Our Website Uses Cookies
We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website.
For more information, please contact us or consult our Privacy Notice.
Your binder contains too many pages, the maximum is 40.
We are unable to add this page to your binder, please try again later.
This page has been added to your binder.
- Home
- Practices and Industries
- Regulatory and Public Policy
- Data Privacy and Cybersecurity
Covington has an industry-leading data privacy and cybersecurity practice. Described by Chambers and Partners as an “accomplished group of privacy and data security practitioners” that “provides dynamic, practical, real-world advice,” we specialize in helping clients address complex, cutting-edge challenges to managing data privacy and cybersecurity risk. We regularly draw upon our cross-disciplinary expertise to provide efficient and effective counseling and representation. Our work ranges from assisting large, multinational clients in conducting privacy and security audits—to assess the ways in which they collect, handle, and protect their customers’ and employees’ personal information—to providing regulatory compliance advice in connection with specific business practices.
Our practice provides exceptional coverage of all of the substantive areas of privacy and data security, including IT/technology, data security, financial privacy, health privacy, employment privacy, litigation and transactions. Our client list contains a broad range of leading companies across numerous sectors, including consumer products, banking and financial services, health care, Internet services, pharmaceuticals, and telecommunications.
With global data privacy and cybersecurity attorneys based in Washington, New York, San Francisco, London, Brussels, and Beijing, our multi-lingual team has represented clients worldwide on a full range of legal, regulatory, and legislative matters involving privacy and cybersecurity issues.
Global Privacy Assessment and Audit for Leading Consumer Technology Company
On behalf of one of the world’s leading consumer electronics and technology companies, we completed a comprehensive global privacy audit under the laws of the U.S., the EU, and China, including an assessment of the data collection, use, and sharing practices of numerous business units (including HR data), cross-border data transfers, and adopting a going-forward privacy governance and risk-management approach and corresponding policies and procedures.
Data Breach Notification Requirements
Advising a number of clients on significant global cyber incidents and data breaches that have to be notified to regulatory authorities and consumers under the GDPR and international data privacy laws. We have had notable success in ensuring our clients have avoided the imposition of fines or other adverse outcomes.
FTC enforcement
Represented a third-party advertising service in responding to an inquiry by the FTC into the company’s technology for selecting and delivering online advertising. Mmatter was resolved without any formal enforcement action.
Huffington Post TCPA Class Action
Achieved dismissal of a putative class action against The Huffington Post alleging violations of the Telephone Consumer Protection Act. The suit asserted unlawful transmission of unsolicited text messages.
Hulu Video Privacy Protection Act Class Action
Achieved dismissal on summary judgment of a putative class action against Hulu alleging violation of the Video Privacy Protection Act. The complaint alleged that Hulu disclosed to third parties the video-viewing information of individual Hulu users.
Investigating Insider Thefts
We have directed investigations into cyber-based insider thefts of highly sensitive proprietary information and consumer information.
Liaison for group of U.S. multinationals with BCRs
Managing and acting as the liaison for a group of U.S. based multinationals that have put BCRs in place and exchange their BCR experience.
LinkedIn Privacy Class Action
Achieved dismissal of a putative class action against LinkedIn alleging violations of the Stored Communications Act and state law. The complaint asserted that LinkedIn disclosed LinkedIn user identification numbers and LinkedIn URL addresses to third party advertising companies, which allowed those companies to correlate the identity of a user with his or her previously anonymous Web browsing history.
Libel Defense Litigation and Prepublication Review of News and Other Content for Broadcasters
Libel defense litigation and prepublication review of news and other content for broadcasters in some 35 states, including First Amendment, newsgathering, copyright, defamation and privacy advice, and opposing subpoenas from prosecutors and others.
Advising a Leading U.S. Cloud Service Provider
Advising a leading U.S. cloud service provider on a number of EU and Member State regulatory matters, including the proposed EU Terrorist Content Regulation, the proposed EU E-Evidence Directive and Regulation, and the UK Online Harms White paper.
Representation of Microsoft in Landmark Case Involving Data Stored Abroad
Successfully challenged U.S. government warrant seeking data stored in Ireland. After a favorable decision from the Second Circuit—and while the Supreme Court was reviewing the case—Congress enacted the CLOUD Act, a modernized framework for cross-border data requests. See United States v. Microsoft Corporation, No. 17-2 (U.S.).
Advising on Safe Harbor framework
Helping numerous companies self-certify under the Safe Harbor framework.
AOL Privacy Class Action
Achieved dismissal of a putative class action against AOL alleging violations of the Wiretap Act, Video Privacy Protection Act, and numerous state laws. The suit alleged unauthorized collection of personal information from the plaintiffs’ computers using “Flash cookies” and unlawful disclosure of video viewing information to third parties.
AOL TCPA class action
Achieved dismissal of a putative class action against AOL alleging violations of the Telephone Consumer Protection Act. The complaint sought to hold AOL liable for misdirected text messages sent by users of AOL’s Instant Messenger system.
AOLs advertising businesses
Providing general privacy advice in connection with AOL’s advertising businesses.
Abbott Laboratories de-merger
We represented Abbott Laboratories in connection with its global spin-off of its pharmaceutical research business, and creation of a new global enterprise, AbbVie.
Advertising terms and guideline
Routinely draft ad-serving agreements, data licenses, and advertising terms and guidelines for website advertising and advertising delivered on mobile and social media platforms.
Advice on the collection and use of employee data
Advised a major pharmaceutical client on the collection and use of its employees’ biometric information and social security numbers for internal purposes.
Binding Corporate Rules for global pharmaceutical company
Assisting GSK plc in its adoption of Binding Corporate Rules (BCRs) in order to permit the company to transfer personal data globally. We helped develop GSK’s privacy compliance program, obtain the UK data protection authority’s approval and continue assisting GSK during the subsequent implementation.
Cable One Privacy Class Action
Achieved dismissals of three putative class actions against Cable One, a cable and Internet service provider, in litigation involving claims under the Wiretap Act, the Computer Fraud and Abuse Act, and related state laws. The litigation arose out of a third party’s test of a system using “deep packet inspection” for the purpose of serving targeted advertisements.
Children's Online Privacy Protection Act
Advised operators of child-directed websites and services on strategies for communicating their child-directed nature to third-party advertising partners in connection with the revised COPPA Rule, and agency inquiries.
Children’s Advertising Review Unit inquiry
Assisted the operator of a child-directed website in responding to an inquiry by the Children’s Advertising Review Unit (CARU) regarding its online behavioral advertising practices.
Children’s privacy FTC inquiry
Represented operators of online websites and mobile apps in responding to informal FTC inquiry letters involving alleged violations of the Children’s Online Privacy Protection Act.
Cybersecurity FCA Victory for a Services Contractor
Represented a services contractor in obtaining DOJ declination of allegations involving adequacy of critical cyber infrastructure and negotiated small, five-figure administrative settlement with the agency.
DAA Self-Regulatory Principles
Represented a third party in responding to an inquiry by the Online Interest-Based Advertising Accountability Program regarding compliance with the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising.
Developers of child-directed apps
Advised developers of child-directed apps on the FTC’s informal guidance on the collection of audio files and other user-generated content, push notifications, in-app purchases, and other interactive features.
Addressing Regulatory Enforcement Actions
We have addressed regulatory investigations and enforcement actions from regulators in the United States, Europe, and Asia following data breaches. These have included investigations or formal enforcement proceedings brought by the Federal Trade Commission, State Attorneys General, and the Securities and Exchange Commission in the United States, and by data protection authorities and sector-specific regulators across Europe and Asia.
ECPA advice to Microsoft
Advising Microsoft on consent requirements under the Electronic Communications Privacy Act for responding to civil legal process requests in connection with cloud computing services.
Educational and children’s privacy rules
Advising Microsoft on the application of educational and children’s privacy rules to cloud computing services.
Facebook acquisitions
Advised Facebook, in connection with its acquisitions of Instagram, Oculus, WhatsApp and other entities.
Pharmaceutical marketing programs
Advising global pharmaceutical companies on HIPAA and state privacy issues relating to pharmaceutical marketing programs.
Advise Leading Online Company on Global Compliance and Privacy Principles
Representation of a leading online company through advising on instituting global policies and procedures to comply with law enforcement demands for data consistent with best practice privacy principles.
Asia data privacy
Advising a global online travel company in relation to the company’s expansion in the Asian markets, including compliance with laws regulating the Internet.
BBVA in Acquisition of Simple
Representation of Banco Bilbao Vizcaya Argentaria, an international financial group based in Spain, in its acquisition of financial technology company Simple. The $117 million acquisition is part of BBVA's strategy to lead the technology-driven change that is transforming the financial services industry. According to Francisco González, Chairman and CEO of BBVA, Simple will reinforce BBVA’s “global digital transformation while BBVA will provide the means to help Simple maximize its outstanding growth potential.”
CBS Corp. v. FCC.
Covington successfully represented CBS against a threat by the FCC to make hundreds of thousands of pages of highly confidential programming contracts and negotiation materials available to hundreds of third parties. The D.C. Circuit ruled in favor of CBS, stating the FCC’s decision was “both substantively and procedurally flawed.”
Confidential data leak
Provided guidance to a major technology and manufacturing company in connection with the unauthorized posting of employee personal information on a third-party webpage. Our efforts on behalf of the client included working with Internet service providers to remove the posted information and providing notice to potentially affected individuals and applicable state regulators.
Cross-border trade, anti-corruption, and data compliance
Advising a major petrochemical company regarding its establishment of an integrated compliance program, with particular focus on the areas of U.S. and European trade controls, anti-corruption, and data privacy. Our representation includes assistance with establishing a corporate compliance office, assessing risks in these areas, drafting the necessary policies and procedures tailored to company risks and operations, and implementing the program through training and assessment.
Data privacy compliance program
Devised a data privacy compliance program relating to international HR data processed by a US-headquartered multinational.
Development and Guidance of Advertising Policies
Advised on advertising policies, including with respect to privacy laws, including the Children’s Online Privacy Protection Act, and developed advertising policies.
Employee data breach support
Provided guidance to a major technology and manufacturing company in connection with the unauthorized posting of employee personal information on a third-party webpage. Our efforts on behalf of the client included working with Internet service providers to remove the posted information and providing notice to potentially affected individuals and applicable state regulators.
Fair Credit Reporting Act (FCRA)
Advising several of the largest bank holding companies in the U.S. on compliance with the FCRA. Advising major consumer reporting agencies and trade associations on the requirement of the FCRA. Successfully representing numerous consumer reporting agencies and financial services providers in CFPB and FTC supervisory and enforcement actions relating to FCRA. Representing numerous firms in connection with the acquisition of FCRA-regulated businesses, including due diligence and preparation of merger and acquisition documents.
Gramm-Leach-Bliley Act (GLBA) and State Financial Privacy Laws
We have advised the largest and most sophisticated banks, consumer reporting agencies, and financial services companies on the collection, use and disclosure of nonpublic personal information under GLBA, that California Financial Information Privacy Act, and similar laws, including the development and implementation of privacy notices.
Harley-Davidson global employee code of conduct
Drafted and implemented a global code of conduct and policies for Harley-Davidson addressing privacy, harassment, discrimination, the use of electronic communications and anti-corruption.
Health privacy to pharma companies in China
Advised a multinational biopharmaceutical company operating in China on privacy and property ownership issues related to the collection and sharing of biological samples in clinical trials.
Health privacy litigation
Advised a large pharmaceutical company in connection with litigation involving the alleged infringement of patient privacy by a pharmacy chain that collects personal information about prescription drug users.
HIPAA Breach Notification Requirements
Advised employer health plans on HIPAA breach notification requirements relating to breaches of protected health information held by the plans.
HIPAA compliance
Advised major corporations on HIPAA compliance issues relating to their employer health plans.
HIPAA training
On behalf of a major consumer products company, developed a HIPAA training module for the company’s health plan.
HR operations audit for multinational pharmaceutical client
Conducted a detailed review of the human resources operations of a large pharmaceutical company to assess compliance with data protection and privacy laws and regulations in both the US and EU, in anticipation of possible certification under the US-EU Safe Harbor regime. Our extensive written report described potential compliance issues and recommended specific remedial actions.
Litigation Before the D.C. Circuit
Successfully challenged before the D.C. Circuit the Federal Communication Commission’s rules mandating that telecommunications companies install equipment to monitor private telephone and Internet communications.
Microsoft Privacy Class Action
Achieved summary judgment for Microsoft in a putative class action alleging unauthorized collection of geolocation information from the plaintiffs’ mobile devices. After a claim under the Wiretap Act was dismissed at the pleadings stage, we successfully obtained summary judgment on a remaining claim under the Stored Communications Act.
Microsoft's acquisitions of Nokia and Skype
Advised Microsoft in relation to the data protection aspects of the purchases of Nokia’s device and services business and Skype.
Multi-defendant Flash Tracking Privacy Class Action
Achieved dismissal of a putative class action against Microsoft, CBS, Microsoft, McDonald’s, and Mazda alleging violations of the Wiretap Act, Computer Fraud and Abuse Act, and state laws. The complaint alleged that an online ad network used Flash cookies and other tracking mechanisms to build user profiles for the purpose of serving targeted advertising.
National Public Radio Privacy Class Action
Achieved dismissal of a putative class action against National Public Radio alleging violations of the Wiretap Act, Stored Communications Act, and state laws. The complaint alleged that mobile app developers wrongfully transmitted personal information to third party advertising companies.
New online advertising products
Represented a large social-media platform in connection with the development and implementation of new online advertising products.
Patagonia Privacy Class Action
Achieved favorable resolution for Patagonia in a putative class action alleging wrongful collection of personal information in connection with credit card transactions.
Policies surrounding pre-hire background checks
Advised a major sports league on the procedures for conducting pre-hire background checks under the Fair Credit Reporting Act (FCRA) and state law, and drafted appropriate contract language and consent forms accordingly.
Privacy and security provisions in contracts
Advised major airline in relation to data ownership, privacy and security provisions in sales and distribution agreements with online travel agencies and global distribution systems.
Privacy-related issues in connection with an acquisition
Drafted privacy-related provisions for use in data processing and outsourcing arrangements and advised on state and tort-based employee privacy laws in connection with a proposed acquisition.
Privacy training for employees
Prepared extensive privacy training materials and participated in training sessions for employees of European subsidiaries of a U.S.-based company.
Protection of employee personal information
Provided guidance to a major technology and manufacturing company in connection with the unauthorized posting of employee personal information on a third-party webpage. Our efforts on behalf of the client included working with Internet service providers to remove the posted information and providing notice to potentially affected individuals and applicable state regulators.
Responding to Government Surveillance Inquiries
We have a leading practice advising Internet companies and cloud service providers on responding to legal demands seeking access to customer data or network surveillance, served by governments around the world.
Responding to Large Cyber-based Financial Crimes
We have handled multiple large cyber-based financial crimes, including, among others, assisting in the response to one of the largest criminal organization ATM cash drawdowns in U.S. history.
Responding to Sophisticated Advanced Persistent Theat ("APT") Attacks
We have directed the investigations and response into APT attacks from state-sponsored actors and sophisticated criminal groups targeting intellectual property and other proprietary information. These attacks, and the responses, have spanned multiple industries and global companies, with investigations covering four continents.
Reviewing and amending Binding Corporate Rules
Reviewing and amending BCRs for a Swiss-based pharmaceutical company with the French data protection authority acting as the lead authority.
Sherwin-Williams TCPA Class Action
Defended Sherwin-Williams in a putative class action alleging violations of the Telephone Consumer Protection Act in connection with a commercial text message program for paint contractors.
Shoe Show FACTA Class Action
Achieved favorable resolution for Shoe Show in a putative class action alleging violation of the Fair and Accurate Credit Transaction Act for allegedly printing expiration dates on credit card receipts.
Data Breach Response and Compliance
We have counseled clients on all aspects of data breach response globally, including incidents involving more than 100,000 impacted employees, payment card incidents involving millions of consumers, and breaches of other personal information impacting more than 50 million consumers.
Pursuing Recovery for the Largest Documented Data Security Breaches
We have successfully handled the recovery under insurance coverage policies for several of the largest documented data security breaches.
Pre-Incident Advice and Assessments
We regularly advise clients on compliance with information security requirements and best practices, including, among others, governance best practices, vendor contract terms and due diligence, the implementation of information security controls to satisfy regulatory requirements, and the conduct of vulnerability assessments.
FTC Investigation Involving Microsoft's Passport Internet Authentication Service
Microsoft in the FTC’s groundbreaking investigation and agreement related to Microsoft’s Passport Internet authentication service, which was the FTC’s first consent agreement under Section 5 of the FTC Act to impose information security commitments related to the protection of personal information.
General Data Protection Regulation (GDPR)
Advising numerous clients on compliance with the General Data Protection Regulation (GDPR).
Global compliance
Serving as global privacy and data security counsel to a global e-commerce business, including advising on financial services privacy and information security-related aspects of certain mobile payments and mobile wallet services and international data transfers
Global policies and procedures
Advising Microsoft on a broad range of privacy and data security issues impacting its services in Europe and at a global level.
Development of Internal Guidelines for Law Enforcement Requests
Regularly assist global businesses in developing internal guidelines for responding to law enforcement requests, including by identifying and advising on relevant legal obligations and assessing best practices for responding to government requests for customer data. We help clients develop procedures for addressing conflict-of-law issues that arise when receiving law enforcement requests from countries worldwide, with an eye toward creating efficient and scalable solutions.
Global Privacy Audit for Leading Consumer Electronics and Technology Companies
On behalf of one of the world’s leading consumer electronics and technology companies, we completed a comprehensive global privacy audit under the laws of the United States, the European Union, and China, including an assessment of the data collection, use, and sharing practices of numerous business units (including HR data), cross-border data transfers, and adopting a going-forward privacy governance and risk-management approach and corresponding policies and procedures.
Global privacy compliance programs
Designed a compact worldwide privacy compliance program for a U.S. multinational company.
Successful Challenge of FBI National Security Letter
Challenged issuance of an FBI National Security Letter (NSL) seeking customer information from a global technology company; after this challenge, the FBI withdrew the NSL.
Litigated Successful Constitutional Challenge
On behalf of Microsoft, successfully challenged a gag order statute that allows courts to forbid technology companies from telling their customers about demands for their data under the Electronic Communications Privacy Act (ECPA). The lawsuit resulted in nationwide reform of the government's practices under the statute. See Microsoft Corporation v. United States Department of Justice, No. 2:16-cv-00538-JLR (W.D. Wash.).
Litigation Resulting in New Rules on Customer Access to Government Data Demands
Representation of technology client in Foreign Intelligence Surveillance Court litigation challenging restrictions on technology company disclosures about government surveillance. The litigation resulted in new rules that allow technology companies to give their customers more information about how often the government demands customer data. See In re Motion to Disclose Aggregate Data Regarding FISA Orders, Misc. No. 13-04 (FISA Ct. 2014).
Tencent in $8.6 Billion Acquisition of Clash of Clans Developer
Represented Tencent Holdings Limited in its $8.6 billion acquisition of a majority stake in Supercell Oy, developer of Clash of Clans, Clash Royale, Boom Beach and Hay Day, from SoftBank.
Market entry
Assisting a major U.S. tech company with an entrance into China, including providing a comprehensive analysis of privacy and data protection issues in connection with that entry.
PCI DSS Standards
Advised online retailers regarding compliance with the Payment Card Industry standards for the storage, processing, and transmission of credit cardholder data.
Privacy audit
Advised numerous clients regarding the privacy implications of conducting an informal internal audit of certain foreign business practices at the request of the U.S. Securities and Exchange Commission.
Media Privacy Class Actions
Represented numerous media companies in class actions alleging improper collection and/or disclosure of user information.
Privacy issues related to patent data migration
Assisted another large pharmaceutical company in dealing with privacy issues resulting from the migration of patient data from a clinical study to a web based platform.
Privacy issues relating to clinical trials
Assisted several large pharmaceutical companies with a variety of privacy issues relating to clinical trials, further use of data and pharmacovigilance reporting.
Review of the right to monitor Internet and electronic communications
Conducted a pan-European and selective US survey of laws and regulations affecting an employer’s right to monitor employee’s Internet use and review electronic communications. We have also advised numerous clients on the law governing call recording and access to (and disclosure of) employee e-mail, including in connection with several personal crises and actions.
Sports Leagues on Broadband Issues
Regularly advise the NFL on a range of broadband issues, from net neutrality to online privacy to compulsory copyright, and briefed the NBA on how the media landscape is changing, and how broadband is both a compliment and a threat to existing models.
State health information privacy laws
Advising a multinational pharmaceutical company on state privacy issues relating to a vaccine outreach program.
Successful Resolution for Online Company in Major Data Breach
Representation of a major online company in responding to a security incident affecting the credit card information of more than 200,000 customers, including regulatory inquiries. The matter was resolved without any regulatory enforcement action.
AI Data Privacy
Advising AI providers on the privacy implications of collecting and using large datasets of consumer data (including text, voice, and biometric information) to develop, train, and improve their AI solutions.
AI Algorithms and Services Cybersecurity
Advising a software company and other high-tech companies on the integrity and security of AI algorithms and services.
Advising Europe's Largest Purchasing and Marketing Association
Advising Europe’s largest purchasing and marketing association in industrial B2B, E/D/E (Einkaufsbüro Deutscher Eisenhändler GmbH) on the implementation of an electronic marketplace for tool-supply (www.toolineo.de), including complex data protection and electronic payment services issues.
Counsel to International Companies on Russian Data Privacy Regulations
Regularly advise multinational clients on Russian data privacy issues.
Smart Home Device Privacy and Security Advice
We assist IoT device manufacturers on privacy issues specific to their products. For example, we advised the manufacturer of a smart in-home assistant device on privacy and security matters involving the collection of voice and other data.
Privacy Counsel
We help clients on all aspects of data privacy, addressing issues such as consent, transparency, privacy-by-design, and international transfers of personal data. Our industry-leading global privacy practice has experts who monitor the latest legislative, regulatory, and policy developments in jurisdictions worldwide.
Global Data Privacy and Cybersecurity Agreements
We have negotiated on behalf of technology clients the data ownership, data privacy, and cybersecurity provisions of global agreements with automotive OEMs related to the provision of connected car services.
Recovery for Data Security Breaches
Our top-ranked insurance practice has successfully handled the recovery under insurance coverage policies for several of the largest documented data security breaches.
Geo-Location Counsel
We advise clients on legal requirements related to the collection, use, and disclosure of precise geo-location data, including the appropriate notices, consents (both opt-in choice and methods for withdrawing consent), and contractual provisions.
Advising Multinational Technology and Ecommerce Company on Cookie Compliance
Advising major American multinational technology and ecommerce company on cookie compliance and the proposed ePrivacy Regulation.
Advising Multinational Technology Companies and Associations on Proposed E-evidence Regulation
Advising a number of multinational technology companies and trade associations on the European Commission's proposed Electronic Evidence Directive and Electronic Evidence Regulation, which would facilitate the ability of EU law enforcement authorities to compel U.S.-based online service providers to disclose user data in criminal investigations.
Advising a Multinational Technology Company on Compliance with EU Accessibility Directive
Advising a U.S. multinational technology company on compliance with the EU Accessibility Directive, which harmonizes EU rules on making products and services accessible to people with disabilities.
Significant Privacy Case Before the Irish High Court
The Irish High Court referred the validity of the Standard Contractual Clauses used as a basis to transfer data and specifically whether they are compatible with the EU treaties to the EU Court of Justice. This is an amicus brief where we will appear on behalf of our client alongside the U.S. Government in making submissions before the EU Court of Justice.
Advising Global Electronics Company on Data Privacy
Advising a global electronics company on data privacy aspects of IoT products, including smart TVs and voice assistants.
Successful Representation of Microsoft in Privacy Battle
Represented Microsoft in successfully opposing a subpoena seeking the emails of a deceased customer. Following briefing and a hearing, the Court embraced Microsoft's balanced approach to this nuanced issue of digital privacy, holding that Microsoft could not be compelled by subpoena to produce the emails but was free to do so voluntarily in accordance with its policies.
Advising Industry Association on Data Privacy
Advising a European industry association on data privacy issues related to programmatic advertising.
Huawei Privacy Class Action
Defending Huawei, a Chinese mobile handset maker, in a putative class action alleging violations of the Wiretap Act, Stored Communications Act, and various state laws. The suit stems from the allegation that third-party mobile analytics software transmitted data about mobile device users’ activities to other parties without authorization.
National counsel to Microsoft on cyber-related claims
Serving as national product liability counsel to Microsoft in preparation for the defense of claims involving virus and worm attacks or potential cyber-terrorism involving our client's array of software products.
American Airlines in its In-Flight Wi-Fi Partnership
Represented American Airlines in connection with its Wi-Fi entertainment partnership with a major technology company.
Peraton's Acquisition of Solers
Represented Peraton as regulatory counsel in its acquisition of Solers, Inc., a software development and systems integration provider. We handled government contracts, national security, and cybersecurity matters for Peraton.
Global Compliance for Global Pharmaceutical Company
Conducted a detailed review of the human resources operations of a large pharmaceutical company to assess compliance with data protection and privacy laws and regulations in both the U.S. and EU. Our extensive written report described potential compliance issues and recommended specific remedial actions.
Comprehensive Global Privacy Policies
Assisted pharmaceutical companies in developing global comprehensive privacy policies aligned with federal (HIPAA, Food & Drug Administration, and National Institutes of Health) regulations, state and European law, and best practices.
Geo-location Data
Advising on the legal requirements related to the collection, use, and disclosure of precise geo-location data, including the appropriate notices, consents (both opt-in choice and methods for withdrawing consent), and contractual provisions.
Reporting Obligations for Digital Service Providers
Advising a major cloud computing provider on compliance with security and incident reporting obligations that apply to digital service providers under the EU Network and Information Systems (NIS) Directive.
Location Based Adtech Advice
Advised a global technology company on the EU and U.S. privacy and cybersecurity risks related to the company’s acquisition of multiple mobile location-based advertising technology companies.
Binding Corporate Rules
Advised on one of the first “test” cases and assisting numerous multinational companies across a range of industries on audits and the approval process before lead data protection authorities in the UK and EU Member States, together with implementation strategy and roll-out of various compliance tools in the framework of the BCRs.
Monitoring of Employee Communications
Conducted a pan-European and selective U.S. survey of laws and regulations affecting an employer’s right to monitor employee’s Internet use and review electronic communications. We have also advised numerous clients on the law governing call recording and access to (and disclosure of) employee e-mail, including in connection with several personal crises and actions.
Emerging Policy Issues
Worked directly with, and appeared before national and regional privacy authorities, such as the European Commission, the EU Article 29 Working Party, and the Council of Europe, both to address cutting-edge policy issues in the data privacy field, such as data retention, IoT, radio frequency identification (RFID), Big Data, facial recognition, wearables, security breach legislation and biometrics, and to defend individual clients.
Global Compliance Advice for New Products
Advising a large social network and its affiliates on compliance with U.S., EU, and international data privacy laws in relation to its launch of new services and functionality, including geotargeting, facial recognition and targeted advertising together with legislative, regulatory, and policy work.
Represent BSA | The Software Alliance in a Landmark Data Protection Case Before the European Court of Justice
Represented BSA | The Software Alliance as formal intervenor in litigation before the ECJ assessing the validity of the European Commission’s Standard Contractual Clauses under the GDPR on the EU-US Privacy Shield.
EU Data Retention Laws and EU Data Centers
Advising a technology company on multiple aspects of the GDPR in relation to the company’s portfolio of products and services, including advising on the jurisdictional implications under EU data retention laws of the company's plans to create EU data centers.
Privacy “Health Checks”
Conducted privacy “health checks” for clients to assess their compliance with privacy and data security laws, particularly those in the Member States of the European Community; where appropriate, we have designed remediation programs that include, for example, filing notifications to local privacy regulators, fulfilling obligations to furnish notice, and ensuring compliance with local data security regulations.
Global Health Privacy Advice
Advised pharmaceutical companies in the U.S. and Europe on data privacy issues, including questions relating to genetic testing programs and the development of genomics databases, the sourcing and handling of human tissue and biological samples for research purposes, patient outreach, and marketing activities.
New Product Launches
Advising leading technology and e-commerce clients on strategic issues relating to data protection law compliance, particularly in relation to launching new products and services, use of sensitive data for research and development, AI applications, and compliance with global privacy laws.
DSARS and the Right to be Forgotten
Advising numerous companies on data subjects’ right of access and right to be forgotten.
Internal Audits and GDPR Compliance
Assist a U.S. multinational technology company with an internal audit of their practices relating to user data and the extent to which these practices complied with their contractual and GDPR commitments.
Mobile Platforms and Interactive Features
Advising a live streaming platform in relation to the commercial and regulatory aspects of the international roll-out of interactive features to users in exchange for in-site currency.
Financial Services AI
Advised a developer of an innovative technology platform for machine learning/AI-based credit decisions in the negotiation of business critical customer agreements with two financial institutions.
Advertising Investigations
Assisted an EU industry representation acting for the interactive advertising sector in an investigation by Supervisory Authorities. The investigation and its potential fallout could transform the online advertising sector.
March 2021
As the legal, regulatory, and commercial implications of coronavirus COVID-19 continue to evolve, our lawyers and advisors are helping clients navigate the complex considerations that companies around the world are facing and develop plans and strategies in response. Reach out to our COVID-19 task force at COVID19@cov.com. Below is a compendium of resources ...
March 4, 2021, Inside Privacy
Two recent actions by lawmakers are intended to address certain uses of technology in health. First, two Senators have introduced a bipartisan bill related to the collection and use of identifiable health data from wearable health trackers. Second, following an appeal from Democratic lawmakers, the Agency for Healthcare Research and Quality (“AHRQ”) plans to ...
March 4, 2021, Inside Privacy
On March 2, Virginia Governor Ralph Northam signed into law the Virginia Consumer Data Protection Act (VCDPA), becoming the second U.S. state to enact a comprehensive privacy law (Nevada has enacted an online privacy law, albeit with a narrower scope). As we have previously explained, the VCDPA follows the framework established by the Washington Privacy...… ...
March 2, 2021, Inside Privacy
On February 19, 2021, the European Commission published two draft decisions finding that UK law provides an adequate level of protection for personal data. The first would allow private companies in the EU to continue to transfer personal data to the UK without the need for any additional safeguards (e.g., the Commission’s standard contractual clauses),...… ...
March 2, 2021, Inside Privacy
In January 2021, the French Supervisory Authority (“CNIL”) published a summary report of contributions it received in response to a public consultation and survey on the digital rights of minors launched in April 2020 (see the press release here and a summary report here, both in French). Stakeholders who responded to the consultation included companies,...… ...
Leading FTC Lawyer Rejoins Covington
March 1, 2021
WASHINGTON—Andrew Smith, most recently the Director of the Bureau of Consumer Protection at the Federal Trade Commission, has rejoined Covington as a partner in its Advertising and Consumer Protection, Data Privacy and Cybersecurity, and Financial Services practices. He will be based in the firm’s Washington office. While serving as Bureau Director at the FTC, ...
February 26, 2021, Inside Privacy
In February 2021, the European Commission (“Commission”) released a report on European Union (“EU”) Member States’ laws governing the processing of health data. The report discusses three general types of health data uses: primary use for health care services; secondary use for public health purposes; and secondary use for scientific research purposes. For each ...
February 26, 2021, Inside Privacy
Several states have proposed new privacy bills since their sessions began. Some of the proposed bills carry over or re-introduce bills drafted in previous legislative sessions, while others are introducing first-in-time omnibus privacy bills. In the high-level chart below, we compare five of the key state privacy frameworks: the CPRA, VCDPA (which we blogged ...
February 25, 2021, Inside Privacy
Until now, damages claims awarded by German courts pursuant to Article 82 of the General Data Protection Regulation (“GDPR”) – in particular, claims for non-material damages – have been relatively low. This restrained approach thus far has been predicated primarily on the position that German law requires a serious violation of personality rights to justify...… ...
February 24, 2021, Inside Privacy
The EU’s ePrivacy Regulation, like the EU GDPR, has been highly anticipated since it was first proposed in 2017. What are the current developments and next steps in the process to enactment? What are some of the complicating factors of the proposed Regulation? Are there major differences between the initial proposal and where the text...… Continue Reading
February 24, 2021, Inside Privacy
A number of legislative proposals to amend Section 230 of the 1996 Communications Decency Act (“Section 230”) have already been introduced in the new Congress. Section 230 provides immunity to an owner or user of an “interactive computer service” — generally understood to encompass internet platforms and websites — from liability for content posted by...… ...
February 24, 2021, Inside Privacy
On February 3, 2021, the Conference of the Supervisory Authorities (“SAs”) of Germany (known as the Datenschutzkonferenz or “DSK”) published minutes from its meetings held in November 2020 (available here, in German). The minutes include discussions about how the German SAs plan to enforce the recent Schrems II ruling of the Court of Justice of...… Continue ...
February 11, 2021, International Financial Law Review
Dan Cooper spoke with International Financial Law Review about how COVID-19 has disjointed the GDPR. Mr. Cooper says, “the way that the GDPR works, companies that operate across the EU simply have to be nimble. As a result of this, companies have had to be nimble in their approach to implementing GDPR across different member states.” Mr. Cooper adds, “For ...
February 10, 2021, Covington Alert
In this alert we look at a recent decision by the UK Court of Appeal and a separate prosecution brought by the Information Commissioner’s Office (“ICO”; the UK data protection authority), which together serve as a cautionary tale for employees and prospective future employers of the risks of civil liability and criminal conviction for confidential information ...
China's data privacy law
January 29, 2021, Privacy Laws & Business
Yan Luo appeared on “Privacy Paths,” the Privacy Laws & Business’ podcast, to discuss China’s privacy draft law and other cybersecurity legislation.
Covington's London Public Company Practice Closes a Strong Year of Life Sciences Transactions
January 25, 2021
LONDON–Covington’s London corporate team has advised AIM- and Main Market-listed clients on multiple fundraisings and acquisitions over the past few months, marking a strong year in life sciences transactions. These include: Advising Sensyne Health plc, a UK clinical AI company listed on the London AIM market, on its £27.5 million equity fundraising The ...
January 11, 2021, Covington Advisory
As the recent SolarWinds Orion attack makes clear, cybersecurity will be a focus in the coming years for both governmental and non-governmental entities alike. In the federal contracting community, it has long been predicted that the government’s increased cybersecurity requirements will eventually lead to a corresponding increase in False Claims Act (FCA) ...
January 8, 2021, Covington Alert
For several years, mobile health and wellness applications (“digital health apps”) have grown in scale and popularity. A global pandemic in 2020 further accelerated the trend, with increased demand for remote monitoring and communication platforms, as well as new methods for wellness and disease prevention. In parallel, there were a number of important U.S. ...
January 2021, Covington Guide
The EU-UK Trade and Cooperation Agreement (EUTCA) reached on December 24th is a wide-ranging and complex agreement. Our Brexit Task Force offers these "bite-sized" recordings to give a snapshot of what you need to know in each area. Though the EUTCA provides the overall architecture of the future relationship in a number of areas, much of the detail must still ...
January 4, 2021, Bloomberg Law
Micaela McMurrough is quoted in Bloomberg Law regarding a new law setting cybersecurity standards for Internet of Things devices that federal agencies buy. Ms. McMurrough says “The statute leverages the purchasing power of the federal government to raise the floor on IoT device cybersecurity.”
Cybersecurity And Privacy Policy To Watch In 2021
January 3, 2021, Law360
Lindsey Tonsager and Kurt Wimmer are quoted in Law360 regarding the major cybersecurity and privacy policy issues to watch in 2021. Ms. Tonsager spoke about the ramp up in California Consumer Privacy Act enforcement. She says, “The agency [California Privacy Protection Agency] will have the broadest authority in the country to issue regulations on topics like ...
December 21, 2020
WASHINGTON—Covington is assisting Veritas Capital-backed Gainwell Technologies in its acquisition of HMS for approximately $3.4 billion. The transaction is expected to close in the first half of 2021. Veritas will look to optimize the HMS solution set across Gainwell and Veritas-backed Cotiviti, Inc. Gainwell will acquire the HMS capabilities focused on the ...
Global Data Review Names Covington to The GDR 100 Elite
December 10, 2020
WASHINGTON—Global Data Review has named Covington to The GDR 100 Elite. The ranking profiles the top 20 firms with a broad international presence and a consistent track record of delivering cutting-edge advice to household name clients around the world, who between them handle the lion’s share of cross-border work in data privacy. The firms featured in The GDR ...
Covington Assists Veritas Capital with Federal IT and Mission Support Services Acquisition
December 8, 2020
WASHINGTON—Covington is assisting Veritas Capital and its portfolio company Peraton with their pending acquisition of the federal IT and mission support services business of Northrop Grumman for $3.4 billion. The transaction is expected to close in the first half of 2021. Peraton is a trusted provider of highly differentiated space, intelligence, cyber, defense, ...
November 16, 2020
WASHINGTON—Global Banking Regulation Review has named Covington partner Michael Nonaka to its “45 Under 45,” a list of the leading, next-generation banking regulation specialists. Mr. Nonaka is co-chair of the Financial Services Group and advises banks, financial services providers, and non-bank companies on a broad range of compliance, enforcement, ...
November 12, 2020
SAN FRANCISCO—The Daily Journal has named Lindsey Tonsager to its 2020 Top Cyber Lawyers list, a recognition of the leading California lawyers who specialize in cybersecurity law. Ms. Tonsager is a partner in Covington’s San Francisco office and serves as vice chair of the firm’s global privacy and cybersecurity practice, as well as head of its West Coast ...
Prop 24 passes in Calif., paving way for CPRA
November 5, 2020, IAPP
Lindsey Tonsager spoke with IAPP about California's Proposition 24. Ms. Tonsager says, “Privacy pros should be reminding their colleagues that even though we now know the CPRA has passed, many of the CPRA’s details still need to be clarified and defined through regulation.” Establishment of the new enforcement agency will also be worth paying attention to. She ...
November 4, 2020, Los Angeles Times
Lindsey Tonsager is quoted in the Los Angeles Times regarding California’s Proposition 24, which will have major implications for online privacy. Ms. Tonsager says companies will be watching the composition of the board closely. She adds, “There is going to be a lot on the line depending on how this newly constituted board decides to interpret and enforce the ...
October 30, 2020
WASHINGTON—Covington represented GovernmentCIO, LLC, a leading provider of high-end technology and digital solutions to the Federal Health IT Services market, in its sale to Welsh, Carson, Anderson & Stowe. GovCIO is a rapidly growing provider of advanced technology solutions and digital services to the federal government. In the 10 years since its founding, ...
October 27, 2020, Covington Alert
The November 3, 2020 election is likely to be a watershed event in the development of privacy law in the U.S. This client alert provides a high-level overview of the areas in which change is likely to occur, depending on how the election turns out. 1. Federal Legislation Unlike most countries of its size, the U.S. does not yet have a broadly applicable data ...
October 23, 2020, Covington Alert
On October 21, 2020, the National People's Congress (“NPC”), China’s top legislative body, released its first draft of the Personal Information Protection Law (the “Draft Law”) for public comment (official Chinese version available here and Covington’s unofficial English translation here). The period for public comment ends on November 19, 2020 and comments can ...
October 5, 2020
SAN FRANCISCO— The Recorder has named Covington’s Lindsey Tonsager to its second annual list of “California Trailblazers.” The list profiles 50 lawyers who made significant marks on the practice, policy, and technological advancement of their practice. As head of Covington’s West Coast Privacy and Cybersecurity practice, Ms. Tonsager helps some of the world’s ...
October 2020, Privacy Laws & Business
Attorneys say Defense Dept. must provide more transparency on audit results from CMMC program
September 30, 2020, Inside Cybersecurity
Susan Cassidy is quoted in Inside Cybersecurity regarding the request from contractors for greater transparency on audit results from the DoD’s Cybersecurity Maturity Model Certification program. Ms. Cassidy says she is concerned about how the relationship will work between the prime and subcontractor. “All contractors will need to have a basic assessment [under ...
Contractors Seek Clarity On DOD Cybersecurity Rule
September 29, 2020, Law360
Susan Cassidy spoke with Law360 about protection of CUI forms in the Cybersecurity Maturity Model Certification. Ms. Cassidy says, “Bottom line, they still have never defined CUI in a way that's meaningful. It's the bedrock of the whole rule. And contractors really want to comply, I believe. They don't want their systems to be hacked. But the definition really ...
September 25, 2020
WASHINGTON—Covington represented leading defense contractor Amentum on government contracts and other regulatory matters in its just-announced deal to acquire DynCorp International, a worldwide leader in aviation and logistics support service. Together, the two companies will create one of the largest providers of mission critical support services. The ...
September 17, 2020, Law360
Kurt Wimmer spoke with Law360 about the recent global changes to privacy law. He says, “It's been quite busy in parliaments around the world on the privacy front, and part of the reason for that is the fact that when the GDPR went into effect, a lot of countries saw that and said, 'This is a real development. Now it's our turn to think about what we're going to ...
'No Quick Fix’ After Privacy Shield
September 14, 2020, Communications Daily
David Bender spoke with Communications Daily about the European Court of Justice’s decision in Schrems II being challenged in Ireland. Mr. Bender says since the decision, it has been a “very confusing time.”
September 14, 2020, Covington Alert
The English High Court has recently awarded damages in a data privacy case, with two features of particular interest1. First, the nature of the claim is more reminiscent of a claim in defamation than for data privacy breaches, which is a development in the use of data protection legislation. Secondly, the damages awarded (perhaps influenced by the nature of the ...
September 2, 2020
BRUSSELS–Covington has named Dan Cooper to lead its European data protection practice as co-chair of the firm’s global Data Privacy & Cybersecurity Practice, and he has relocated to Brussels to be closer to the institutions and courts that govern the European data privacy landscape. The firm has more than 100 lawyers focused on data privacy and cybersecurity ...
EU-U.S. privacy rift leaves businesses in disarray
August 12, 2020, Axios
David Bender is quoted in Axios regarding the EU-U.S. Privacy Shield, which was recently struck down in Europe, but still stands in the U.S. Mr. Bender says, “It's a tough situation for a lot of companies. Frustrated and confused is how I'd describe the general mood.”
August 6, 2020, Covington Alert
On July 16, 2020, the Court of Justice of the European Union struck down the EU-U.S. Privacy Shield (“Privacy Shield”) in the Schrems II decision. Even though Schrems II invalidated the Privacy Shield with immediate effect as a matter of EU law, U.S. regulators swiftly indicated that they will continue to administer the Privacy Shield and that self-certified ...
August 2020, Privacy Laws & Business
China unveils draft Data Security Law
July 20, 2020, Law360
Yan Luo is quoted in Global Data Review regarding China’s proposed data law intended to protect national security and the development of the digital economy. Ms. Luo says the law marks “a step forward” in establishing a regulatory framework for data security in China. She notes that the proposal has a particular focus on the governance of “important data”, ...
Summer 2020
Covington's European privacy team offers insights on the current state of play with respect to the intersection of European data privacy laws, and the transition around Europe and further abroad as government lockdown restrictions are lifted and companies begin to plan their return-to-work programs. In this on-demand briefing, we cover the guidance and positions ...
July 16, 2020
BRUSSELS-- Today, the European Court of Justice (“CJEU”) issued a landmark decision striking down the EU-U.S. Privacy Shield — an agreement between EU and U.S. authorities authorizing transfers of EU personal data to the United States — but upholding the validity of standard contractual clauses (“SCCs”), another mechanism that EU-based organizations use to ...
July 16, 2020, The Guardian
Lisa Peets spoke with The Guardian about the European Court of Justice’s decision to invalidate the EU-U.S. Privacy Shield, in which social media companies could be prevented from sending data to the United States from Europe. Ms. Peets says the ruling is not a total halt on data transfers between the EU and U.S. The court upheld the use of “standard contractual ...
July 16, 2020, Law.com
Lisa Peets is quoted in Law.com regarding the European Court of Justice’s judgment in the EU-U.S. Privacy Shield. Ms. Peets says that the judgment means that the 5,000 or so U.S. companies signed up to the Privacy Shield will have to find an interim solution until EU and U.S. officials have worked out a new data protection deal. “The invalidation of the Privacy ...
Schrems II sparks data transfer chaos and confusion
July 16, 2020, Global Data Review
Lisa Peets is quoted in Global Data Review regarding the European Court of Justice’s decision to invalidate the EU-US Privacy Shield. Ms. Peets, who represented software trade body BSA as an intervening party, says companies are unlikely to immediately stop their SCCs – saying that “halting existing transfers would be all but impossible from a practical ...
Top EU Court Strikes Down Popular Data Transfer Tool
July 16, 2020, Law360
Lisa Peets spoke with Law360 about European Court of Justice’s invalidation of the EU-U.S. Privacy Shield. Ms. Peets, who represented the Software Alliance, says the decision to reject the Privacy Shield without holding arguments on the merits of the tool — an issue that wasn't directly before the high court in this dispute — was “disappointing to many.” She ...
July 14, 2020, Global Data Review
Yan Luo spoke with Global Data Review about China’s new provisions regarding the right to privacy and protection of personal information. Ms. Luo notes that the privacy provisions in the code are stated “only at a high level” – though she does point out that the provisions “remain consistent with [the] Cybersecurity Law.” She says the Civil Code and its privacy ...
Chinese law may require companies to disclose cyber-security preparations outside China
July 3, 2020, Computer Weekly
Yan Luo is quoted in Computer Weekly regarding China’s new draft data security law. Ms. Luo says, “China is considering allowing the law to have an extra-territorial effect that we have not seen before. They want to counteract the extra-territorial effect of U.S. law.” She adds that the law may require a technical audit of a company’s cyber security and to ...
June 27, 2020
WASHINGTON—Covington represented Piramal Enterprises Limited (PEL) in the sale of a 20% stake in Piramal Pharma Limited (Piramal Pharma), a wholly owned subsidiary of PEL that will contain its pharmaceutical businesses, to CA Clover Intermediate II Investments, an affiliated entity of CAP V Mauritius Limited, an investment fund managed and advised by affiliated ...
June 22, 2020, Covington Alert
On June 1, California Attorney General Xavier Becerra announced that he has submitted to the Office of Administrative Law the final regulations implementing the California Consumer Privacy Act (“CCPA”). While the final regulations do not make any changes to the second modified version of the regulations released in March, the commentary released by the Attorney ...
June 4, 2020, Med City News
Libbie Canter is quoted in Med City News regarding the privacy concerns for employers seeking to track employees in order to limit the spread of COVID-19. Ms. Canter says when it comes to contact tracing and location monitoring, companies should be cautious in the questions they ask and how much data they collect. She adds, “Companies need to think about not ...
Spring 2020, Covington Guide
As businesses across Europe prepare to reopen following the COVID-19 lockdown, Covington is providing practical resources and guidance on the broad array of issues companies face as employees return to the workplace, including employment, privacy, competition, policy, environmental and regulatory considerations at the EU level, with a focus on Germany and the ...
May 19, 2020, Bloomberg
Daniel Cooper spoke with Bloomberg about new wearable technology devices that alert users when they are within close proximity of someone with COVID-19. Mr. Cooper notes that businesses are walking a fine line between keeping people safe and protecting their privacy. The absence of clear guidance from European regulators is forcing companies -- who could also be ...
US lawmakers propose temporary COVID-19 privacy law
May 12, 2020, Global Data Review
Libbie Canter is quoted in Global Data Review regarding a bill that would regulate contact-tracing apps and similar projects geared towards tracking the spread of COVID-19. Ms. Canter says the bill is narrow in scope, but where it does apply, the protections are stronger than those offered by state laws like the CCPA. She raises questions about how the bill ...
May 8, 2020
As businesses prepare for a return to the workplace (RTW) following COVID-19 closures, our team has created this high-level summary list of current and anticipated issues related to reopening. For additional guidance, please visit our COVID-19 Legal and Business Toolkit or reach out to us at COVID19@cov.com. Links to sections with more information about these ...
May 7, 2020, Covington Alert
Though it seems like the distant past now, in this update we detail the notable legislative events from the first quarter of 2020 on artificial intelligence (“AI”), the Internet of Things (“IoT”), cybersecurity as it relates to AI and IoT, and connected and autonomous vehicles (“CAVs”). Prior to the slowdown in non-COVID related legislation that accompanied the ...
Cybersecurity Challenges During the COVID-19 Pandemic
May 6, 2020, Covington Briefing Call
Audio recording Key takeaways
April 28, 2020, South China Morning Post
Yan Luo spoke with the South China Morning Post about new Chinese guidelines for operators of “critical information infrastructure,” requiring them to undergo a cybersecurity review process for any procurements that could have national security implications. According to Ms. Luo, the criteria may push companies to stay away from multinational providers that are ...
Privacy Challenges Against FATCA Face Uphill Battle
April 27, 2020, Law360
Michael Lloyd is quoted in Law360 regarding the implications of EU data protection laws on the U.S. Foreign Account Tax Compliance Act’s requirements. Mr. Lloyd says there has been very little, if any, traction for cases against FATCA in the U.S. He adds, “Those cases went nowhere in the U.S. They didn’t survive and there has been no real challenge.”
China Toughens Procurement Rules for Tech Equipment
April 27, 2020, The Wall Street Journal
Yan Luo is quoted in The Wall Street Journal regarding China’s tough, new adoption of cybersecurity rules for buyers of technology equipment, which could place foreign tech products at a disadvantage in the Chinese market. Ms. Luo says the prospect of potentially lengthy reviews may prompt Chinese companies to stay away from foreign products and services.
April 15, 2020
WASHINGTON—Cybersecurity Docket has named David Fagan and Ashden Fein to its “Incident Response 30” for 2020. The list features “30 of the best data breach response lawyers in the business.” Mr. Fagan co-chairs the firm’s Data Privacy and Cybersecurity Practice. He has counseled companies on responding to some of the most sophisticated documented cyber-based ...
April 8, 2020, Covington Alert
As the world moves online during the COVID-19 pandemic, companies’ privacy and security practices are coming under increased scrutiny. Because class actions often follow such scrutiny, as demonstrated by lawsuits recently filed against Google and Zoom, companies should keep the following six developments on their radar as they rush to meet the demands of our new ...
Morrisons Ruling Leaves Door Open For Data Breach Suits
April 2, 2020, Law360
Mark Young spoke with Law360 about a UK Supreme Court case involving the intentional breach of customer data information by an employee at Morrisons. The court ruled Morrisons will no longer have to pay a fine. Mr. Young says this is the “dual-edged result” of the Supreme Court judgment. Although a company is off the hook if an employee “goes off the deep end” ...
Morrisons not liable for rogue employee data breach
April 1, 2020, Global Data Review
Daniel Cooper spoke with Global Data Review about a UK high court case involving the deliberate breach of personal information by a supermarket employee from Morrisons. The court ruled that the supermarket was not liable for the actions of the employee. Mr. Cooper described the decision as “dual-edged” and said that “when coupled with the Lloyd Court of Appeal ...
April 1, 2020, Risk Management
April 2020, Privacy Laws & Business
March 22, 2020, Covington Alert
On March 21, 2020, the data security requirements of the New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act (the “Act”) became effective. These provisions require businesses that own or license computerized data that includes the “private information” of New York residents to maintain “reasonable” security measures. Generally speaking, the ...
Telcos share location data for coronavirus efforts
March 20, 2020, Global Data Review
Dan Cooper spoke with Global Data Review about how telecommunications companies are providing data regulators location data to track the effects of social distancing in the wake of coronavirus. Mr. Cooper told GDR that the measures in Europe are “not too much of a concern” from a privacy perspective as the data being used by authorities is anonymized and ...
Democrats Want to Prevent Coronavirus Credit Report Harm
March 19, 2020, Bloomberg
David Stein spoke with Bloomberg about legislation from Senate Democrats to shield U.S. citizens from negative credit reporting for the duration of the new coronavirus crisis. Three senators are looking to throw out a rule where credit bureaus are required under the Fair Credit Reporting Act to collect negative information. Mr. Stein says, “To the extent that ...
March 16, 2020, Global Data Review
Trisha Anderson spoke with Global Data Review about Congress’s lapse in renewing the Freedom Act while dealing with COVID-19. Ms. Anderson told GDR if Congress doesn’t renew the business records provision, the FBI will have to operate with pre-Patriot Act surveillance tools. She adds that the FBI would still be able to obtain business records via grand jury ...
Spring 2020, The Business Lawyer
February 11, 2020, Global Data Review
Libbie Canter is quoted in Global Data Review regarding the California Attorney General Xavier Beccera’s revisions to the California Consumer Privacy Act’s (CCPA) regulations. The revisions have left many businesses concerned and with unanswered questions. Ms. Canter says despite the revisions “ambiguities” remain for entities that collect data from third ...
February 5, 2020, Law360
Susan Cassidy is quoted in Law360 regarding the DoD’s implementation of cybersecurity requirements for defense contractors. Ms. Cassidy says that questions about the process, such as who will audit the thousands of contractors that need to be certified for cybersecurity compliance, how they will be audited and what options they will have if they disagree with an ...
AI and Attorney Obligations Are Still Outpacing the Law
February 4, 2020, Legaltech News
Lee Tiedrich spoke with Legaltech News about lawyers’ obligations pertaining to the law and artificial intelligence. Ms. Tiedrich indicated that much like the internet in the 1990s, the growth of technologies such as AI continues to outstrip the development of the law. The lack of absolute regulatory clarity raises the stakes for organizations. “You need to be ...
January 31, 2020, Covington Alert
This evening, at 11:00 p.m. GMT, the UK will leave the European Union. Brexit day marks a beginning, not an end. The UK today embarks on a complex process of negotiating new arrangements for trade and cooperation with the EU and partners around the world. Regulatory divergence seems inevitable, given that the UK will want to make its own decisions on existing ...
January 31, 2020, Covington Alert
At 11 p.m. tonight, the UK will officially leave the EU. Although this is a significant milestone in the development of the UK’s data protection framework, the UK will remain very closely linked to the EU in the short term at least, and for many the change may be imperceptible.
US House privacy bill differs from Senate counterparts
January 13, 2020, Global Data Review
Lindsey Tonsager is quoted in Global Data Review regarding a recently released draft privacy bill from the US House Committee on Energy & Commerce which differs from current Senate bills. With roughly a quarter of House Democrats coming from California, Ms. Tonsager told GDR that there will be major opposition to pre-emption in the House. “We’ve already seen the ...
ICO hits electronics retailer with maximum pre-GDPR fine
January 10, 2020, Global Data Review
Daniel Cooper is quoted in Global Data Review regarding the UK ICO’s decision to fine DSG Retail £500,000 under pre-GDPR data protection law. The fine stems from the company being compromised by a cyberattack affecting at least 14 million people. Mr. Cooper says, “the ICO's imposition of a maximum fine appears due, in part, to the fact that it felt DSG should ...
January 9, 2020, WatersTechnology
Michael Nonaka spoke with WatersTechnology about the impact of the California Consumer Privacy Act on financial institutions. Mr. Nonaka says, “There are exemptions [in the CCPA] for information that is covered by the GLBA. This is consumer information used by FIs, including broker-dealers. But there is not a broad exemption that just takes out the entirety of ...
January 9, 2020, Global Data Review
Daniel Cooper spoke with Global Data Review about the European Commission’s recommended changes to artificial intelligence liability rules. Mr. Cooper says the commission is keen to stress that the conclusions drawn from the report remain those of the expert group only. “One has to assume that the commission wants to be careful to test the waters first and gauge ...
What to expect in 2021: China - Preview
January 8, 2020, Reuters
Yan Luo is quoted in Reuters Practical Law China's GC Agenda China with her thoughts on the new compliance challenges that China's new data privacy and cybersecurity regimes with bring. Specifically, Yan expects that China's draft Data Security Law and Personal Information Protection Law will be finalized in 2021. Together with the Cybersecurity Law, the three ...
January 1, 2020, Financial Times
Lindsey Tonsager spoke with the Financial Times about the California Consumer Privacy Act (CCPA) and the different ways companies are trying to comply with the new law. Addressing some companies’ efforts to create self-serve portals to handle users’ privacy requests, Ms. Tonsager says, “This works fine but if you get a high spike of data access requests — right ...
January 2020
Covington has created a list of Top 10 Questions for Ideation of Digital Health Solutions that can help lawyers contribute to the digital health ideation process. Our clients increasingly apply agile product and business development methodologies when they are developing digital health solutions. "Ideation" is part of that process and involves the rapid ...
December 20, 2019, Covington Alert
On December 19, 2019, Advocate General (“AG”) Henrik Saugmandsgaard Øe handed down his Opinion in Case C-311/18, Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (“Schrems II”). The AG’s Opinion provides non-binding guidance to the Court of Justice of the EU (“CJEU”) on how to decide the case.
December 13, 2019, Legaltech News
Lee Tiedrich is quoted in Legaltech News regarding the continued use of artificial intelligence, despite ethics concerns. Ms. Tiedrich says that companies could put in “good governance processes to manage the [AI] product design, development and implementation in accordance with their ethnical principles.” She also noted that to limit bias, it is also necessary ...
December 4, 2019, Daily Journal
Lindsey Tonsager is quoted in Daily Journal regarding a new voter initiative designed to improve consumer privacy in California. Ms. Tonsager says, “The new ballot initiative has introduced some uncertainty into the conversation for businesses. There has been a real whiplash throughout the whole process of the CCPA. It was enacted back in 2018, and its already ...
December 2019, Government Contracting Law Report
December 2019, Privacy Laws & Business
November-December 2019, Privacy & Cybersecurity Law Report
European Countries Reluctant To Challenge FATCA
November 27, 2019, Law360
Atli Stannard is quoted in Law360 regarding the U.S. Department of the Treasury’s claims of European Union banks violating privacy and anti-discrimination laws when they share customer information with the IRS. EU countries may negotiate with the Treasury Department, but only if they receive larger cross-border effort against tax avoidance. Mr. Stannard says, ...
November 21, 2019, Law360
Micaela McMurrough is quoted in Law360 regarding a recently unveiled cybersecurity protocol guidelines aimed at arbitrators, institutions and arbitration users on topics including baseline security measures. Ms. McMurrough says, "We tried to build in flexibility [so that the] document can be used as guidance, rather than something that's prescriptive.”
IAPP: 'Sale' Under CCPA May Not Be as Scary as You Think
October 29, 2019
As the effective date of the California Consumer Privacy Act looms closer, companies are grappling with the significance of the law and its definitions. One defined term in particular, “sale,” has sparked heated debate between industry and consumer advocates, and even within the legal profession. While much has been said about this term, more needs to be said. ...
October 24, 2019, Law360
Susan Cassidy spoke with Law360 about the Department of Defense’s goal for its Cybersecurity Maturity Model Certification (CMMC) and its impact on join bid contractors. Ms. Cassidy says such teaming arrangements are already complicated and can take years to put together for big defense procurements. Although the DOD has said cybersecurity compliance will be ...
October 22, 2019, Legaltech News
Trisha Anderson spoke with Legaltech News about a bilateral data access agreement, a new mechanism of the CLOUD Act and its effect on law firms. A year after the CLOUD Act, the first data-sharing agreement is most relevant to U.K. law enforcement agencies having access to the vast data held by U.S.-based tech companies, says Ms. Anderson. She adds, “The most ...
Will China’s revised cybersecurity rules put foreign firms at risk of losing their secrets?
October 13, 2019, South China Morning Post
Yan Luo is quoted in the South China Morning Post regarding China's revised cybersecurity rules. Ms. Luo says many of the relevant cybersecurity requirements are “not that out of the global norm”, and unlikely to be a challenge for firms that already has “robust cybersecurity programmes.”
October 11, 2019, Covington Alert
On October 10, 2019, California state attorney general Xavier Becerra announced the release of proposed implementing regulations concerning the California Consumer Privacy Act (CCPA). Interested stakeholders can submit written comments until December 6, 2019 at 5 PM (Pacific Time). In addition, four public hearings will be held on December 2nd (Sacramento), ...
Federal Trade Commission Hosts Workshop to Review the Children’s Online Privacy Protection Rule
October 10, 2019, Covington Alert
On Monday, the Federal Trade Commission held a workshop to examine whether to update the FTC’s rule adopted under the Children’s Online Privacy Protection Act (“COPPA Rule”). The Future of the COPPA Rule: An FTC Workshop featured a range of speakers and panelists, including representatives from industry, consumer groups, and academia.
October 10, 2019, Covington Alert
On October 2, 2019, the English Court of Appeal handed down a landmark judgment in Lloyd v Google LLC [2019] EWCA Civ 1599 (“Lloyd”) concerning Google’s alleged misuse of the personal data of over 4 million iPhone users via cookies placed on the Safari browser.
EU Cookie Ruling Tightens Leash On Ad Tech Staple
October 9, 2019, Law360
Kristof Van Quathem is quoted in Law360 regarding a European Court of Justice’s decision to increase web cookie consent measures. Mr. Van Quathem says, “It’s unfortunate that the court didn’t address that point because it’s commercially and politically a very sensitive topic, on which there is a lot of uncertainty right now, and it’s a question that could have ...
Covington Promotes Data Lawyer in Beijing
October 3, 2019, Global Data Review
Global Data Review covered Yan Luo’s recent promotion to partner. Ms. Luo is a member of GDR’s inaugural 40 under 40 set. “This experience has broadened my horizons and is very fulfilling for me personally,” she told GDR.
October 2, 2019
Boards and CEOs at companies of all sizes operating around the world list cybersecurity as one of the top concerns keeping them up at night. Cyber threats are in the news on a daily basis and we hear about data breaches all the time. But our practice often helps clients respond to cyber incidents that are much broader than data breaches; they range from small ...
October 2019, Intellectual Property & Technology Law Journal
CCPA Amendments Would Ceate Independent Enforcer
September 30, 2019, Global Data Review
Lindsey Tonsager spoke with Global Data Review about proposed amendments to the California Consumer Privacy Act filed by Alastair Mactaggart of the Californians for Consumer Privacy. Ms. Tonsager said that given the time and resources spent on preparing staff within California’s office of the attorney general for the CCPA, she was “baffled” to see the proposal ...
September 27, 2019, Covington Alert
Real estate developer Alastair Mactaggart is making news with the announcement of another privacy ballot initiative, the California Privacy Rights and Enforcement Act (“CPREA”). He intends to include his new initiative on the November 2020 ballot.
September 26, 2019, Financial Times
Lindsey Tonsager is quoted in the Financial Times regarding the California Consumer Privacy Act’s effect on businesses in the state and around the world. Ms. Tonsager says, “Once the new law takes effect, the California attorney-general will overnight become one of the most powerful privacy regulators in the world.” She adds, “Companies that already had to apply ...
September 23, 2019, Bloomberg Law
Lee Tiedrich recently participated in the “AI and the Rule of Law Roundtable” in Athens and spoke with Bloomberg Law about with the event, which was , focused on ensuring that AI tech works as intended—and that those who implement and operate such systems are competent to do so. Ms. Tiedrich says, “Although the Roundtable participants came from different ...
September 16, 2019, Global Data Review
Lindsey Tonsager spoke with Global Data Review about the recently-passed California Consumer Privacy Act. Ms. Tonsager says the issues the attorney general need to clarify include what a “do not sell my personal information” link should look like on company websites, how that link should be formatted, and where it should be placed. One of the most important ...
September 11, 2019, Legaltech News
Lindsey Tonsager is quoted in Legaltech News regarding Google’s settlement with the FTC involving violations of the Children's Online Privacy Protection Act. Ms. Tonsager says, “This is the first FTC settlement that dealt with behavioral advertisements against a platform that just hosts third-party content.” She noted FTC Commissioner Rebecca Kelly Slaughter’s ...
August 27, 2019
FRANKFURT—WirtschaftsWoche, Germany’s leading business weekly news magazine, has named Covington as the top law firm for IT law and Dr. Lars Lensdorf, a partner in Covington’s Frankfurt office, to its list of top IT lawyers in Germany. Dr. Lensdorf focuses his practice on IT law, outsourcing, digitalization and industry 4.0, IT related bank regulatory matters, ...
August 4, 2019, CoinTelegraph
Michael Nonaka spoke with CoinTelegraph to discuss cryptocurrency regulation in the U.S. Mr. Nonaka says, "The U.S. Financial Crimes Enforcement Network issued its first guidance addressing cryptocurrency companies in 2013, and since then regulatory action for digital assets has been slow to develop but has picked up in the past few years as an increasing ...
Keeping Up with the Tech: Behind the FTC's COPPA Review
July 25, 2019, Legaltech News
Lindsey Tonsager spoke with Legaltech News about the FTC’s public request for comment on the Children’s Online Privacy Protection Act (COPPA). Ms. Tonsager said, “Regardless of whether the FTC is looking at the rule or not, I think the common best practice is to collect only the information that you need. The data minimization helps regardless if the regulator ...
July 17, 2019, Covington Alert
On July 5, 2019, China’s Standing Committee of the National People's Congress (NPC) published a new draft Encryption Law (“the draft Law”) for public comment. The draft Law, if enacted as drafted, would bring significant new changes to China’s commercial encryption regime.
July 17, 2019, Covington Alert
On July 9, 2019, the European Court of Justice (“ECJ”) heard oral argument in Case C-311/18, Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (“Schrems II”). The primary question before the ECJ is whether the European Commission’s standard contractual clauses (“SCCs”) are valid for transfers of personal data to the United States.1 Given ...
Covington Represents BSA in Landmark Data Protection Case Before Europe's Highest Court
July 9, 2019
BRUSSELS—Today, a team of Covington lawyers argued before the European Court of Justice in a landmark data protection case, Case C-311/18, Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (“Schrems II”). The case has significant ramifications for any organization that relies on the standard contractual clauses (“SCCs”) to transfer personal ...
Wanted: Lawyers Who Understand AI
July 9, 2019, Wall Street Journal
Lindsey Tonsager is quoted in the Wall Street Journal regarding the initiative to increase artificial intelligence legal practices. Ms. Tonsager says data is the fuel that drives artificial intelligence, but it can come with legal restrictions. Companies acquiring datasets need to be sure their contracts give them the right to use the data to train algorithms. ...
Asia's Complex Compliance Landscape
July 8, 2019, Pharmaceutical Executive
Eric Carlson spoke with Pharmaceutical Executive about the compliance challenges prevalent in the Asia-Pacific region. On the emergence of general compliance in the region, Mr. Carlson says, “When I first moved to Beijing in 2008, there were only a couple of dozen people who had compliance on their business card. It just wasn’t a job in China then. Ten years ...
July 2, 2019, Thomson Reuters Regulatory Intelligence
June 27, 2019
SAN FRANCISCO—The Daily Journal has named Lindsey Tonsager to its 2019 “Top Artificial Intelligence Lawyers,” recognizing the top artificial intelligence lawyers in California. Ms. Tonsager co-chairs the firm’s Artificial Intelligence Initiative, which is a cross-functional practice advising companies developing or utilizing AI technologies. She is advising ...
June 21, 2019, The Wall Street Journal
Michael Nonaka is quoted in The Wall Street Journal regarding the Financial Act Task Force’s request to virtual currency firms to develop procedures for sharing customer information with other financial institutions. Mr. Nonaka says that some crypto companies have invested heavily in compliance, others have a long way to go to build the systems necessary for ...
June 14, 2019, Government Contracting Law Report
June 10, 2019, TechNode
Yan Luo was quoted in Technode regarding China's evolving cybersecurity framework. Ms. Luo says foreign companies operating in China are pursing compliance through tailoring their existing global cybersecurity program to fit China's regulatory environment.
Feds Send Clear Message With Flurry Of Fintech Cases
June 7, 2019, Law360
Anne Termine is quoted in Law360 regarding the SEC’s enforcement on fintech and cryptocurrency matters. Ms. Termine says, “From my perspective, having a no-fine case is a pretty big deal. And I think the SEC wanted to make pretty clear that it was a big deal that this was a self-report and that [the company was] recognizing the SEC jurisdiction, that they were ...
Expert Q&A on the EU Cybersecurity Act
June 4, 2019, Thomson Reuters
Mark Young participated in a Q&A with Thomson Reuters about the EU Cybersecurity Act and its new cybersecurity certification schemes for information and communication technology products, services, and processes, especially internet of things devices. The interview also discusses how the Act supports the EU Directive on the Security of Network and Information ...
Inside The Legal Battle For The Future Of Fintech
June 3, 2019, Law360
Michael Nonaka is quoted in Law360 regarding the OCC and New York Department of Financial Services’ legal battle over how the fintech industry will be regulated. Mr. Nonaka says, “The litigation challenging the OCC's authority to issue a special purpose fintech charter certainly has delayed the process for nondepository fintech firms to apply and receive ...
June 2019, Pharmind
Connected and Automated Vehicles Webinar Series: Levering Data in a Connected World
April 18, 2019
This webinar covered such topics as: Securing rights to use data created by connected and automated vehicles (CAVs); Key elements of a data strategy for connected and autonomous vehicles; the data risks involved with CAVs including privacy, cybersecurity, and law enforcement; and best practices in negotiating commercial agreements involving data.
Going Over the Top
April 9, 2019, Global Data Review
Trisha Anderson spoke with the Global Data Review about the U.S.’s encryption law and its role electronic communication. According to Ms. Anderson, authorities in the U.S. have only general legal tools to seek access to encrypted data. Some traditional U.S. investigative tools, issued through courts and codified in law enforcement procedures, contain general ...
2019, American Bar Association
Our cross-disciplinary Internet of Things initiative contributed to the ABA's first book on IoT, The Internet of Things: Legal Issues, Policy, & Practical Strategies. Laura Kim and Jennifer Johnson authored the chapter “U.S. Regulatory Framework for IoT,” with contributions from Sarah Wilson (product safety); Wade Ackerman, Elizabeth Guo, Christopher Hanson, ...
April 2019, Pratt's Privacy & Cybersecurity Law Report
March 31, 2019, The Economist Intelligence Unit
Yan Luo was acknowledged as an advisory board member for the special report The Transparent Business Barometer: Preparing for the End of Easy Data, published by the Economist Intelligence Unit. The report revealed key trends in data privacy and cyber security on global businesses through the survey of hundreds of business executives across China, the U.S., ...
February 11, 2019, Covington Alert
On February 1, 2019, China’s National Information Security Standardization Technical Committee (“TC260”) released a set of amendments to GB/T 35273-2017 Information Technology – Personal Information Security Specification (“the Standard”) for public comment. The comment period ends on March 3.
February 6, 2019, Global Data Review
Trisha Anderson is quoted in Global Data Review regarding developments in cryptography. Ms. Anderson says that though the report “sounds a gloomy note,” she is optimistic that cryptography will keep pace with developments in quantum computing. She adds that we have to “assume that adversaries are collecting encrypted data that they could decrypt in the future. ...
February 6, 2019, Covington Alert
The National Institute of Standards and Technology (“NIST”) is seeking comments on its draft project on securing sensor networks for the Internet of Things (“IoT”). Organizations and individuals concerned with the security of IoT sensor networks are invited to comment on the draft through March 18, 2019.
February 2019, Privacy Laws & Business International Report
January 22, 2019, Covington Alert
On January 21, 2019, the French Supervisory Authority for data protection (“CNIL”) issued a fine of €50 million against Google for violations of the General Data Protection Regulation (“GDPR”) (the decision was published in French here).
January 14, 2019, Covington Alert
In the wake of destructive cyber incidents over the past few years, the insurance industry and its regulators have focused more attention on so-called “silent cyber” exposures in traditional property/casualty insurance policy forms and started taking steps to reduce or specifically address those exposures. We explain here what “silent cyber” means, and what the ...
January 2, 2019, Covington Alert
The past year was a particularly significant one for the development of Chinese privacy law. During 2018, the Chinese government systematically established the country’s regulatory requirements for cybersecurity and data privacy and continued to implement the Cybersecurity Law, which took effect on June 1, 2017.
January 2019, GCR Insight - E-Commerce Competition Enforcement Guide
December 26, 2018, Bloomberg Law
Michael Nonaka is quoted Bloomberg Law regarding the Office of the Comptroller of the Currency’s 2019 revamped rules for banks’ community investments. Mr. Nonaka says, “It’ll be interesting to see what the next step is in the rulemaking process, and that will reveal whether there are these differences.” He said the agencies are likely to come together on some ...
Georgetown Tech Hub Hires Ex-FTC Commish, Covington Atty
December 7, 2018, Law360
Terrell McSweeny is quoted in Law360 regarding being named a distinguished fellow at Georgetown Law's Institute for Technology Law & Policy. Ms. McSweeny says, "I am thrilled to join the important discussion on technology law and policy at the Institute. As an alum, I am looking forward to contributing to the excellent work Georgetown Law School [is] doing ...
November 30, 2018, Global Data Review
Trisha Anderson is quoted in Global Data Review regarding cyber and ransomware attacks. Ms. Anderson said that while the use of technologies like Tor and Bitcoin pose challenges to law enforcement by “raising the level of investigative effort and sophistication required to identify and locate cyber criminals,” the indictment in the SamSam Ransomware cyberattacks ...
November 5, 2018, Legaltech News
Lee Tiedrich spoke with Legaltech News regarding a recent survey on the legal and regulatory risks of artificial intelligence. Ms. Tiedrich suggested clients take a global perspective when assessing what laws are relevant to a particular AI program. She notes that artificial intelligence is not limited to a single jurisdiction, and clients should seek advice on ...
October 25, 2018, Covington Alert
On October 16, 2018, the Securities and Exchange Commission (the “Commission”) issued a Section 21(a) report of investigation (the “Report”) warning public companies about the importance of assessing the likelihood of cyber-related threats when designing internal accounting controls. The Report described the Division of Enforcement’s investigation of nine ...
October 23, 2018, The Law Society Gazette
Daniel Cooper spoke with The Law Society Gazette regarding a UK Court of Appeal decision that could make employers vicariously liable for employees’ actions even if they had taken preventative steps and bore no criminal responsibility. Mr. Cooper said the employer should bear the enterprise risk and assume liability for the actions of its employees, as long as ...
What California's new law on internet-connected devices means for Bay Area tech companies
September 21, 2018
Lindsey Tonsager is quoted in the San Francisco Business Times regarding California’s new cybersecurity bill regulating internet-connected devices. Ms. Tonsager believes the vagueness of the “reasonable” standard makes the law flexible. She says, “It’s really helpful that the legislation acknowledges flexibility in identifying which standards are reasonable. ...
Yan Luo Named to Global Data Review's “40 Under 40”
September 19, 2018
BEIJING — Global Data Review has named Covington’s Yan Luo to its inaugural “40 Under 40” list, recognizing the 40 individuals who represent the best and the brightest of the data law bar around the world. Based in the firm’s Beijing office, Ms. Luo advises clients on a broad array of regulatory matters in connection with data privacy, international trade, ...
September 17, 2018, Law360
Lindsey Tonsager is quoted in Law360 regarding California’s newly enacted rules mandating security features for internet-connected devices. Makers of IoT devices will be required under Senate Bill 327 to equip products with "reasonable security features." Ms. Tonsager says, "The 'reasonable security' standard is quite flexible, which is good when operating in a ...
Disputes Eye: Hunting krakens – As finance and Russian work slows veteran litigators look to key trends and opportunities
September 13, 2018, Legal Business
Louise Freeman spoke with Legal Business regarding the latest trends in disputes. She highlights the growing potential for litigation from the rise in cyberattacks impacting major companies. Ms. Freeman observed ‘The UK courts are increasingly adapting to deal with this kind of litigation,’ and points to the Clarkson v Person or Persons Unknown High Court case ...
Lateral Watch
September 11, 2018, Am Law Litigation Daily
Terrell McSweeny is quoted in Am Law Litigation Daily regarding her move to the firm. “I am excited to join a firm that is well positioned to guide clients through the increasingly complex global antitrust, cybersecurity and consumer protection landscape,” said Ms. McSweeny.
Transitions
September 11, 2018, Politico
Politico featured Terrell McSweeny’s recent move to Covington’s antitrust law, data privacy and cybersecurity practice groups.
Former FTC Commissioner McSweeny Joins Covington
September 10, 2018
WASHINGTON— Terrell McSweeny has joined Covington as a partner in the Antitrust and Competition Law and Data Privacy and Cybersecurity Practice Groups in Washington. Ms. McSweeny most recently served as a Commissioner at the Federal Trade Commission. Ms. McSweeny has held senior appointments in the FTC, Department of Justice, White House, and United States ...
September 10, 2018, The National Law Journal
Deborah Garza is quoted in The National Law Journal regarding Terrell McSweeny joining the firm. Ms. Garza says, “Having served both at the FTC and in the Antitrust Division, Terrell has an exceptionally broad base of experience to draw upon in helping clients understand and manage the antitrust enforcement, privacy, and data security issues. She also has ...
McSweeny joins Covington
September 10, 2018, Global Competition Review
Terrell McSweeny and Deborah Garza are quoted in Global Competition Review regarding Ms. McSweeny’s move to the firm. Ms. McSweeny says that Covington is a “wonderful fit” due to its bench of former DOJ and FTC lawyers. She added that it will be good to work with colleagues who have had similar experiences. Ms. Garza praised McSweeny’s excellent reputation and ...
Ex-FTC Commissioner McSweeny Joins Covington's DC Office
September 10, 2018, Law360
Terrell McSweeny is quoted in Law360 regarding her move to the firm. Ms. McSweeny says, “I am very excited to be joining a terrific firm to deal with the global challenges of antitrust, cybersecurity and consumer protection.”
September 10, 2018, Bloomberg
Terrell McSweeny’s move to Covington’s data privacy and cybersecurity practice group is highlighted in Bloomberg.
Former FBI official joins Covington
September 7, 2018, Global Investigations Review
Trisha Anderson and James Garland are quoted in Global Investigations Review regarding Ms. Anderson rejoining the firm. Mr. Garland believes Ms. Anderson will be a valuable asset to helping navigate the U.S. Cloud Act. He says, “Trisha has that ability to spot the pain points for both the clients and the government and help figure out a way forward. Sometimes ...
Leading National Security Lawyer Rejoins Covington
September 4, 2018
WASHINGTON—Trisha B. Anderson, an experienced national security and cybersecurity lawyer who has held senior positions at multiple federal agencies, has rejoined Covington as a partner in Washington. Ms. Anderson most recently served as Principal Deputy General Counsel of the Federal Bureau of Investigation, where she handled complex national security and cyber ...
August 17, 2018
LONDON—Covington has advised Sensyne Health on medical device regulatory and data protection matters in connection with its £60 million IPO on London’s AIM market. The firm also represented Sensyne Health in negotiating strategic research and data processing agreements with the Chelsea and Westminster Hospital NHS Foundation Trust, the Oxford University ...
August 17, 2018
WASHINGTON— Law360 named Covington lawyers Alexander Berengaut, Michael Nonaka, and Ursula Owczarkowski to its list of “2018 Rising Stars.” This annual recognition honors top attorneys under 40 “whose legal accomplishments transcend their age.” Alex Berengaut represents clients in civil litigation, international arbitrations, and government enforcement ...
August 7, 2018, Global Data Review
David Stein is quoted in Global Data Review regarding the U.S. Department of Treasury’s recommendation to introduce data protection regulations in the fintech industry. Mr. Stein suggested that such a law may have to be modeled on existing state-level legislation. He says, “There likely would be pressure to enhance existing federal data security laws that apply ...
August 1, 2018, Bloomberg Law
Michael Nonaka is quoted in Bloomberg Law on the fintech industry’s enthusiasm regarding the Treasury Department’s recommendation that Congress support the “valid when made” doctrine. Mr. Nonaka adds, “The [recommendation] shows that these issues are not going away and that the uncertainty created from a growing body of inconsistent court opinions isn't a stable ...
OCC Will Accept Fintech Charter Applications
July 31, 2018, Law360
Michael Nonaka is quoted in Law360 regarding the Office of the Comptroller of the Currency accepting applications for special-purpose national bank charters from financial technology companies. Mr. Nonaka says it will be a while before any fintech firms operate as national banks, and they may ultimately decide the special purpose charter does not suit their ...
July 30, 2018
SILICON VALLEY—Covington advised GlaxoSmithKline on its multi-year collaboration with and $300 million equity investment in 23andMe. GSK will become 23andMe’s exclusive collaborator for drug target discovery programs. The collaboration will focus on research and development of innovative new medicines and potential cures using human genetics as the basis for ...
July 5, 2018, Covington Alert
On June 27, 2018, China’s Ministry of Public Security (“MPS”) released for public comment a draft of the Regulations on Cybersecurity Multi-level Protection Scheme (“the Draft Regulation”). The highly anticipated Draft Regulation sets out the details of an updated Multi-level Protection Scheme, whereby network operators (defined below) are required to comply ...
July 3, 2018, Covington Alert
On June 28, 2018, the Governor of California signed the California Consumer Privacy Act of 2018 (“CCPA”). The new law is the most comprehensive data privacy statute in the United States and introduces significant privacy requirements for covered businesses. The CCPA takes effect on January 1, 2020, but based on comments from both the public-interest and business ...
California lawmakers wallop tech companies on privacy
June 28, 2018, Politico
Lindsey Tonsager is quoted in a Politico article regarding a bill passed by California lawmakers that imposes stricter consumer privacy rules on companies. Should the California law trigger other states to put their own restrictions on consumer privacy, industry lobbyists and advocates will likely look to Congress to create consistent standards, says Tonsager. ...
How Can We Make Best Use of Health Data?
June 14, 2018, Financial Times
Kristof Van Quathem participated in a Financial Times podcast to discuss the impact of the General Data Protection Regulation on medical research and health technology companies. According to Van Quathem, "One of the main concerns I think that we see in the research circle is the uncertainty that is being created by the GDPR, and in particular, when it comes to ...
GDPR Has Companies Big and Small Racing to Comply
May 24, 2018, The Wall Street Journal
Henriette Tielemans is quoted by The Wall Street Journal in an article regarding the upcoming deadline for companies to comply with the General Data Protection Regulation. “Companies are struggling with the concrete deliverables—the record of processing activities, the transfer agreements, the notices, the website—because of the sheer volume,” says Tielemans. ...
ISO and U.S. NIST Focus on Privacy by Design
May 15, 2018, Global Data Review
Susan Cassidy is quoted in a Global Data Review article regarding the focus on privacy by design by the International Organization for Standardization and the U.S. National Institute of Standards and Technology. Cassidy says that the anecdotal evidence she has from speaking to her private sector clients is that they are increasingly considering NIST guidelines, ...
Covington Hires Ex-Wilson Sonsini Tech Deals Pro
April 23, 2018, Law360
Suzanne Bell and Tom DeFilipps are quoted in a Law360 article regarding Bell's arrival to Covington's Technology Transactions practice. Bell says she is excited to join Covington and looks forward to helping it build its tech practice and advise clients on incorporating new technologies into their businesses. “The firm’s collaborative approach will allow me to ...
April 19, 2018
WASHINGTON—The BTI Consulting Group has named Covington lawyers Andrew Smith, Jonathan Sperling, and Allan Topol to its 2018 “Client Service All-Stars” list, which recognizes “the leaders in superior client service.” Mr. Smith, based in Washington, advises clients on retail financial services, credit reporting, privacy, technology, and e-commerce issues. He ...
April 18, 2018, Thomson Reuters Regulatory Intelligence
April 12, 2018, The Recorder
The Recorder highlights the arrival of Suzanne Bell to Covington's Technology Transactions practice. Bell says she was attracted to the firm's strong regulatory practice given the increased intersection between the technology sector and government regulations. Bell adds that she is looking forward to using her experience in technology transactions to assist ...
What will happen on May 26? We asked Helen Dixon
April 3, 2018, IAPP
Henriette Tielemans participated in a session at the Global Privacy Summit and is quoted in an IAPP article regarding what happens once GDPR goes into effect. "For a lead regulator for the one-stop shop, you need a mean establishment. You lose a lot of the benefits of the GDPR if you're unable to come up with what your main establishment is," Tielemans said.
China’s internet lenders fall foul of data privacy rules
April 1, 2018, Financial Times
Yan Luo is quoted in a Financial Times article regarding survey findings that suggest that more than half of Chinese internet finance lenders are failing to comply with data privacy regulations. According to Luo, “Investors should certainly expect more government scrutiny on their business model from a data protection perspective."
Irish Regulator To Eye Transparency In GDPR Enforcement
March 29, 2018, Law360
Henriette Tielemans spoke at an IAPP event and is quoted in a Law360 article regarding the Irish privacy authority's focus once GDPR takes effect. According to Tielemans, while “the GDPR has 150 articles, and businesses are worried about all 150 of them,” companies are most concerned about the regulators’ ability to issue massive fines of up to 4 percent of ...
FTC Signals Tougher Stance on Mobile Privacy Protection
March 29, 2018, E-Commerce Times
Yaron Dori is quoted in an E-Commerce Times article regarding the FTC's recent report on mobile privacy protection. According to Dori, "The FTC is limited in its ability to bring enforcement actions against telecommunications carriers because of the 'common carrier' exemption in the FTC Act." A federal appeals court recently ruled that this exemption does not ...
Covington Opens Frankfurt Office
March 28, 2018
LONDON—Covington will open an office in Frankfurt, Germany on April 3 led by eight partners. Frankfurt will be the firm’s third European office and will work closely with the firm’s five offices in the United States, its three offices in Asia, and its offices in the Middle East and Africa. “Covington will offer German companies a unique capability to help them ...
FTC Recommends Greater Transparency, Better Recordkeeping and Further Streamlining of Mobile Security Practices
March 28, 2018, The Cybersecurity Law Report
Yaron Dori is quoted by The Cybersecurity Law Report in an article regarding the FTC's report, “Mobile Security Updates: Understanding the Issues." “The FTC has long been interested in data security and the extent to which consumer data—especially personally identifiable or sensitive consumer data—is protected from unauthorized disclosure,” say Dori. Dori calls ...
March 27, 2018
BRUSSELS—Henriette Tielemans, co-chair of Covington’s global Data Privacy and Cybersecurity practice, has today received the IAPP Privacy Vanguard Award, the industry's top honor, for her lifelong services to the data privacy community. The International Association of Privacy Professionals (IAPP) is the world’s largest and most comprehensive global information ...
March 27, 2018, IAPP
Henriette Tielemans was the recipient of the 2018 IAPP Privacy Vanguard Award, a recognition reserved for individuals who display “exceptional leadership, knowledge, and creativity in the field of privacy and data protection.”
March 27, 2018, Covington Alert
On March 23, 2018, Congress passed, and President Trump signed into law, the Clarifying Lawful Overseas Use of Data (“CLOUD”) Act, which creates a new framework for government access to data held by technology companies worldwide.
GDPR drives global privacy compliance now, but still unclear whether it will become de facto global standard, experts say
March 23, 2018, MLex
Lindsey Tonsager recently spoke at the BCLT Privacy Law Forum in Silicon Valley is quoted in an mLex article discussing whether GDPR will automatically become a global privacy standard. Tonsager said that working with companies that depend on AI technology to become compliant with the GDPR “is incredibly, incredibly challenging." Commenting on modifications to ...
March 19, 2018, Covington Advisory
Cyberattacks targeting defense contractors illustrate the need for cybersecurity, for thoughtful planning—and for insurance when security and planning prove insufficient. Understanding your insurance policies before things go wrong can help ensure financial protection when they do.
March 2018, Microsoft
The five-minute management idea: wearable tech
March 2, 2018, Chartered Management Institute
Daniel Cooper is quoted in a Chartered Management Institute article regarding wearable technology. Providing the legal perspective, Cooper says, "Any employer processing personal information is subject to a range of obligations–this includes making sure they’re very transparent about what they collect, ensuring they have a legal basis for processing that data. ...
March 1, 2018, Covington Alert
On February 21, 2018, the U.S. Securities and Exchange Commission (the “Commission”) approved a statement and interpretive guidance that provides the Commission’s views on a public company’s disclosure obligations concerning cybersecurity risks and incidents (the “2018 Commission Guidance”).
February-March 2018, Pratt’s Privacy & Cybersecurity Law Report
February 15, 2018, Bloomberg Law
Anne Termine is quoted in a Bloomberg Law article regarding the settlement reached with AMP Global Clearing LLC following charges from the CFTC stating that AMP's failure to diligently supervise a cybersecurity vendor resulted in a data breach. According to Termine, cybersecurity is “an area of increasing concern and scrutiny for the CFTC as it goes directly to ...
February 6, 2018
LOS ANGELES—The Los Angeles Business Journal recognized Wade Ackerman and Aaron Lewis in its second annual list of the most influential diverse lawyers in Los Angeles. The list recognizes 50 "stellar diverse lawyers in the LA region." In Mr. Ackerman’s profile, the Business Journal emphasized his work in the FDA regulatory space. The profile noted that “with a ...
February 2018, Data Protection Leader
January 24, 2018, Covington Alert
Digital advertising typically involves a vast network of publishers, advertisers and their agencies, advertising exchanges and networks, technology platforms, and measurement and data analytics providers. To help streamline the commercial dealings of all of these parties in this complex ecosystem, advertising industry self-regulatory groups have developed ...
January 22, 2018
WASHINGTON—Covington advised Bacardi Limited in its definitive agreement to acquire Patrón Spirits International AG and its PATRÓN® brand, the world’s top-selling ultra-premium tequila, from John Paul DeJoria, a founder of Patrón. The transaction reflects an enterprise value for Patrón of $5.1 billion. The transaction follows the successful relationship the ...
Feds to Ramp Up Online Purchasing Presence
January 22, 2018, E-Commerce Times
Susan Cassidy is quoted in an E-Commerce Times article regarding efforts to create an online marketplace for government purchasers. "One model that was discussed would require a portal provider to contract with GSA to provide an online interface. Under this approach, suppliers would then sign up to use the portal, potentially via a contract with the portal ...
Russian hacker claims there's proof of his DNC breach
January 2, 2018, Politico
Susan Cassidy is quoted in Politico Pro's "Morning Cybersecurity" newsletter regarding the December 31st deadline for defense contractors to meet minimum cybersecurity requirements for the systems they operate for the Pentagon. According to Cassidy, the cybersecurity rule presents “a problem for DoD because there’s a lot of subjectivity in what is ‘adequate ...
5 Cybersecurity And Privacy Policies To Watch In 2018
January 1, 2018, Law360
Kristof Van Quathem and Yan Luo are quoted in a Law360 article regarding cybersecurity and privacy policies to watch in 2018. Commenting on the General Data Protection Regulation (GDPR), Van Quathem says that although one of the legislation's aims is to harmonize a splintered set of national data privacy laws within Europe, it may end up causing companies aiming ...
Cybersecurity & Privacy Cases To Watch In 2018
January 1, 2018, Law360
Kurt Wimmer is quoted in a Law360 article providing a roundup of cybersecurity and privacy cases to watch in 2018. Commenting on LabMD Inc. v. Federal Trade Commission, Wimmer says, "Both the courts and the FTC are grappling with the meaning of 'harm,' and I believe 2018 will be the year when these efforts will converge, with a more sophisticated understanding ...
Cybersecurity & Privacy Predictions For 2018
January 1, 2018, Law360
Kurt Wimmer and John Buchanan are quoted in a Law360 article providing cybersecurity and privacy predictions for 2018. Wimmer says, once Europe's General Data Protection Regulation (GDPR) is in force, non-EU countries around the world will begin looking at privacy regimes based on the 1995 Directive [which the GDPR will replace] and think about whether they ...
January 2018, Pratt's Privacy & Cybersecurity Law Report
December 26, 2017
SILICON VALLEY—The Financial Times has recognized Covington among the most innovative firms in 2017 in the category of "Enabling Business Growth," for advising "Tencent in its acquisition of a $8.6bn majority stake in Supercell, the Finnish gaming company, while maintaining Supercell’s creative culture and retaining its employees by introducing incentive ...
December 12, 2017, Microsoft
Eric Holder participated in Microsoft's #TechTalk series to discuss "Law Enforcement & Data." Topics included the role of national borders when it comes to accessing electronic evidence, the significance of e-evidence in investigations, the protection of fundamental rights online, the need for international police cooperation, and the unnecessary barriers to ...
ESPN Ruling Further Narrows Video Privacy Law's Reach
December 4, 2017, Law360
Kurt Wimmer is quoted in a Law360 article regarding the Ninth Circuit’s ruling in a case involving the disclosure of user app data to a third-party. "The court recognized that the concept of being publicly identified has limits, despite technological evolution," says Wimmer. "By reducing ambiguity around what qualifies as PII, this decision permits content and ...
November 30, 2017
WASHINGTON—Covington represented Aristocrat Leisure Limited in its $990 million acquisition of Big Fish Games, Inc. This acquisition expands Aristocrat’s Social Gaming business into new game genres. Aristocrat is a global provider of gaming solutions. It offers a diverse range of products and services including electronic gaming machines and casino management ...
November 2017, Pratt's Privacy & Cybersecurity Law Report
November 2017, Pratt's Privacy & Cybersecurity Law Report
Aerospace Up Against Deadline on Cybersecurity
November 24, 2017, Los Angeles Business Journal
Susan Cassidy is quoted in a Los Angeles Business Journal article regarding the difficulties that some defense contractors in Southern California were facing trying to meet the Department of Defense deadline of December 31, 2017 for implementing the cybersecurity controls in NIST Special Publication 800-171. Cassidy notes that the definition of the information ...
SEC enforcement ebbs in 2017
November 20, 2017, Compliance Reporter
David Kornblau is quoted in a Compliance Reporter article regarding the SEC's annual enforcement report for 2017. According to Kornblau, the report showed a decrease in enforcement actions compared to the prior year, as the industry expects a downshift in regulation by the agency under new SEC Chair Jay Clayton. “My sense is that the overall level of new ...
Covington's Net Neutrality and Zero-Rating Webinar
November 20, 2017, Webinar
Court Orders Glassdoor to Reveal Reviewers' Identities
November 10, 2017, HR Magazine
Jadzia Butler is quoted in an HR Magazine article regarding a recent court order requiring Glassdoor to reveal the identities of users in response to a grand jury subpoena in a wire fraud case. It is "particularly concerning" if Internet users who believe they can have anonymous online discussions have their anonymity compromised by a mere subpoena, Butler says. ...
A Summary of the Recently Introduced “Internet of Things (IoT) Cybersecurity Improvement Act of 2017
November 2017, Pratt's Government Contracting Law Report
October 31, 2017, Bloomberg Government
Susan Cassidy is quoted in a Bloomberg Government article regarding contractors' efforts to comply with new cybersecurity standards. According to Cassidy, the mandate that contractors develop cybersecurity plans—the most recent requirement added to the NIST list—is crucial for contractors. Contractors must “develop, document, and periodically update system ...
Is there a robot doctor in the house?
October 29, 2017, The Times
Lindsey Tonsager is quoted by The Times in an article regarding the use of artificial intelligence in healthcare. Commenting on how regulators are beginning to address some of the issues, Tonsager says, "The law hasn’t caught up with the technology. Nobody knows exactly who will be responsible.” “Some diseases disproportionately affect certain types of ...
October 24, 2017
WASHINGTON—As the result of a high-profile First Amendment challenge to the federal statute invoked by law enforcement to impose gag orders on technology companies, Microsoft, and its counsel Covington and Davis Wright Tremaine, have secured landmark reform of the U.S. Department of Justice's approach to digital surveillance. Covington and Davis Wright Tremaine ...
October 24, 2017, The Litigation Daily
Jim Garland and Alex Berengaut are quoted by The Litigation Daily in an article regarding the role Covington and co-counsel Davis Wright played together on behalf of Microsoft that led to a groundbreaking policy memo from Deputy Attorney General Rod Rosenstein curbing the government's use of gag orders on tech companies. “It’s not always the case that the tech ...
October 18, 2017, Covington Alert
The European Commission published its Report today on the first-annual review of the EU-U.S. Privacy Shield (the Report is accompanied with a Staff Working Document, Infographic, and Q&A).
October 13, 2017, Covington Alert
In a draft regulation released earlier this year, China proposed regulating the import, export, manufacture, sale, and use of “commercial encryption products,” building on a patchwork of regulations.1 These regulations have focused on restricting the import and use of encryption products produced by certain manufacturers, and many entities have expressed concern ...
Former FTC Official Rejoins Covington
October 12, 2017
WASHINGTON—Laura Kim has joined Covington’s Advertising and Consumer Law and Data Privacy and Cybersecurity practices in Washington. For more than a decade, Ms. Kim held a variety of roles in the Bureau of Consumer Protection at the Federal Trade Commission (FTC), including Assistant Director in two divisions, Chief of Staff to former Bureau Director Jessica ...
US corporates braced for cyber-chaos
October 3, 2017, Commercial Dispute Resolution
David Fagan is quoted in a Commercial Dispute Resolution article regarding how companies are bracing for cyber attacks. According to Fagan, cybersecurity is “a one-way ratchet: all constituents, whether customers, regulators, business partners, claimant counsel and finders of fact, are increasingly aware of and focused on the risk [which] arises from operating ...
October 2017, Pratt's Government Contracting Law Report
October 2017
Covington's Data Privacy and Cybersecurity practice is excited to take part in National Cybersecurity Awareness Month. Throughout October, our lawyers will highlight top-of-mind concerns, provide helpful tips, and discuss the cybersecurity landscape more generally through a series of posts on our Inside Privacy blog. Below you can find our most recent content, ...
September 22, 2017, The Recorder
Lindsey Tonsager is quoted by The Recorder in an article regarding the recent decision in a case brought by the FTC alleging that selling connected devices with known security weaknesses is an unfair and deceptive business practice. According to Tonsager, "Judge Donato's order should discourage the FTC from adopting a legal standard that would consider potential ...
The EU Gets Serious About Cyber: The EU Cybersecurity Act and Other Elements of the "Cyber Package"
September 18, 2017, Covington Alert
Last week, in his annual State of the European Union Address, the President of the European Commission Jean-Claude Juncker called out cybersecurity as a key priority for the European Union in the year ahead. In terms of ranking those priorities, President Juncker placed tackling cyber threats just one place below the EU leading the fight against climate change, ...
September 5, 2017, Bloomberg
Helena Milner-Smith is quoted in a Bloomberg article regarding the European Court of Human Rights ruling on employee privacy in a case brought by Bogdan Mihai Barbulescu. According to Milner-Smith, the ruling should remind employers not to "go beyond what is necessary for a legitimate purpose." She adds, "However, the Grand Chamber’s ruling will have very little ...
September 5, 2017, The Law Society Gazette
Helena Milner-Smith is quoted by The Law Society Gazette in an article regarding the European Court of Human Rights ruling on employee privacy in a case brought by Bogdan Mihai Barbulescu. According to Milner-Smith, "The decision serves as a reminder for employers who monitor workplace communications to ensure their monitoring practices do not go beyond what is ...
EU Court Reverses Ruling On Employee Chat Surveillance
September 5, 2017, Law360
Helena Milner-Smith is quoted in a Law360 article regarding the European Court of Human Rights ruling on employee privacy in a case brought by Bogdan Mihai Barbulescu. "The decision serves as a reminder for employers who monitor workplace communications to ensure their monitoring practices do not go beyond what is necessary for a legitimate purpose, that ...
China Seeks Comments on Updated Draft of Cross-Border Data Transfer Security Assessment Standard
August 31, 2017, Covington Alert
On August 31, 2017, China’s National Information Security Standardization Technical Committee (“NISSTC”), a standard-setting committee jointly supervised by the Standardization Administration of China (“SAC”) and the Cyberspace Administration of China (“CAC”), released an updated draft of the Information Security Technology - Guidelines for Data Cross-Border ...
August 25, 2017, Bloomberg BNA
Kurt Wimmer is quoted by Bloomberg BNA in an article regarding the FTC's weekly data security investigation blog. According to Wimmer, the FTC’s "Stick With Security” blog is “serving a highly useful role.” He adds that the initiative is “taking many of the key principles from the ‘Start with Security’ program and the FTC’s consent orders and rolling them out in ...
August 22, 2017, Bank Info Security
Alex Berengaut's Law360article weighing the constitutionality of the Marcus Hutchins indictment is cited in a Bank Info Security story examining questions raised by the case. According to Berengaut, it's not clear that federal prosecutors have a right to bring charges against Hutchins.
Code Linked to MalwareTech and Kronos Published in 2009
August 21, 2017, Security Week
Alex Berengaut's Law360 article on the constitutionality of the Marcus Hutchins indictment is cited in a Security Week story examining recent case developments. “Since Hutchins’ indictment, commentators have questioned whether the creation and selling of malware—without actually using the malware—violates the two statutes under which Hutchins was charged: the ...
August 11, 2017
WASHINGTON—Law360 named Covington partners Elizabeth Canter and Shankar Duraiswamy to its list of “Rising Stars for 2017.” This annual recognition honors top attorneys under 40 “whose legal accomplishments transcend their age.” Ms. Canter advises multinational companies on privacy, cyber security, and technology transaction issues. She has special expertise in ...
August 10, 2017, The Wall Street Journal
Mark Young is quoted in The Wall Street Journal's "Morning Risk Report" in an article regarding the Network and Information Systems directive. According to Young, “This is another data-related compliance requirement and it carries heavy penalties for failure to have in place appropriate network security measures."
UK data laws enter Facebook era
August 8, 2017, Financial Times
Lisa Peets is quoted in a Financial Times article regarding the EU's new General Data Protection Regulation which will be introduced into UK law later this year. "Under the regulations, the definition of 'personal data' will be extraordinarily broad—any information that is related to a person," says Peets. "Companies are finding out that they are processing a ...
Rising Star: Covington & Burling's Elizabeth Canter
August 2, 2017, Law360
Libbie Canter was named a "Rising Star" by Law360, recognizing her as a top lawyer under 40 in Privacy & Cybersecurity law. In its profile of Canter, Law360 highlights her advisory role on significant transactions, including Microsoft’s $8.5 billion acquisition of video call service Skype.
July 28, 2017, Medtech Insight
Marialuisa Gallozzi, John Buchanan, and Jeff Kiburtz are quoted in a Medtech Insight article regarding the growing interest in the healthcare sector in buying cyber insurance. According to Gallozzi, "We are in the midst of an evolution of the insurance market right now in this area." She says cyber insurance policies have been a growing trend but unlike other ...
July 21, 2017, Law360
Kurt Wimmer is quoted in a Law360 article regarding the State of Washington's new law governing the collection and use of consumers’ biometric information. According to Wimmer, the law “is more sensible and targeted than some other biometric laws because it applies only to biometric identifiers stored in a database that matches those identifiers to specific ...
July 12, 2017, Covington Alert
On July 11, 2017, the Cyberspace Administration of China (CAC) released the draft Regulation for the Protection of the Critical Information Infrastructure (“Draft Regulation”) for public comment (official Chinese version available here). The comment period ends on August 10, 2017.
Pentagon demands contractors up cybersecurity
July 2, 2017, San Antonio Express-News
Susan Cassidy is quoted in a San Antonio Express-News article regarding new cybersecurity requirements for contractors. According to Cassidy, "Essentially, the DOD wants its contractors to protect its information, because the DOD is a huge target, and its contractors are also a target." Commenting on the fact that over the years, contractors have been working ...
June 29, 2017, Bloomberg Law
Lindsey Tonsager is quoted in a Bloomberg Law article regarding the FTC's updated guidance that includes adding online-based questions as a method of obtaining parental consent under the Children's Online Privacy Protection Act. According to Tonsager, the new methods are a quick way for parents to give consent without having to mail in forms, and will largely ...
June 20, 2017, Law360
Kurt Wimmer is quoted in a Law360 article regarding LabMD Inc. v. FTC , where the FTC will attempt to justify its data security enforcement authority. “The LabMD argument will provide an important window into how the new FTC will deal with the all-important question of 'harm' in the context of data security enforcement actions,” says Wimmer. “The argument ...
June 19, 2017, Bloomberg BNA
Kurt Wimmer is quoted in a Bloomberg BNA article regarding LabMD Inc. v. FTC , where the FTC will attempt to justify its data security enforcement authority. According to Wimmer, "[o]ral argument “presents an opportunity for the FTC to explain its current view of ‘harm,’ and how it should be applied in the LabMD case."
New cyber law in China stirs alarm
June 1, 2017, The Hill
Yan Luo is quoted by The Hill in an article regarding some of the uncertainties surrounding China's new Cybersecurity Law. Under the new law, cross-border data transfers for operators of "critical information infrastructure" are subject to security reviews and restrictions. According to Luo, "We don’t really have a definition of critical information ...
May 24, 2017, Covington Alert
On May 25, 2018, employers located or with staff in the European Union (“EU”) will have to comply with a new data protection law—Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data—commonly referred to as the General Data Protection Regulation (“GDPR”). This will ...
Artificial Intelligence
May 23, 2017, Cloud, Big Data and AI Conference, Seattle, Washington
European General Data Protection Regulation: What You Need to Know
May 23, 2017, Cloud, Big Data and AI Conference, Seattle, Washington
May 19, 2017, Covington Alert
On May 19, 2017, the Cyberspace Administration of China (“CAC”) invited international stakeholders to attend a seminar to discuss an updated version of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (“the Measures”). Given that the Measures have an intended effective date of June 1, 2017, it is likely ...
May 17, 2017, The Cybersecurity Law Report
May 17, 2017, Covington Alert
Last Friday may mark the start of a new era in cyber crime. The first worldwide ransomware attack, commonly dubbed “WannaCry,” emerged on May 12. The malware is believed to have infected more than 300,000 computers in 150 countries to date. A cyber criminal or ring of criminals, taking advantage of an exploit made available by the ShadowBrokers hacker group that ...
May 10, 2017, Silicon Valley Business Journal
Emily Henn was profiled by Silicon Valley Business Journal as a part of the publication's "Women of Influence" feature, honoring 100 of the most influential business women in Silicon Valley.
May 9, 2017, Covington Alert
On April 13, 2017, China’s State Cryptography Administration (“SCA”) published a draft Encryption Law (“the draft Law”) for public comment. After several years of drafting, the draft Law, if enacted as drafted, would be the first Chinese statute to systematically address encryption, covering “the research, production, management, import and export, testing, ...
May 3, 2017, The Cybersecurity Law Report
May 3, 2017, Covington Alert
On May 2, 2017, the Cyberspace Administration of China (“CAC”) released the final version of the Measures on the Security Review of Network Products and Services (Trial) (“the Measures”), with an effective date of June 1, 2017 (official Chinese version available here). The issuance of the Measures marks a critical first step toward implementing China’s ...
May 1, 2017, Covington Alert
In a widely anticipated step, FCC Chairman Ajit Pai has released the text of a draft Notice of Proposed Rulemaking (“NPRM”) proposing to change the legal framework that governs broadband providers, eliminate the “Internet conduct standard” for evaluating broadband provider practices on a case-by-case basis, and seek comment on whether to keep, modify, or ...
CNN Video Data Win Leaves Spokeo Door Open For App Users
April 27, 2017, Law360
Kurt Wimmer is quoted in a Law360 article regarding the Eleventh Circuit's decision to reject a proposed class action brought by a CNN app user claiming that CNN violated the Video Privacy Protection Act. According to Wimmer, "Unlike the Yershov court, the CNN panel seems to understand how apps actually work, which will be helpful going forward."
April 26, 2017
SILICON VALLEY—Silicon Valley Business Journal has named Covington partner Emily Henn to its annual “Women of Influence” list, honoring “100 of the most influential business women in Silicon Valley.” Ms. Henn serves as co-chair of the firm’s Class Action Litigation Practice, specializing in defending antitrust, consumer, and other types of class actions. Ms. ...
Data Privacy and National Security
April 21, 2017, Luxembourg Forum (Triannual Meeting Between the United States Supreme Court and the European Court of Justice), Washington, DC
April 20, 2017, Law360
Earlier this month, in Maloney v. T3Media Inc.,[1] the Ninth Circuit held that former college athletes could not assert a right of publicity to prevent the NCAA and its licensee, T3Media, from distributing images of the players. The court ruled that the players’ right of publicity was preempted by Section 301 of the Copyright Act because photographs of the ...
Future of the Music Industry
April 14, 2017, Harvard Law School Entertainment Symposium
April 12, 2017, Covington Alert
On April 11, 2017, the Cyberspace Administration of China (“CAC”) released a draft of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (“the Draft Measures”) for public comment (official Chinese version available here; Covington’s translation of the Draft Measures is appended at the end of this alert).
Spring 2017, The Business Lawyer
GDPR Planning and Preparation Conference for Employers
March 30, 2017, Business Forums International Ltd.
A look at China’s sweeping new cyber-security law
March 7, 2017, Compliance Week
Compliance Week references a Covington client alert on China’s draft regulation on cybersecurity review of network products and services. According to the alert, “As the draft measures come into force in the coming months, such companies will need to carefully assess the implications of the draft measures, including whether to voluntarily seek security reviews ...
March 6, 2017, Business Insurance
Lindsay Burke is quoted in a Business Insurance article regarding the risks associated with internal office chat applications. “People think of it as a casual form of communication,” Burke says, “and they forget that it’s business and usually the company is keeping a record of the communication. And if the company finds itself in litigation, then the discovery ...
Shrunken Chickens, Neck Flanges, Pill Mills & Bacteria: New Twists on Perennially Difficult Issues in Products-Related Coverage
March 4, 2017, ABA Insurance Coverage Litigation Committee CLE Seminar
March 2017, Pratt's Government Contracting Law Report
The Long Arm of the European Privacy Regulator: Does the New EU GDPR Reach U.S. Media Companies?
Spring 2017, Communications Lawyer (American Bar Association)
Forensic Firms: Understanding and Leveraging Their Expertise From the Start (Part One of Three)
February 22, 2017, The Cybersecurity Law Report
Steve Surdu was interviewed by The Cybersecurity Law Report for a three-part series on the role of forensic firms during a cyber breach. Part one discusses how to understand and leverage the expertise of forensic firms from the start. According to Surdu, forensic consultants have specialized skills and knowledge “that are very difficult for most organizations to ...
February 7, 2017, Covington Alert
On February 4, 2017, the Cyberspace Administration of China (“CAC”) released the draft Measures on the Security Review of Network Products and Services (“the draft Measures”) for public comment (official Chinese version available here; Covington’s translation of the draft Measures is here). The comment period ends on March 4, 2017.
February 3, 2017, Global Investigations Review
Ian Hargreaves and David Lorello are quoted in a Global Investigations Review article regarding Hargreaves’ recent arrival to Covington. According to Hargreaves, the firm’s “pre-eminence in dispute resolution, and its immense strength and global recognition as a market-leader in white-collar crime matters and investigations” fueled his decision. Lorello says, ...
Senior FCC Official Rejoins Covington
February 1, 2017
WASHINGTON—Matthew S. DelNero has rejoined Covington as a partner in its Communications and Media Practice Group in Washington. Mr. DelNero most recently served as Chief of the Federal Communications Commission’s Wireline Competition Bureau. Mr. DelNero was a Covington partner from 2011 until January 2014, when he became Deputy Chief of the Wireline Competition ...
The Lateral Report
February 2017, The American Lawyer
Eric Mogilnicki was featured as a “Lateral All-Star” in The American Lawyer’s Lateral Report, recognizing his move to Covington as one of the “most notable and intriguing” in 2016.
Former Senior Official At FCC Rejoins Covington
February 1, 2017, Law360
Matt DelNero and Yaron Dori are quoted in a Law360 article regarding DelNero’s return to Covington as a partner in its Communications and Media Practice Group where he will oversee a diverse portfolio of telecom issues, including broadband expansion, privacy, data security and merger activity, bringing to the practice a new appreciation for the policy process ...
DelNero Returns to Covington
February 1, 2017, Broadcasting & Cable
Matt DelNero is quoted in a Broadcasting & Cable article regarding his return to Covington’s Communications and Media practice. According to DelNero, “I look forward to handling a diverse array of issues for clients in the content, telecommunications, and technology sectors and to helping develop the firm’s Media & Communications practice into the future.”
January 31, 2017
LONDON—Ian Hargreaves has joined Covington as a partner in the firm’s European Dispute Resolution practice resident in London. Mr. Hargreaves’ arrival follows that of litigation partners Craig Pollack, Greg Lascelles, Elaine Whiteford, and Louise Freeman over the past six months. Mr. Hargreaves advises on major European white collar and related civil and ...
Banks Face Cybercrime Wave As Tougher Regulations Loom
January 24, 2017, Law360
Mark Young and Ian Hargreaves are quoted in a Law360 article regarding the high level of cyberattacks on the financial services industry and the resulting regulatory pressures. According to Young, “The GDPR [General Data Protection Regulation] is a massive text with groundbreaking change in the data privacy area, in terms of compliance requirements and the new ...
January 17, 2017, Federal Contracts Report
Susan Cassidy is quoted in a Federal Contracts Report article regarding the fate of cybersecurity improvements made by the DoD under President Trump. According to Cassidy, “I would expect those to continue forward because I don't see a political will to say, ‘No you shouldn't protect this.’” The nomination of former Sen. Dan Coats (R-Ind.) to serve as director ...
U.S. Expands Sanctions, Takes Other Steps in Response to Russia’s Election-Related Cyber Operations
January 4, 2017, Covington Alert
President Obama announced several actions on December 29 to respond to Russian cyber operations that the U.S. intelligence community previously had concluded were intended to influence the U.S. presidential election. Specifically, the President revised and expanded an earlier executive order that blocks the property and interests in property of persons that ...
January 2017, Pratt’s Government Contracting Law Report
December 15, 2016, CCT News
Daniel Cooper is quoted by CCT News in an article regarding the use of wearable technology in the workplace. According to Cooper, the use of wearable devices is a good way, especially for insurers. However, the wearers’ privacy must be taken care of as well as their legitimate treatment concerns.
December 14, 2016, Covington Alert
Recent reports from both government and private groups have highlighted the risk that cyber hacking may now cause serious physical injury or damage. This new risk stems from connected industrial controls or electronic devices comprising the Internet of Things (IoT)—the network of over 50 billion objects ranging from children’s toys to home appliances to medical ...
Wearable technology: gathering data from tooth to toe
November 21, 2016, Financial Times
Daniel Cooper is quoted in a Financial Times article regarding wearable technology in the workplace. According to Cooper, not everyone will welcome sharing intimate personal information with the boss, however. “Wearable devices could be a good way for insurers to get the data . . . but it’s essential to address wearers’ privacy and fair treatment concerns and ...
November 8, 2016, Covington Alert
On November 7, the Standing Committee of China’s National People’s Congress (“NPC”) passed China’s first Cybersecurity Law (the “Law”), which will take effect starting June 1, 2017. Described as China’s “fundamental law” in the area of cybersecurity, the new Law articulates the government’s priorities with respect to “cyberspace sovereignty,” consolidates ...
October 20, 2016, Covington Alert
On October 19, 2016, the Board of Governors of the Federal Reserve System (Federal Reserve), Office of the Comptroller of the Currency (OCC), and Federal Deposit Insurance Corporation (FDIC) (collectively the “Agencies”) released a joint Advance Notice of Proposed Rulemaking (ANPR) requesting public comment on enhanced cybersecurity standards that would apply to ...
DOD Updates Cyber Reporting Rule for Contractors
October 3, 2016, Federal Contracts Report
Susan Cassidy is quoted in a Federal Contracts Report article regarding the Defense Department’s updated cyber incident reporting rule. According to Cassidy, the rule succeeded in clarifying some industry concerns, but did not address them all. “They didn't take an opportunity to clarify everything you might have hoped they would.” For example, when asked ...
Managing Data Privacy Challenges in Performing Due Diligence and Internal Investigations in China (Part Two of Two)
September 28, 2016, The FCPA Report
Eric Carlson is quoted in an FCPA Report article regarding China’s data privacy and cybersecurity laws and how they apply to companies doing business in China. Commenting on performing due diligence while avoiding data privacy issues, Carlson says, “For due diligence purposes, it is still safe and appropriate to gather corporate information such as whether a ...
September 20, 2016
WASHINGTON—Global Investigations Review has named the Microsoft warrant access case as the winner of the “Most Important Court Case of the Year.” Covington served as co-counsel to Microsoft and helped secure a landmark win in the U.S. Court of Appeals for the Second Circuit. GIR also ranked Covington among the top 15 investigations practices in the world in its ...
Cybersecurity: Steps to Take Before, During, and After an Incident
September 14, 2016, 2016 Covington Government Contracts Briefing: Solving Problems, Securing Opportunities
September 12, 2016
LOS ANGELES—The Los Angeles Business Journal has recognized Aaron Lewis as one of the “Most Influential Minority Lawyers” in Los Angeles. The inaugural list names 40 “stellar minority lawyers in the LA region,” highlighting recent success in their respective areas of practice. The Los Angeles Business Journal highlighted Mr. Lewis’s recent significant ...
August 11, 2016, The American Lawyer
James Garland participated in a Q&A with The American Lawyer regarding the firm’s relationship with Microsoft and its recent work on an important internet search case in the Second Circuit. According to Garland, “Microsoft has a very strategic approach toward its legal functions and litigation in particular. In cases like this that are of strategic policy ...
Covington hires cyber expert
July 27, 2016, Global Investigations Review
Stephen Surdu and James Garland are quoted in a GIR article regarding Surdu’s arrival to Covington as a Senior Cybersecurity Advisor. “In the fog of war, companies do not think clearly,” Surdu says. “They want to do the right thing, but they do not quite know what that is. As someone who has handled many cybersecurity investigations, I can help calm the ship.” ...
July 25, 2016, Covington Alert
Search warrants served on U.S. Internet companies and cloud service providers cannot obtain customer data stored overseas, the U.S. Court of Appeals for the Second Circuit ruled on July 14. The federal appellate decision focuses on warrants issued under the federal Electronic Communications Privacy Act (“ECPA”) and formally applies only in the Second Circuit, ...
Covington Launches Cyber Response Team With Mandiant Pro
July 21, 2016, Law360
David Fagan and Stephen Surdu are quoted in a Law360 article regarding the launch of Covington’s new Cybersecurity Incident Response Team in conjunction with the arrival of Surdu and Jenny Martin. According to Fagan, “We’re a big firm with clients that span the globe. They can’t control when they have incidents, and you can get calls on a Friday afternoon from ...
Covington Forms Cybersecurity Incident Response Team
July 18, 2016
WASHINGTON—Covington has formed an enhanced team of lawyers and advisors to provide cybersecurity incident response services to clients, highlighted by Stephen Surdu, who formerly led the professional services group of Mandiant, joining the team as a Senior Cybersecurity Advisor. Through the formation of the Cybersecurity Incident Response Team with members on ...
July 18, 2016, Federal News Radio
Michael Chertoff appeared on Federal News Radio for a panel discussion on the current cybersecurity environment and the evolution of data-centric security. “What’s different now is because of modern data analytics, the ability to take huge volumes of data at enormous scale and then to be able to analyze and make use of that data is something that’s brand new.”
July 18, 2016, The American Lawyer
James Garland and Steve Surdu are quoted in an American Lawyer article regarding the launch of Covington’s Cybersecurity Incident Response Team, highlighted by Surdu’s recent arrival as a Senior Cybersecurity Advisor. According to Garland, "The lawyers that do the interviews and oversee the forensic investigation, we're experienced but we're not engineers." He ...
July 14, 2016
WASHINGTON—The U.S. Court of Appeals for the Second Circuit has ruled in favor of Covington’s client Microsoft Corporation in its challenge to a U.S. warrant seeking customer emails stored in Ireland. Microsoft argued that the warrant—issued under the Electronic Communications Privacy Act (ECPA)—could not be used to obtain emails stored abroad because it would ...
July 14, 2016, Covington Alert
At a joint press conference on July 12, 2016 in Brussels, EU Commissioner for Justice, Consumers and Gender Equality, Věra Jourová and the U.S. Secretary of Commerce, Penny Pritzker, presented the Privacy Shield (see Press Release here, Adequacy Decision text here, Annexes here, Communication here, and Q&A factsheet here). The press conference followed the ...
July 12, 2016, Covington Alert
On July 5, 2016, China’s National People’s Congress (“NPC”) released a new draft of the Cybersecurity Law for public comment (official Chinese version available here; unofficial translation from AmCham China available here). The revised draft contains a number of significant changes from the first draft, which was released in July 2015, but retains many of the ...
July 7, 2016, Covington Alert
The Brazilian financial industry has long been a target of cyber criminals, and with the continued growth of sophisticated online banking services in Brazil, such systems are a prime target for organized crime. In addition, among the emerging BRICS countries (Brazil, Russia, India, China, and South Africa), Brazil is on a par with China and Russia in terms of ...
July 2016, BNA’s World Data Protection Report
June 22, 2016, Covington Alert
On Tuesday, June 21, 2016, the Federal Aviation Administration (“FAA”) finalized its long-awaited rule on the commercial use of small unmanned aircraft systems (“UAS” or “drones”). The rule is significant because it provides a comprehensive and generally applicable set of rules for anyone wishing to operate a small drone for commercial purposes.
Covington Represents Tencent in $8.6 Billion Acquisition
June 21, 2016
SILICON VALLEY—Covington advised Tencent Holdings Limited, a leading provider of internet service in China, in connection with its acquisition of a majority stake in Supercell from SoftBank. A consortium established by Tencent will acquire up to 84% of Supercell for $8.6 billion in a transaction valuing Supercell at approximately $10.2 billion. Supercell is a ...
Insider Threats to Cybersecurity—Prevent, Prepare, and React Webinar
June 21, 2016, Webinar
June 16, 2016
WASHINGTON—Legal Bisnow has named Covington partner Alexander Berengaut to its 2016 “Top 40 Lawyers Under 40” list. Mr. Berengaut focuses on international arbitration, civil litigation, and government enforcement proceedings. He has experience handling a range of arbitral proceedings and U.S. court litigation matters, including at trial, and has significant ...
May 31, 2016, Inside Cybersecurity
Susan Cassidy participated in a panel discussion at the annual cybersecurity conference at Georgetown University Law Center and is quoted in this Inside Cybersecurity article regarding the limited scope of liability protections under the new cyber info-sharing law. According to Cassidy, "Anything you create could be used in litigation against you," in referring ...
May 5, 2016, Data Guidance
Michael Nonaka is quoted in this Data Guidance article regarding the Payment Card Industry Security Standards Council’s latest version of its data security standard. According to Nonaka, "PCI DSS version 3.2 does not reflect sweeping changes to the requirements in prior versions, but it is indicative of the data security priorities being expressed by card ...
April 23, 2016, The Washington Post
James Garland is quoted in this Washington Post article discussing whether the discovery of alternative ways to unlock iPhones without the help of Apple during investigations undermines the Justice Department’s case in seeking similar, future court orders. According to Garland, “[T]he fact that they subsequently figured out how to do it — without Apple’s help — ...
April 8, 2016, Covington Alert
On April 6, the National Telecommunications and Information Administration (NTIA), part of the U.S. Department of Commerce, issued a Request for Comment (RFC) seeking public feedback on the benefits, challenges, and potential roles for the government in fostering the advancement of the Internet of Things (IoT). NTIA issued the RFC as part of the Commerce ...
Data Transfer Hurdles Have Companies Hedging Bets
March 24, 2016, The Wall Street Journal
Daniel Cooper is quoted in The Wall Street Journal’s “Morning Risk Report” discussing how companies should best comply with global data protection regulations. Commenting on the binding corporate rule process, Cooper said,“The one thing we know about binding corporate rules is [they tend] to have more appeal to European regulators.” He continues, “For a lot of ...
March 2016, Cyber Security Law & Practice
5 Ways To Keep Cybersecurity Risk From Derailing A Deal
February 19, 2016, Law360
Mark Young and Libbie Canter are quoted in this Law360 article offering tips on how deal makers can mitigate cybersecurity risks. According to Young, any discovered incidents can give buyers pause on how — and if — they want to move forward. “We’ve dealt with at least a couple examples where deals were at least delayed if not reconsidered because of ...
February 1, 2016, The Guardian
Henriette Tielemans is quoted by The Guardian in an article discussing the missed Safe Harbor deadline. According to Tielemans, companies faced “enormous uncertainty” about what European regulators would deem adequate privacy protection.
Cyber security: uncertain companies lack defence plans
January 25, 2016, The Lawyer
David Fagan is quoted by The Lawyer in an article discussing the continued vulnerability of companies to data breaches and targeted cyber attacks. Fagan, commenting on cyber-related litigation, states, “Up until now, in the US, there has been little cyber-related litigation because it is very difficult to quantify the level of damage done – I can imagine the ...
January 21, 2016, MarketWatch
Kurt Wimmer is quoted in this MarketWatch article regarding the FAA’s decision to allow Cape Productions, a drone video startup, to fly drones hundreds of feet closer to people than previously permitted. According to Wimmer, the FAA’s approval for Cape Productions sets a “much more realistic precedent” for future commercial drone usage.
January 15, 2016, Law360
Henriette Tielemans is quoted in a Law360 article discussing the recent European Court of Human Rights’ decision allowing employers in the EU to monitor their employees’ online activities for business purposes. “This decision is important,” according to Tielemans. “It will bring much needed legal certainty in an area that many companies are struggling with.”
Cybersecurity: CFTC Proposes New Cybersecurity Testing Rules for Derivatives Market Infrastructure
January 12, 2016, Covington Alert
Leading Financial Services Lawyer Joins Covington
January 5, 2016
WASHINGTON, DC, January 5, 2016 - Covington announced that Eric Mogilnicki has joined the firm as a partner in its Washington office and will co-chair the firm’s new Consumer Financial Services practice. Andrew Smith, who served as a senior financial services lawyer at the Federal Trade Commission prior to joining the firm, will also lead the newly formed ...
January 5, 2016
WASHINGTON, DC, January 5, 2016 - Covington announced that Matthew Schlesinger has joined the firm as a partner in its insurance recovery practice. “Matt has a strong track record of success in the insurance recovery field, in particular on behalf of policyholders in the financial services sector,” said Mitchell Dolin, co-chair of the firm’s global coverage ...
December 21, 2015, Covington Alert
On December 15, the EU institutions finally agreed the text of the new EU data protection law, the General Data Protection Regulation (“GDPR”), completing a process that began in January 2012. The LIBE committee has published the consolidated version of the GDPR text. The GDPR heralds a new era of data protection. It replaces the existing data protection ...
December 14, 2015
WASHINGTON, DC, December 14, 2015 - The National Law Journal has named Covington partner David Fagan as one of its “Cybersecurity & Data Privacy Trailblazers.” The list profiles 50 lawyers “who have helped make a difference in the fight against criminal cyber activity and towards adding much needed layers of data security in an increasingly digital world of ...
December 8, 2015, Law360
Mark Young is quoted in a Law360 article discussing the EU Network and Information Security Directive, which sets a cybersecurity and breach reporting baseline for both critical infrastructure operators, as well as digital service providers. This directive, which is the first of its kind, comes after two years of negotiations. According to Young, “There’s going ...
December 2015, Privacy & Data Protection
November 24, 2015, The Register
Dan Cooper is quoted by The Register in an article discussing the uncertainty and complications continuing to surround the Schrems decision that derailed Safe Harbour. Cooper stated that his business clients were both “surprise[d] and shock[ed]” by the European Court’s decision. “Businesses felt like the rug had been pulled out from under them,” said Cooper. ...
Covington Tackles Vendor Cybersecurity Risks in New Book for Corporate Directors and Officers
October 13, 2015
WASHINGTON, DC, October 13, 2015 - Covington addresses the critical issue of how to manage risks associated with third-party outsourcing in Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers. Published in collaboration with Palo Alto Networks and the New York Stock Exchange, the book provides boards, executives and ...
E.U. Court Declares Data-Transfer Pact With U.S. Invalid
October 13, 2015, Bloomberg BNA
Henriette Tielemans is quoted in this BNA article that explores the idea of finding alternative means for the transfer of data with the elimination of Safe Harbor. Countries that require national data protection authority approval may find even more issues arise when trying to formulate new ways to navigate data transfer laws. Tielemans notes that the process ...
News Hour
October 6, 2015, Al Jazeera
Dan Cooper appeared on the show to discuss the implications of the ECJ Schrems judgment.
October 6, 2015, Fortune
Brussels-based partner Henriette Tielemans is quoted in this Fortune article that discusses the effects of the highest E.U. court eliminating the U.S.-E.U. data transfer agreement known as the Safe Harbor Act. “Hindsight is a beautiful thing,” said Tielemans. “We must all remember that in 2015 things are different than they were in 2000.”
October 6, 2015, Covington Alert
October 2015, Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers
September 23, 2015, InsidePrivacy Blog
September 17, 2015, InsidePrivacy Blog
September 2015, Bloomberg BNA World Data Protection Report
August 27, 2015, Inside Cybersecurity
Susan Cassidy was quoted in this article.
August 24, 2015, InsidePrivacy Blog
Covington Advises Tencent on Investment in Kik
August 20, 2015
SAN FRANCISCO, August 20, 2015 — Covington advised Tencent Holdings Ltd. on its US$50 million investment in Ontario-based Kik Interactive, Inc., a messenger application with more than 200 million registered users. Tencent is a Chinese company that provides value-added Internet, mobile and telecom services and online advertising. Its messaging app WeChat has ...
August 13, 2015, Inside Cybersecurity
Susan Cassidy was quoted in this article.
August 12, 2015, The Cybersecurity Law Report
August 11, 2015
WASHINGTON, DC, August 11, 2015 —The Los Angeles Business Journal has named Covington partner and former federal prosecutor Daniel Shallman to its list of the city’s “Most Influential Lawyers” in the white collar and cyber practice areas. In selecting Mr. Shallman, the publication noted that he has handled “a string of impressive matters” since joining the firm ...
August 2015, Privacy Laws & Business
Article written by Covington's Lisa Peets.
August 2015, Bloomberg BNA World Data Protection Report
August 2015, Privacy Laws & Business International Report
Insider Threats to Cybersecurity—Prevent, Prepare, React
July 17, 2015, Webinar
July 2015, Bloomberg BNA World Data Protection Report
Mark Plotkin Named a Regulatory & Compliance Trailblazer
June 24, 2015
WASHINGTON, DC, June 24, 2015 — Covington partner Mark E. Plotkin has been named to The National Law Journal’s list of 45 Regulatory and Compliance Trailblazers. The list recognizes lawyers who have “made a difference navigating the ever-changing mandates of regulatory and compliance.” Mr. Plotkin, co-chair of Covington’s national security and defense industry ...
June 12, 2015, InsidePrivacyBlog
Cybersecurity and supply chain considerations in procurement, and counsel’s role in mitigating risk
June 9, 2015, Inside Cybersecurity
Covington's David Fagan and Susan Cassidy have authored this article for Inside Cybersecurity.
June 8, 2015, Financial Times
Covington's Daniel Cooper is quoted regarding the legal implications of wearables in the workplace: “Historically European regulators in the data protection area have been very sceptical you can ever get a valid employee consent — they feel that for existing employees, [the relationship] is almost inherently coercive.”
May 12, 2015, Inside Counsel
May 2015, Privacy Laws & Business UK Report
FCC Enforcement Actions Demonstrate Ramifications of Failing to Cooperate in TCPA Investigations
April 22, 2015, Covington E-Alert
Designing and Implementing a Three-Step Cybersecurity Framework for Assessing and Vetting Third Parties
April 8, 2015, The Cybersecurity Law Report
Covington's David Fagan is quoted regarding cybersecurity: "Companies 'should have a process in place to categorize vendors in terms of levels of risk and then they should apply assessment from that basis,' Fagan said. The first step should be to 'assign a risk classification to them. And that should track to what kind of assessment you provide.'"
Are Tax Information Exchange Initiatives and EU Data Privacy Regulations on a Collision Course?
April 2015, Covington Newsletter
March 12, 2015, Inside Counsel
Richard Shea, Lindsay Burke and Ashden Fein have authored this article on cybersecurity threats: "Cybersecurity threats can emanate not just from outside sources but from company insiders as well — including employees, executives, directors and contractors. According to NetDiligence’s 2014 Cyber Insurance Claims Study, roughly one-third of the reported events ...
March 11, 2015
WASHINGTON, DC, March 11, 2015 — Covington’s Jeff Kosseff has co-authored “Law for Media Startups,” a 12-chapter web guide for entrepreneurs launching media ventures and educators teaching students how to do it. The guide, co-authored by J-Lab Executive Director Jan Schaffer, was published by City University of New York’s Tow-Knight Center for Entrepreneurial ...
March 9, 2015, The National Law Journal
February 28, 2015, InsidePrivacy Blog
K Street jockeys for cyber supremacy
February 23, 2015, The Hill
David Fagan is quoted in this article regarding cybersecurity: David Fagan, a partner with Covington & Burling, said clients’ needs have evolved over the past five years when it comes to cybersecurity. “[The] Target and Sony [hacks] captured the minds and also the fears of a lot of boards of directors and executives,” Fagan said. “As a result, in-house ...
February 19, 2015, Inside Counsel
5 cybersecurity questions in-house counsel should consider in light of the Sony breach
February 19, 2015, Inside Counsel
Covington's David Fagan, James Garland and Kurt Wimmer have authored this article on questions that in-house counsel should be able to answer about his or her organization’s legal and business cybersecurity risk profile: "In the wake of the much publicized North Korean cyber-attacks against Sony — as well as recent favorable rulings for the plaintiffs in class ...
February 2015, Bloomberg BNA World Data Protection Report
January 22, 2015, Covington E-Alert
November/December 2014, E-Commerce Law Reports
October 2014, Data Protection Law & Policy
October 1, 2014, Inside Cybersecurity
Covington's David Fagan and Marialuisa Gallozzi are quoted in this article regarding a symposium co-hosted by Covington & Burling and George Washington University's Cybersecurity Initiative titled "Cybersecurity for Government Contractors." "That is the bubble that we're sitting on at this moment," said Covington and Burling insurance attorney Marialuisa ...
Morning Cybersecurity
September 30, 2014, Politico
Michael Chertoff is quoted regarding a symposium co-hosted by Covington & Burling and George Washington University's Cybersecurity Initiative titled "Cybersecurity for Government Contractors." "Information sharing between the government and private sector shouldn’t just be about swapping threat signatures or intelligence, former DHS Secretary Michael Chertoff ...
10/9/2014
London, October 9, 2014 - Covington & Burling has been selected as the winner in the Technology, Media and Telecoms category of Legal 500 UK Awards 2014, with a focus on Data Protection. Covington’s European technology, media and telecoms lawyers draw on the firm’s deep roots in the software, Internet, telecommunications and media industries and act as strategic ...
Defining privacy in the age of wearable cameras
September 14, 2014, The Kernel
Covington partner Kurt Wimmer is quoted in this article regarding the legal implications of wearable cameras: "The current laws on privacy take hidden cameras and other Glass-type devices into account,” says Wimmer, whose clients include Facebook, Microsoft, Samsung, CBS, Viacom, and the National Football League. “There have been tiny cameras for a long time, ...
July 24, 2014, Law360
Covington partner Kurt Wimmer is quoted in this article regarding the Federal Trade Commission pursuing companies such as Snapchat Inc. and Fandango LLC over allegedly misleading privacy promises and lax data security. "To me, the FTC's work in the first half of 2014 has been more about security than privacy — both in advocating for its ability under Section 5 ...
July 2014, Bloomberg BNA World Data Protection Report
May 14, 2014, InsidePrivacy Blog
May 2014, Privacy Laws & Business
April 28, 2014, Bloomberg BNA
Covington partner Susan Cassidy was interviewed for Bloomberg BNA regarding the General Services Administration's draft plan to manage cybersecurity risks in the federal acquisition process. The article states: “When you read the actual proposal from GSA, it's hard to figure out what they are going to do,” Covington & Burling LLP Partner Susan Cassidy said. ...
April 11, 2014, Covington E-Alert
April 8, 2014, InsidePrivacy Blog
March 25, 2014, Covington E-Alert
Covington Advises BBVA in Acquisition of Simple
February 20, 2014
NEW YORK, February 20, 2014 — Covington & Burling represented Banco Bilbao Vizcaya Argentaria, an international financial group based in Spain, in its acquisition of financial technology company Simple. The acquisition is part of BBVA's strategy to lead the technology-driven change that is transforming the financial services industry. According to Francisco ...
November 27, 2013, Covington E-Alert
November 6, 2013, Covington E-Alert
October 24, 2013, Covington E-Alert
October 17, 2013, InsidePrivacy Blog
October 9, 2013, Covington E-Alert
September 30, 2013, Covington E-Alert
September 4, 2013, InsidePrivacy Blog
August 15, 2013, Covington Advisory
June 26, 2013
LONDON, 26 June, 2013 — The UK Information Commissioner's Office has authorised GlaxoSmithKline’s 'Binding Corporate Rules' (BCRs) – a set of internal policies and procedures used to protect personal data across GSK’s operations globally. The privacy and data security team at Covington & Burling was instrumental in the development, implementation and ...
May 10, 2013, InsidePrivacy Blog
April 11, 2013, Covington E-Alert
April 2013, Data Protection Law & Policy
April 2013, World Data Protection Report
March 27, 2013
WASHINGTON, DC, March 28, 2013 — Rep. Mike Rogers, chairman of the House Permanent Select Committee on Intelligence, and former Homeland Security Secretary Michael Chertoff addressed the complexity of cybersecurity threats at a program sponsored by Covington & Burling and The Chertoff Group. Mr. Chertoff is senior of counsel at Covington and chairman and founder ...
March 14, 2013, InsidePrivacy Blog
February 26, 2013
WASHINGTON, DC, February 26, 2013 — The BTI Consulting Group has named Covington & Burling partners David Martin and Henriette Tielemans to its 2013 “Client Service All-Stars” list. The BTI “Client Service All-Stars” were singled out by general counsel and direct reports at large and Fortune 1000 organizations in one-on-one interviews. Mr. Martin, based in ...
February 26, 2013, InsidePrivacy Blog
China Releases New National Standard for Personal Information Collected Over Information Systems
February 15, 2013, Covington E-Alert
February 7, 2013, InsidePrivacy Blog
January 22, 2013
WASHINGTON, DC, January 22, 2013 — For the second straight year, Law360 named Covington & Burling’s global privacy and data security practice as one of the top five “Privacy & Consumer Protection Practice Groups of the Year.” In a profile highlighting the firm’s privacy-related work, Law360 noted the group’s recent litigation win for LinkedIn Corp. In that case, ...
January 9, 2013, InsidePrivacy Blog
October 19, 2012, InsidePrivacy Blog
“Data Privacy and Publishing”
September 2012, Publisher Roundtable on Data Privacy in conjunction with The Publishers Association
Covington Receives Top Tier Nods in Legal 500 US
August 14, 2012
WASHINGTON, DC, August 14, 2012 — Covington & Burling LLP has received a top tier ranking in six practice areas and 18 individual attorneys are named “Leading Lawyers” in the recently released Legal 500 US 2012 edition. Additionally, Legal 500 US also “recommended” 36 Covington practice areas and 123 Covington lawyers. The six Covington practices given the top ...
June 11, 2012
WASHINGTON, DC, June 11, 2012 — Chambers USA recognized 106 individual Covington & Burling lawyers and 46 Covington practice areas in the 2012 Chambers USA: America’s Leading Lawyers for Business guidebook released on June 7, 2012. Many of the 106 Covington lawyers ranked by Chambers USA were recognized in multiple categories, resulting in a total of 131 ...
Covington Names Nash and Walter to Lead London Office
May 29, 2012
LONDON, 29 May, 2012 — Covington & Burling LLP is pleased to announce Louise Nash as the new London office managing partner. She succeeds Roger Enock, who steps down after five years in the role. The firm also announced that Christopher Walter will succeed Ms. Nash as the office deputy managing partner. Mr. Enock will continue as head of the firm’s London ...
March 27, 2012, Covington E-Alert
March 19, 2012
LONDON, 19 March, 2012 — Covington & Burling LLP received 46 individual mentions and 20 practice mentions in the Chambers Global 2012 edition. The guidebook, which ranks lawyers globally by pan-regional and country practice area, is designed to identify the most skilled legal practitioners based on the qualities most valued by clients. The Covington lawyers ...
February 27, 2012, Covington E-Alert
February 10, 2012, Stanford Law Review Online
January 2012, Covington E-Alert
January 9, 2012
WASHINGTON, DC, January 9, 2012 — Law360 named Covington & Burling’s global privacy & data security practice as one of the top five “Privacy & Consumer Protection Practice Groups of the Year.” In a profile about the firm published on Jan. 5th, Law360 pointed to Covington’s broad practice in assisting clients in transactions, on advisory matters, in social ...
December 22, 2011, InsidePrivacy Blog
December 8, 2011, Bloomberg Technology Law Report
October 21, 2011, Covington E-Alert
June 10, 2011
WASHINGTON, DC, June 10, 2011 — Covington & Burling LLP received 123 individual mentions and 45 practice mentions in Chambers USA 2011. The guidebook, which ranks lawyers by state and national practice area, is designed to identify the most skilled legal practitioners based on the qualities most valued by clients. Here are the Covington lawyers and practices ...
June 9, 2011
WASHINGTON, DC, June 10, 2011 — Covington & Burling LLP received 92 individual mentions and 32 practice mentions in the Legal 500 US 2011 edition. Legal 500 reviews the strengths and strategies of law firms in more than 90 countries in Europe, the Middle East, Asia, North and South America, and the Caribbean. Here are the Covington lawyers and practices ...
March 8, 2011, InsidePrivacy Blog
February 15, 2011, EuroWatch
February 10, 2011, Covington Advisory
February 2011, Intellectual Property & Technology Law Journal
January 28, 2011, Covington E-Alert
January 2011, World Data Protection Report
December 21, 2010, Covington Advisory
December 14, 2010, Covington E-Alert
December 1, 2010, Covington E-Alert
November/December 2010, Data Protection Ireland: Volume 3, Issue 6
October 19, 2010, Covington E-Alert
June 23, 2010
WASHINGTON, DC, June 23, 2010 — Covington & Burling LLP received 85 individual mentions and 23 practice mentions in the Legal 500 US 2010 edition. Legal 500 reviews the strengths and strategies of law firms in more than 90 countries in Europe, the Middle East, Asia, North and South America, and the Caribbean. Here are the Covington lawyers and practices ...
June 18, 2010, Covington E-Alert
June 16, 2010
WASHINGTON, DC, June 16, 2010 — Covington & Burling LLP received 112 individual mentions and 44 practice mentions in Chambers USA 2010. The guidebook, which ranks lawyers by state and national practice area, is designed to identify the most skilled legal practitioners based on the qualities most valued by clients. Here are the Covington lawyers and practices ...
FTC Again Delays Enforcement of Red Flags Rule - New Enforcement Deadline is December 31, 2010
May 28, 2010, Covington E-Alert
May 2010, Privacy Law & Business
March 29, 2010, Covington Advisory
March 22, 2010, Covington E-Alert
March 1, 2010, Covington Advisory
February 9, 2010, Covington E-Alert
January/February 2010, The Privacy Advisor
January 13, 2010, Covington E-Alert
January 5, 2010, Covington Advisory
January 5, 2010, Covington E-Alert
January 2010, World Data Protection Report
November 23, 2009, Covington Advisory
October 26, 2009, Covington Advisory
Covington Promotes 10 Lawyers to Partnership
10/1/2009
WASHINGTON, DC, October 1, 2009 — Covington & Burling LLP today announced that ten of its lawyers have been elected to the firm’s partnership effective today. The new partners practice in the corporate, litigation, and regulatory fields. The ten new partners and their practices are as follows: Marney Cheek (International) represents companies and trade ...
October 2009, Privacy Law & Business
Fall 2009, The Secure Times
8/3/2009
WASHINGTON, DC, August 3, 2009 — Four Covington & Burling LLP partners have been named to The Ethisphere Institute’s 2009 “Attorneys Who Matter” list, which recognizes leading legal professionals in private practice and at government agencies and major companies who have excelled in and made a significant contribution in the corporate compliance field. In ...
July 29, 2009, Covington E-Alert
July 16, 2009, Covington E-Alert
July 14, 2009, Covington E-Alert
7/13/2009
WASHINGTON, DC, July 13 2009 — The National Law Journal has named Covington & Burling LLP partners Erin Egan and Paul Schmidt to its survey of “40 Under 40.” The list, which is featured in the July 13 issue, recognizes 40 Washington-area lawyers under the age of 40 who have already made their marks in private practice, government service, or the public interest ...
June 24, 2009, Covington E-Alert
June 24, 2009, Covington E-Alert
June 19, 2009, Covington E-Alert
6/09/2009
LONDON, June 9, 2009 — An enhanced version of the world’s first data protection standard for athletes took effect on June 1, 2009. The International Standard for the Protection of Privacy and Personal Information took effect on January 1, 2009, and an enhanced version was unanimously approved in early May 2009 by the Executive Committee of the World Anti-Doping ...
Covington Shortlisted For Three Chambers USA Awards
5/15/2009
WASHINGTON, DC, May 15, 2009 — Three practices at Covington & Burling LLP have been nominated for 2009 Chambers USA Awards for Excellence. The firm received team nominations in the Insurance, International Trade and Privacy & Data Security categories. The awards recognize significant achievements over the past 12 months, including notable work, strategic growth, ...
April 29, 2009, Covington E-Alert
January 23, 2009, Covington E-Alert
11/12/2008
BRUSSELS, November 12, 2008 — Covington & Burling LLP partner Henriette Tielemans has been appointed to the Data Protection expert group (GEX PD) by the European Commission. The Data Protection expert group will assist the Commission in identifying challenges for the protection of personal data in the EU, and putting forward proposals for addressing those ...
Covington Promotes 12 Lawyers to the Partnership
10/1/2008
WASHINGTON, DC, October 1, 2008 — Covington & Burling LLP today announced that 12 of its lawyers have been elected to the firm’s partnership. These new partners are resident in four of the firm’s offices and practice in the litigation, corporate/tax, and regulatory fields. Timothy Hester, chair of the firm’s management committee, commented: “These young and ...
June 16, 2008
WASHINGTON, DC, June 16, 2008 — Covington & Burling LLP received 81 individual mentions and 45 practice mentions in the newly released 2008 Chambers USA. The guidebook, which ranks lawyers by state and national practice area, is designed to identify the most skilled legal practitioners based on the qualities most valued by clients. Here are the Covington ...
5/12/2008
NEW YORK, NY, May 12, 2008 — Covington & Burling LLP is pleased to announce that Nigel Howard has joined the firm’s technology transactions practice as a partner. Mr. Howard will be resident in Covington’s New York office. Mr. Howard’s practice focuses on information technology, outsourcing, and intellectual property issues. He represents clients in complex ...
12/28/2007
LONDON, December 28, 2007 - The latest edition of Chambers Global has ranked Covington & Burling LLP’s expertise in 12 categories globally. “Sound knowledge of the industry” and “sheer breadth of experience“ are just some of the comments gathered by the research team from the firm’s clients. The firm has also achieved 10 individual rankings and a further 16 ...
June 18, 2007
WASHINGTON, DC, June 18, 2007 — Covington & Burling LLP received 44 practice mentions and 74 individual mentions in the newly released 2007 Chambers USA guidebook. The 2007 edition of Chambers USA attempts to identify the most skilled legal practitioners throughout the country based on the qualities most valued by clients. Covington attorneys have been ...
Covington Announces Ten New Counsel
April 3, 2007
WASHINGTON, DC, April 3, 2007 — Covington & Burling LLP has announced the promotion of four new Of Counsel and six new Special Counsel.The four new Of Counsel are Daniel P. Cooper, Christian Neira, Matthew J. O’Connor, and Kevin J. Shortill.Daniel P. Cooper advises on European privacy and data protection matters, as well as on contentious and non-contentious ...
December 2006, The Privacy & Data Protection Legal Reporter
August 18, 2006, Covington E-Alert
June 2006, BNA International World Data Protection Report
January 16, 2006, Covington E-Alert
April 14, 2005, Covington E-Alert
David Stein is quoted in the American Banker regarding the push from U.S. lawmakers for a moratorium on all negative credit reporting during the COVID-19 crisis. According to Mr. Stein, lenders have one additional option to prevent damage to consumers’ credit scores. He says that lenders can stop reporting data to the credit bureaus altogether, though he ...
- Global Data Review 100, "20 Elite" (2020)
- Law360, “Compliance Practice Group of the Year” (2020)
- Ranked by Chambers Global as a leading Data Protection practice (2013-2020)
- Ranked by Chambers Europe as a leading Data Protection practice (2014-2020)
- Ranked by Chambers UK as a leading Data Protection practice (2013-2020)
- Ranked by Legal 500 EMEA as a leading EU Regulatory, Privacy and Data Protection practice (2013-2017)
- Ranked by Chambers USA as a leading Privacy & Data Security practice (2013-2020)
- Ranked by Legal 500 US as a leading Cyber Law (including Data Protection and Privacy) (2013-2018)
- Ranked by Legal 500 US as a leading Cyber Law (including Data Protection and Privacy) - Data Protection and Data Breach Response (2015-2017)
- Ranked by Legal 500 UK as a leading Data Protection practice (2013-2016)
- Legal 500 UK Awards, winner of the TMT: Data Protection category (2014)
- The Lawyer shortlisted our London technology and media group for its TMT Team of the Year Award (2013)
- Law360's Practice Groups of the Year, Privacy & Consumer Protection (2011-2012)

COVID-19: Legal and Business Toolkit
We are helping clients around the world navigate this evolving, complex situation.

California Consumer Privacy Act (CCPA)
We are representing clients on California Consumer Privacy Act (CCPA) compliance, including in the legislative amendment and rulemaking proceedings associated with the CCPA and in developing working plans to come into compliance with the CCPA.
Use the Menu Below to Filter Matters and News
By clicking on filters, the website automatically displays information related to specific interests.
Example: To find Covington’s representative matters, news, and insights related to product liability and mass tort defense class actions, take the following steps:
- Begin on the Product Liability and Mass Tort Defense practice page
- On the section labeled Use Menu Below to Filter Matters and Results, click the arrow next to Litigation and Investigations under the Practices heading
- On the expanded list, click on Class Actions
- Refreshed information will be displayed under the Representative Matters and News and Insights sections of the page
- To refine the information further, click on Life Sciences under the Industries heading