Mar. 13, 2024

Connecticut AG’s Report Highlights Enforcement Risks and Points to Action Steps for Companies

The Connecticut AG is investigating the complaint of a chemotherapy patient who received ads for cremation services – and dozens of other matters spanning privacy policy deficiencies, companies’ refusals of data deletion requests, advertising to teens and lack of consent for biometric data collection, the regulator’s new privacy enforcement report reveals. The AG also advocates for changes to the state’s six-month-old comprehensive privacy law to address weaknesses he has found. This article, with insights from Cozen O’Connor, Hintze Law, Locke Lord and Morrison & Foerster attorneys, presents compliance action steps for companies and perspectives on the cost and resource challenges that privacy enforcement poses to both companies and the AG. See “Lessons From California’s DoorDash Enforcement Action” (Mar. 6, 2024).

Fostering Collaboration and Communication Between Security and Compliance

The most successful CISOs and their teams tend to work closely with their compliance counterparts. Among other benefits, collaboration can help avoid overlaps and redundancies, but some CISOs never talk to their CCOs – or worse, have an adverse relationship with them. To help CCOs and CISOs bridge those gaps, this article synthesizes insights from Shubha Lakshmanan, senior director of compliance and privacy at Waud Capital Partners, and Jessica Sanderson, founder of The Sanderson Law Firm, on key communication gaps between compliance and security, how to foster collaboration and where enhanced collaboration will pay the biggest dividends. See our three-part series on when and how legal and information security should engage on cyber strategy: “It Starts With Governance” (Mar. 28, 2018), “Assessments and Incident Response” (Apr. 11, 2018), and “Vendors and M&A” (Apr. 18, 2018).

Forecasting Potential Outcomes in SEC v. Jarkesy Based on Recent Oral Arguments

To preserve a key avenue for its enforcement actions, the SEC petitioned the U.S. Supreme Court (Court) to reverse the U.S. Court of Appeals for the Fifth Circuit’s 2022 decision that SEC enforcement proceedings before an administrative law judge were unconstitutional. The line of questioning during recently completed oral arguments before the Court potentially offers an indication about the Jarkesy ruling expected later in 2024. The Cybersecurity Law Report spoke to Schulte Roth partner John P. Nowak about the case. This article contains his insights shared during the conversation on how the parties’ arguments have been received, as well as the potential outcomes and impacts of a ruling. See “Agency Power and Adjudication: The Government Seeks Supreme Court Review of Jarkesy v. SEC” (Jun. 21, 2023).

Norton Rose Fulbright Welcomes Cybersecurity Partner in New York

Norton Rose Fulbright has strengthened its cyber capabilities with the addition of Annmarie Giblin as a partner in the firm’s global cybersecurity and privacy group. Based in New York, Giblin joins from Tarter Krinsky & Drogin. For insights from Norton Rose Fulbright, see “The Increasing Threat of Supply Chain Cyberattacks: How to Avoid Being a Statistic” (Sep. 28, 2022).