Judd

Michael A. Stone, a Major General in the Michigan National Guard, has joined Warner Norcross + Judd as senior counsel in the firm’s cybersecurity and privacy practice in Southfield, Michigan.