Author

Teresa Michaud

Browsing

In brief On July 26, 2023, the U.S. Securities and Exchange Commission (“SEC”) approved the final rules for Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (“Final Rules”). As previously reported, the SEC first proposed amendments to its rules on disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies on March 9, 2022 (“Proposed Rules”). Similar to the Proposed Rules, the Final Rules, broadly speaking, require (i) issuers to make disclosures…

On June 14, 2022, Baker McKenzie held its inaugural Cybersecurity Symposium in New York in conjunction with the Association of Corporate Counsel (ACC). It was a thought-provoking day discussing trends and fresh insights from key players in the government and private sector, the ever-changing regulatory landscape, best practices for cyber-readiness and practical advice to manage cyber-threats, data breach response, insurance and related litigation. The following video provides valuable information and key-takeaways in connection with cybersecurity…

In this episode, Paul Glass, head of Cybersecurity in the UK, is joined by Teresa Michaud, co-chair of the North America Class Action subgroup, and Stephen Reynolds, partner based in Chicago, as they discuss consumer class actions in relation to data breaches and security incidents. Listen in to hear about: overriding themes that have characterized the last year of US class action litigationcybersecurity and data privacy trends and significant developments in the class action space,…

In brief On “Privacy Day” – California Attorney General Rob Bonta announced an investigative sweep targeted at the data collection practices of businesses running consumer loyalty programs in California and issued notices of non-compliance to a number of “major corporations” in the retail, home improvement, travel, and food services industries. Such loyalty programs offered financial incentives to consumers (e.g., discounts, free items, and other rewards) in exchange for their personal information. Under the California Consumer Privacy Act…

After years of legislative debate, Congress passed a new law requiring key businesses to report certain data breaches—or “covered incidents”—to the government. Signed by President Biden on March 15, 2022, the law, part of the Strengthening American Cybersecurity Act, requires companies that operate critical infrastructure—financial institutions, utilities, and other organizations—to share information with the Cybersecurity and Infrastructure Security Agency (CISA) about certain cybersecurity incidents within 72 hours and ransomware payments to cyber criminals within 24…

The Supreme Court of the United States has addressed a contentious split among federal circuit courts of appeals on the definition of “autodialer” under the Telephone Consumer Protection Act (TCPA) with a decision that should greatly reduce the amount of TCPA litigation in the US. The TCPA prohibits any person from placing phone calls (including text messages) to a wireless number using an “autodialer,” among other things, without the recipient’s prior express consent (or, for…

Facial recognition has several societal benefits, but presents unique risks. In this episode of Eye on AI, Teresa Michaud and Mark Goodman join moderator Bradford Newman to discuss some of the primary benefits and key risks for companies that make or use FR and identify ways to minimize such risks. Click here to view the video More Eye on AI Eye on AI Episode 1: Three AI Must-Knows for Technology Transactions Eye on AI Episode 2: AI Regulation Under the New…

The Empire State is making waves in the world of privacy with the introduction of its own version of the now infamous California Consumer Privacy Act (CCPA).  SB 567, which was introduced on January 6, 2021, is New York’s attempt to introduce new consumer rights with respect to personal information, as well as regulate the sale of consumer personal information to third parties.  Notably, the Bill also introduces a private right of action for consumers…

Based on preliminary election results, Californians voted to enact the California Privacy Rights Act (“CPRA”), expanding and revising the California Consumer Privacy Act of 2018 (“CCPA”) effective January 1, 2023 with a one-year look-back to January 1, 2022 for some provisions. Companies around the world with business ties to California should start updating vendor contracts and prepare for new requirements under the statute and revised regulations to be issued by a new California Privacy Protection…

**Originally published by Bloomberg Law.** On July 1, 2020 California’s attorney general started enforcing the California Consumer Privacy Act by sending letters to companies with requests to cure alleged violations, as contemplated by the CCPA. The legislation took effect on Jan. 1, 2020, as part of the California Civil Code, and called on the attorney general to enforce the law within six months of enacting regulations or July 1, 2020 the latest. The CCPA regulations…