Privacy & Cybersecurity Newsletter

January 2022

Locke Lord's Privacy & Cybersecurity Newsletter provides topical snapshots of recent developments in the fast-changing world of privacy, data protection and cyber risk management. For further information on any of the subjects covered in the newsletter, please contact one of the members of our privacy and cybersecurity team.

In This Issue

Evolving Privacy Requirements in the U.S.: What to Do for 2022?
Addressing the evolving landscape of privacy laws will be at the top of the list of New Year’s resolutions for those doing business in the U.S. Businesses will need to assess and address changes in California privacy law, and new privacy laws in Colorado and Virginia, all to be effective in 2023, and to track the developments in other states. read more

The Supreme Court’s Ramirez Isn’t Standing in the Way of Standing in Recent Data Breach and Privacy Cases
Despite the much-anticipated impact of TransUnion LLC v. Ramirez[1] (“Ramirez”), the Supreme Court decision has not prevented data breach and privacy class actions from proceeding past the pleading stage in federal courts across the country. read more

Post-Lloyd v Google: Collective Redress in the UK for Breaches of Data Protection Legislation
In November 2021, the UK’s Supreme Court handed down a widely anticipated judgment in Lloyd v Google. read more

Drones 2022 – To Infinity and Beyond, or Back to the Drawing Board?
For the better part of a decade, the buzz within the Unmanned Aircraft Systems (“UAS”) industry has centered on when the Federal Aviation Administration (“FAA”) would put in place a regulatory environment that would allow for widespread complex operations, inclusive of flights over people and beyond visual line of sight (“BVLOS”) operations. read more

New NY DFS Cyber Reg FAQs: Novel Approach to Notifications on Vendor Breaches; Cloud and Other Services Are Part of “Internal Networks” and No Specific Framework Required for Risk Assessment
The New York Department of Financial Services (the “NY DFS”) has published three new FAQs that interpret certain requirements under its Cybersecurity Regulation (23 NYCRR 500, the “NY DFS Cyber Reg”) related to breaches by service providers, the use of cloud and other services, and risk assessments. read more