Jun. 19, 2024

Examining Distinctive Aspects of Minnesota’s Demanding New Privacy Law

Minnesota’s governor recently signed the Consumer Data Privacy Act, the country’s 18th comprehensive state privacy law and the sixth to arrive this year. The law introduces at least three novel requirements that promise to be operationally disruptive for companies – including a milestone consumer right to appeal profiling. Last week, Vermont’s governor vetoed a broad data privacy bill and Rhode Island's governor received a milder bill, leaving Minnesota’s mandates as the latest for companies to address. This article dissects the law’s key features in detail and examines its role in the patchwork of privacy laws, with analysis from experts at Covington & Burling, Foley Hoag, Hogan Lovells, McDermott Will & Emery, Perkins Coie and Squire Patton Boggs. See “Privacy and Data Security Regulators Discuss Enforcement Priorities and Collaborative Efforts” (Jun. 12, 2024).

A Mock Cyber Incident Tabletop: Day One, Everything at Once

As cyberattacks continue to proliferate and grow more damaging and disruptive, it becomes increasingly important to conduct tabletop exercises to run through and fine-tune incident response plans. In-house and outside counsel, public relations specialists and cyber forensics experts from Hunton, Joele Frank, Mandiant and News Corp. recently conducted a mock tabletop exercise based on a cyberattack and extortion demand on a fictional company during a Practising Law Institute program. The exercise focused on the detection and immediate response to the intrusion, the implementation of the company’s incident response plan in the critical first few days following the attack, and its response to subsequent developments. This first article in a two-part series covering the key practical details from the presentation addresses how things unfold on day one. Part two will examine day two and beyond. See our two-part series on a ransomware tabletop’s 360‑degree incident response view: “Days One to Four” (Jan. 4, 2023), and “Day Five Through Post-Mortem” (Jan. 11, 2023).

Navigating Recent Changes to China’s Data Privacy Laws in Internal Investigations

Mounting tensions between the U.S. and Chinese governments, as well as increasingly challenging local laws and regulations, have made China a high-risk jurisdiction for companies that do business there. If a company faces an issue that warrants an internal investigation, matters get even more complicated. During a recent presentation, experts with extensive experience counseling businesses and performing internal investigations in China discussed the challenges of transferring data outside of the country and other internal investigation hurdles. This article distills their insights, including tips on how to keep investigations on track. See “The Importance of Being a PIPL Pleaser: Update and Predictions on China’s Data Protection Law One Year In” (Dec. 14, 2022).