Sep. 23, 2020

Apple Overhauls Privacy for iPhone Apps, but Will It Enforce Its Policies?

Taking a maximalist privacy stand, Apple will require iPhone apps to obtain explicit user opt-in before tracking or sharing of user data across apps and websites starting in 2021. This new requirement tightens mobile privacy requirements beyond the strictures of the California Consumer Privacy Act. The Cybersecurity Law Report spoke to Colin O’Malley, a principal at Lucid Privacy Group, about Apple’s approach to notice and consent, how its requirements compare to privacy laws, how these measures will impact the markets for consumer and business-to-business apps, and the company’s record of enforcing its policies. See “After Death of the Cookie, New Advertising Strategies Raise Compliance Questions” (Sep. 2, 2020).

Data Breaches, Leaked Documents and the Attorney-Client Privilege: Can the Bell Really Be Unrung?

With a relentless increase in cyber attacks against companies and their law firms, the list of issues that keep general counsel up at night has expanded to include what happens when protected attorney-client privileged information is compromised in a cybersecurity incident. In this guest article, Locke Lord partners Theodore P. Augustinos and Donald E. Frechette examine both the historical and modern-day judicial treatment of otherwise privileged internal communications that find their way to the world wide web as the result of a cyber attack, and offer a series of “best practices” to increase the chances that a court will maintain the privileged nature of the relevant communication. See also “After Capital One Ruling, How Will Companies Protect Forensic Reports?” (Jun. 10, 2020).

Identifying and Preventing Ransomware Attacks

A recent SEC Office of Investigations and Examinations cybersecurity risk alert focused on ransomware – a persistent and evolving threat to financial firms, as demonstrated by the recent attack on TCW Investment Management. In this guest article, Simon Eyres, a managing director at Drawbridge Partners, discusses the best practices identified by the alert to prevent, detect and mitigate the damage from ransomware attacks, and the threat environment in the financial services sector. See “Are You Prepared for OCIE’s Sweep of Business Continuity Plans and Coronavirus Actions?” (Jun. 10, 2020).

Bryan Cave Leighton Paisner Expands London Cyber Practice

Bryan Cave Leighton Paisner recently welcomed Geraldine Scali as a partner in the firm’s data privacy and cybersecurity practice in London. Scali joins the firm from Sidley Austin. For more from Bryan Cave Leighton Paisner, see “Implications of Nevada’s New Privacy Law” (Jul. 10, 2019).