Sep. 18, 2019

Far-Reaching Google and YouTube Settlement Offers COPPA Compliance Lessons

FTC privacy and data security settlements are becoming more prescriptive, offering helpful guidance on best compliance practices. The latest to require detailed measures, and a record $170‑million fine, is the FTC and New York AG’s settlement with Google and YouTube over allegations that YouTube harvested children’s personal data in violation of the Children’s Online Privacy Protection Act Rule. The injunctive relief potentially expands COPPA’s reach to businesses that previously may not have considered the need for COPPA compliance. We cover key aspects of the settlement, the COPPA compliance lessons it offers and enforcement trends. See “Takeaways From 2018 COPPA Developments and a Forward-Thinking Approach to Compliance” (Mar. 13, 2019).

New York’s First Mandated Cybersecurity Standards: A Compliance Roadmap

Two years after the Equifax breach, New York has responded with a law that imposes stronger data security responsibilities on businesses that own or license electronic private information of New York residents, even if they do not conduct business in New York. In this second installment of our two-part article series covering the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, we provide guidance on how to comply with the Act and what the future of enforcement in New York and beyond looks like, with advice from Akin Gump partner Michelle Reed and Gail Gottehrer, founder of the Law Office of Gail Gottehrer LLC. Part one explored the SHIELD Act’s requirements and definitions. See also “The Hidden Requirements in NYDFS’ Cybersecurity Regulation” (Oct. 24, 2018).

Strategies and Tactics for Developing an Effective Tabletop Exercise (Part One of Two)

A tabletop exercise can be used to test whether an incident response plan – a crucial part of any cybersecurity program – functions as desired. The exercise can also identify gaps and other weaknesses in a firm’s cyber preparedness. The Cybersecurity Law Report and the Hedge Fund Law Report recently presented a seminar that delved into the appropriate development and conduct of tabletop exercises. Shaw Horton, Associate Editor of the Hedge Fund Law Report, moderated the panel, which featured Luke Dembosky, a partner at Debevoise & Plimpton and former DOJ prosecutor, John “Four” Flynn, chief information security officer of Uber, and Jill Abitbol, Senior Editor of the Cybersecurity Law Report. This article, the first in a two-part series, contains their advice on how to effectively develop tabletop exercises, including insight on whether they should be conducted in-house or externally, who should participate, what role counsel should play and how frequent and long they should be. The second article will outline ways advisers can successfully conduct tabletop exercises, including their content and scope, participant engagement, common errors and follow-up. For further commentary from Dembosky on this subject, see “How to Establish an Efficient Incident Response Plan” (Jul. 17, 2019).

Walmart Announces New Senior Vice President and Chief Counsel of Digital Citizenship

Nuala O’Connor has assumed the newly created role of senior vice president and chief counsel of digital citizenship at Walmart, the company recently announced. For more from Walmart, see our three-part series on the growing role of the chief data officer: “Skill Sets, Priorities and Collaboration” (Jul. 17, 2019); “Reporting Structures and Budget” (Jul. 24, 2019); and “Compliance and Third Parties” (Jul. 31, 2019).

Squire Patton Boggs Hires Former PayPal Privacy and Data Protection Counsel in Palo Alto

Lydia de la Torre has joined Squire Patton Boggs as of counsel in the firm’s data privacy and cybersecurity practices in Palo Alto, where she advises clients on compliance matters related to U.S. and E.U. privacy and cybersecurity law, including GDPR and CCPA. She formerly served as privacy and data protection counsel at PayPal and Axiom. For more from Squire Patton Boggs, see “Understanding the Intersection of Law and Artificial Intelligence” (May 30, 2018).