Data Privacy and Cybersecurity

March 2021

As the legal, regulatory, and commercial implications of coronavirus COVID-19 continue to evolve, our lawyers and advisors are helping clients navigate the complex considerations that companies around the world are facing and develop plans and strategies in response. Reach out to our COVID-19 task force at COVID19@cov.com. Below is a compendium of resources ...

March 4, 2021, Inside Privacy

Two recent actions by lawmakers are intended to address certain uses of technology in health. First, two Senators have introduced a bipartisan bill related to the collection and use of identifiable health data from wearable health trackers.  Second, following an appeal from Democratic lawmakers, the Agency for Healthcare Research and Quality (“AHRQ”) plans to ...

March 4, 2021, Inside Privacy

On March 2, Virginia Governor Ralph Northam signed into law the Virginia Consumer Data Protection Act (VCDPA), becoming the second U.S. state to enact a comprehensive privacy law (Nevada has enacted an online privacy law, albeit with a narrower scope).  As we have previously explained, the VCDPA follows the framework established by the Washington Privacy...… ...

March 2, 2021, Inside Privacy

On February 19, 2021, the European Commission published two draft decisions finding that UK law provides an adequate level of protection for personal data.  The first would allow private companies in the EU to continue to transfer personal data to the UK without the need for any additional safeguards (e.g., the Commission’s standard contractual clauses),...… ...

March 2, 2021, Inside Privacy

In January 2021, the French Supervisory Authority (“CNIL”) published a summary report of contributions it received in response to a public consultation and survey on the digital rights of minors launched in April 2020 (see the press release here and a summary report here, both in French).  Stakeholders who responded to the consultation included companies,...… ...

March 1, 2021

WASHINGTON—Andrew Smith, most recently the Director of the Bureau of Consumer Protection at the Federal Trade Commission, has rejoined Covington as a partner in its Advertising and Consumer Protection, Data Privacy and Cybersecurity, and Financial Services practices. He will be based in the firm’s Washington office. While serving as Bureau Director at the FTC, ...

February 26, 2021, Inside Privacy

In February 2021, the European Commission (“Commission”) released a report on European Union (“EU”) Member States’ laws governing the processing of health data.  The report discusses three general types of health data uses: primary use for health care services; secondary use for public health purposes; and secondary use for scientific research purposes. For each ...

February 26, 2021, Inside Privacy

Several states have proposed new privacy bills since their sessions began.  Some of the proposed bills carry over or re-introduce bills drafted in previous legislative sessions, while others are introducing first-in-time omnibus privacy bills.  In the high-level chart below, we compare five of the key state privacy frameworks: the CPRA, VCDPA (which we blogged ...

February 25, 2021, Inside Privacy

Until now, damages claims awarded by German courts pursuant to Article 82 of the General Data Protection Regulation (“GDPR”) – in particular, claims for non-material damages – have been relatively low.  This restrained approach thus far has been predicated primarily on the position that German law requires a serious violation of personality rights to justify...… ...

February 24, 2021, Inside Privacy

The EU’s ePrivacy Regulation, like the EU GDPR, has been highly anticipated since it was first proposed in 2017. What are the current developments and next steps in the process to enactment? What are some of the complicating factors of the proposed Regulation? Are there major differences between the initial proposal and where the text...… Continue Reading

February 24, 2021, Inside Privacy

A number of legislative proposals to amend Section 230 of the 1996 Communications Decency Act (“Section 230”) have already been introduced in the new Congress.  Section 230 provides immunity to an owner or user of an “interactive computer service” — generally understood to encompass internet platforms and websites — from liability for content posted by...… ...

February 24, 2021, Inside Privacy

On February 3, 2021, the Conference of the Supervisory Authorities (“SAs”) of Germany (known as the Datenschutzkonferenz or “DSK”) published minutes from its meetings held in November 2020 (available here, in German).  The minutes include discussions about how the German SAs plan to enforce the recent Schrems II ruling of the Court of Justice of...… Continue ...

February 11, 2021, International Financial Law Review

Dan Cooper spoke with International Financial Law Review about how COVID-19 has disjointed the GDPR. Mr. Cooper says, “the way that the GDPR works, companies that operate across the EU simply have to be nimble. As a result of this, companies have had to be nimble in their approach to implementing GDPR across different member states.” Mr. Cooper adds, “For ...

February 10, 2021, Covington Alert

In this alert we look at a recent decision by the UK Court of Appeal and a separate prosecution brought by the Information Commissioner’s Office (“ICO”; the UK data protection authority), which together serve as a cautionary tale for employees and prospective future employers of the risks of civil liability and criminal conviction for confidential information ...

January 29, 2021, Privacy Laws & Business

Yan Luo appeared on “Privacy Paths,” the Privacy Laws & Business’ podcast, to discuss China’s privacy draft law and other cybersecurity legislation.

January 25, 2021

LONDON–Covington’s London corporate team has advised AIM- and Main Market-listed clients on multiple fundraisings and acquisitions over the past few months, marking a strong year in life sciences transactions. These include: Advising Sensyne Health plc, a UK clinical AI company listed on the London AIM market, on its £27.5 million equity fundraising The ...

January 11, 2021, Covington Advisory

As the recent SolarWinds Orion attack makes clear, cybersecurity will be a focus in the coming years for both governmental and non-governmental entities alike. In the federal contracting community, it has long been predicted that the government’s increased cybersecurity requirements will eventually lead to a corresponding increase in False Claims Act (FCA) ...

January 8, 2021, Covington Alert

For several years, mobile health and wellness applications (“digital health apps”) have grown in scale and popularity. A global pandemic in 2020 further accelerated the trend, with increased demand for remote monitoring and communication platforms, as well as new methods for wellness and disease prevention. In parallel, there were a number of important U.S. ...

January 2021, Covington Guide

The EU-UK Trade and Cooperation Agreement (EUTCA) reached on December 24th is a wide-ranging and complex agreement. Our Brexit Task Force offers these "bite-sized" recordings to give a snapshot of what you need to know in each area. Though the EUTCA provides the overall architecture of the future relationship in a number of areas, much of the detail must still ...

January 4, 2021, Bloomberg Law

Micaela McMurrough is quoted in Bloomberg Law regarding a new law setting cybersecurity standards for Internet of Things devices that federal agencies buy. Ms. McMurrough says “The statute leverages the purchasing power of the federal government to raise the floor on IoT device cybersecurity.”

January 3, 2021, Law360

Lindsey Tonsager and Kurt Wimmer are quoted in Law360 regarding the major cybersecurity and privacy policy issues to watch in 2021. Ms. Tonsager spoke about the ramp up in California Consumer Privacy Act enforcement. She says, “The agency [California Privacy Protection Agency] will have the broadest authority in the country to issue regulations on topics like ...

December 21, 2020

WASHINGTON—Covington is assisting Veritas Capital-backed Gainwell Technologies in its acquisition of HMS for approximately $3.4 billion. The transaction is expected to close in the first half of 2021. Veritas will look to optimize the HMS solution set across Gainwell and Veritas-backed Cotiviti, Inc. Gainwell will acquire the HMS capabilities focused on the ...

December 10, 2020

WASHINGTON—Global Data Review has named Covington to The GDR 100 Elite. The ranking profiles the top 20 firms with a broad international presence and a consistent track record of delivering cutting-edge advice to household name clients around the world, who between them handle the lion’s share of cross-border work in data privacy. The firms featured in The GDR ...

December 8, 2020

WASHINGTON—Covington is assisting Veritas Capital and its portfolio company Peraton with their pending acquisition of the federal IT and mission support services business of Northrop Grumman for $3.4 billion. The transaction is expected to close in the first half of 2021. Peraton is a trusted provider of highly differentiated space, intelligence, cyber, defense, ...

January 2021, Privacy & Cybersecurity Law Report

November 16, 2020

WASHINGTON—Global Banking Regulation Review has named Covington partner Michael Nonaka to its “45 Under 45,” a list of the leading, next-generation banking regulation specialists. Mr. Nonaka is co-chair of the Financial Services Group and advises banks, financial services providers, and non-bank companies on a broad range of compliance, enforcement, ...

November 12, 2020

SAN FRANCISCO—The Daily Journal has named Lindsey Tonsager to its 2020 Top Cyber Lawyers list, a recognition of the leading California lawyers who specialize in cybersecurity law. Ms. Tonsager is a partner in Covington’s San Francisco office and serves as vice chair of the firm’s global privacy and cybersecurity practice, as well as head of its West Coast ...

November 5, 2020, IAPP

Lindsey Tonsager spoke with IAPP about California's Proposition 24. Ms. Tonsager says, “Privacy pros should be reminding their colleagues that even though we now know the CPRA has passed, many of the CPRA’s details still need to be clarified and defined through regulation.” Establishment of the new enforcement agency will also be worth paying attention to. She ...

November 4, 2020, Los Angeles Times

Lindsey Tonsager is quoted in the Los Angeles Times regarding California’s Proposition 24, which will have major implications for online privacy. Ms. Tonsager says companies will be watching the composition of the board closely. She adds, “There is going to be a lot on the line depending on how this newly constituted board decides to interpret and enforce the ...

October 30, 2020

WASHINGTON—Covington represented GovernmentCIO, LLC, a leading provider of high-end technology and digital solutions to the Federal Health IT Services market, in its sale to Welsh, Carson, Anderson & Stowe. GovCIO is a rapidly growing provider of advanced technology solutions and digital services to the federal government. In the 10 years since its founding, ...

October 27, 2020, Covington Alert

The November 3, 2020 election is likely to be a watershed event in the development of privacy law in the U.S. This client alert provides a high-level overview of the areas in which change is likely to occur, depending on how the election turns out. 1. Federal Legislation Unlike most countries of its size, the U.S. does not yet have a broadly applicable data ...

October 23, 2020, Covington Alert

On October 21, 2020, the National People's Congress (“NPC”), China’s top legislative body, released its first draft of the Personal Information Protection Law (the “Draft Law”) for public comment (official Chinese version available here and Covington’s unofficial English translation here).  The period for public comment ends on November 19, 2020 and comments can ...

October 5, 2020

SAN FRANCISCO— The Recorder has named Covington’s Lindsey Tonsager to its second annual list of “California Trailblazers.” The list profiles 50 lawyers who made significant marks on the practice, policy, and technological advancement of their practice. As head of Covington’s West Coast Privacy and Cybersecurity practice, Ms. Tonsager helps some of the world’s ...

October 2020, Privacy Laws & Business

September 30, 2020, Inside Cybersecurity

Susan Cassidy is quoted in Inside Cybersecurity regarding the request from contractors for greater transparency on audit results from the DoD’s Cybersecurity Maturity Model Certification program. Ms. Cassidy says she is concerned about how the relationship will work between the prime and subcontractor. “All contractors will need to have a basic assessment [under ...

September 29, 2020, Law360

Susan Cassidy spoke with Law360 about protection of CUI forms in the Cybersecurity Maturity Model Certification. Ms. Cassidy says, “Bottom line, they still have never defined CUI in a way that's meaningful. It's the bedrock of the whole rule. And contractors really want to comply, I believe. They don't want their systems to be hacked. But the definition really ...

September 25, 2020

WASHINGTON—Covington represented leading defense contractor Amentum on government contracts and other regulatory matters in its just-announced deal to acquire DynCorp International, a worldwide leader in aviation and logistics support service. Together, the two companies will create one of the largest providers of mission critical support services. The ...

September 17, 2020, Law360

Kurt Wimmer spoke with Law360 about the recent global changes to privacy law. He says, “It's been quite busy in parliaments around the world on the privacy front, and part of the reason for that is the fact that when the GDPR went into effect, a lot of countries saw that and said, 'This is a real development. Now it's our turn to think about what we're going to ...

September 14, 2020, Communications Daily

David Bender spoke with Communications Daily about the European Court of Justice’s decision in Schrems II being challenged in Ireland. Mr. Bender says since the decision, it has been a “very confusing time.”

September 14, 2020, Covington Alert

The English High Court has recently awarded damages in a data privacy case, with two features of particular interest1. First, the nature of the claim is more reminiscent of a claim in defamation than for data privacy breaches, which is a development in the use of data protection legislation. Secondly, the damages awarded (perhaps influenced by the nature of the ...

September 2, 2020

BRUSSELS–Covington has named Dan Cooper to lead its European data protection practice as co-chair of the firm’s global Data Privacy & Cybersecurity Practice, and he has relocated to Brussels to be closer to the institutions and courts that govern the European data privacy landscape. The firm has more than 100 lawyers focused on data privacy and cybersecurity ...

August 12, 2020, Axios

David Bender is quoted in Axios regarding the EU-U.S. Privacy Shield, which was recently struck down in Europe, but still stands in the U.S. Mr. Bender says, “It's a tough situation for a lot of companies. Frustrated and confused is how I'd describe the general mood.”

August 6, 2020, Covington Alert

On July 16, 2020, the Court of Justice of the European Union struck down the EU-U.S. Privacy Shield (“Privacy Shield”) in the Schrems II decision. Even though Schrems II invalidated the Privacy Shield with immediate effect as a matter of EU law, U.S. regulators swiftly indicated that they will continue to administer the Privacy Shield and that self-certified ...

August 2020, Privacy Laws & Business

July 20, 2020, Law360

Yan Luo is quoted in Global Data Review regarding China’s proposed data law intended to protect national security and the development of the digital economy. Ms. Luo says the law marks “a step forward” in establishing a regulatory framework for data security in China. She notes that the proposal has a particular focus on the governance of “important data”, ...

Summer 2020

Covington's European privacy team offers insights on the current state of play with respect to the intersection of European data privacy laws, and the transition around Europe and further abroad as government lockdown restrictions are lifted and companies begin to plan their return-to-work programs. In this on-demand briefing, we cover the guidance and positions ...

July 16, 2020

BRUSSELS-- Today, the European Court of Justice (“CJEU”) issued a landmark decision striking down the EU-U.S. Privacy Shield — an agreement between EU and U.S. authorities authorizing transfers of EU personal data to the United States — but upholding the validity of standard contractual clauses (“SCCs”), another mechanism that EU-based organizations use to ...

July 16, 2020, The Guardian

Lisa Peets spoke with The Guardian about the European Court of Justice’s decision to invalidate the EU-U.S. Privacy Shield, in which social media companies could be prevented from sending data to the United States from Europe. Ms. Peets says the ruling is not a total halt on data transfers between the EU and U.S. The court upheld the use of “standard contractual ...

July 16, 2020, Law.com

Lisa Peets is quoted in Law.com regarding the European Court of Justice’s judgment in the EU-U.S. Privacy Shield. Ms. Peets says that the judgment means that the 5,000 or so U.S. companies signed up to the Privacy Shield will have to find an interim solution until EU and U.S. officials have worked out a new data protection deal. “The invalidation of the Privacy ...

July 16, 2020, Global Data Review

Lisa Peets is quoted in Global Data Review regarding the European Court of Justice’s decision to invalidate the EU-US Privacy Shield. Ms. Peets, who represented software trade body BSA as an intervening party, says companies are unlikely to immediately stop their SCCs – saying that “halting existing transfers would be all but impossible from a practical ...

July 16, 2020, Law360

Lisa Peets spoke with Law360 about European Court of Justice’s invalidation of the EU-U.S. Privacy Shield. Ms. Peets, who represented the Software Alliance, says the decision to reject the Privacy Shield without holding arguments on the merits of the tool — an issue that wasn't directly before the high court in this dispute — was “disappointing to many.” She ...

July 14, 2020, Global Data Review

Yan Luo spoke with Global Data Review about China’s  new provisions regarding the right to privacy and protection of personal information. Ms. Luo notes that the privacy provisions in the code are stated “only at a high level” – though she does point out that the provisions “remain consistent with [the] Cybersecurity Law.” She says the Civil Code and its privacy ...

July 3, 2020, Computer Weekly

Yan Luo is quoted in Computer Weekly regarding China’s new draft data security law. Ms. Luo says, “China is considering allowing the law to have an extra-territorial effect that we have not seen before. They want to counteract the extra-territorial effect of U.S. law.” She adds that the law may require a technical audit of a company’s cyber security and to ...

June 27, 2020

WASHINGTON—Covington represented Piramal Enterprises Limited (PEL) in the sale of a 20% stake in Piramal Pharma Limited (Piramal Pharma), a wholly owned subsidiary of PEL that will contain its pharmaceutical businesses, to CA Clover Intermediate II Investments, an affiliated entity of CAP V Mauritius Limited, an investment fund managed and advised by affiliated ...

June 22, 2020, Covington Alert

On June 1, California Attorney General Xavier Becerra announced that he has submitted to the Office of Administrative Law the final regulations implementing the California Consumer Privacy Act (“CCPA”). While the final regulations do not make any changes to the second modified version of the regulations released in March, the commentary released by the Attorney ...

June 15, 2020, Computer Weekly

June, 2020, Privacy & Cybersecurity Law Report

June 4, 2020, Med City News

Libbie Canter is quoted in Med City News regarding the privacy concerns for employers seeking to track employees in order to limit the spread of COVID-19. Ms. Canter says when it comes to contact tracing and location monitoring, companies should be cautious in the questions they ask and how much data they collect. She adds, “Companies need to think about not ...

June 2020, Privacy Laws & Business

Spring 2020, Covington Guide

As businesses across Europe prepare to reopen following the COVID-19 lockdown, Covington is providing practical resources and guidance on the broad array of issues companies face as employees return to the workplace, including employment, privacy, competition, policy, environmental and regulatory considerations at the EU level, with a focus on Germany and the ...

May 19, 2020, Bloomberg

Daniel Cooper spoke with Bloomberg about new wearable technology devices that alert users when they are within close proximity of someone with COVID-19. Mr. Cooper notes that businesses are walking a fine line between keeping people safe and protecting their privacy. The absence of clear guidance from European regulators is forcing companies -- who could also be ...

May 12, 2020, Global Data Review

Libbie Canter is quoted in Global Data Review regarding a bill that would regulate contact-tracing apps and similar projects geared towards tracking the spread of COVID-19. Ms. Canter says the bill is narrow in scope, but where it does apply, the protections are stronger than those offered by state laws like the CCPA. She raises questions about how the bill ...

May 8, 2020

As businesses prepare for a return to the workplace (RTW) following COVID-19 closures, our team has created this high-level summary list of current and anticipated issues related to reopening. For additional guidance, please visit our COVID-19 Legal and Business Toolkit or reach out to us at COVID19@cov.com. Links to sections with more information about these ...

May 7, 2020, Covington Alert

Though it seems like the distant past now, in this update we detail the notable legislative events from the first quarter of 2020 on artificial intelligence (“AI”), the Internet of Things (“IoT”), cybersecurity as it relates to AI and IoT, and connected and autonomous vehicles (“CAVs”). Prior to the slowdown in non-COVID related legislation that accompanied the ...

May 6, 2020, Covington Briefing Call

Audio recording  Key takeaways

April 29, 2020, Daily Journal

April 28, 2020, South China Morning Post

Yan Luo spoke with the South China Morning Post about new Chinese guidelines for operators of “critical information infrastructure,” requiring them to undergo a cybersecurity review process for any procurements that could have national security implications. According to Ms. Luo, the criteria may push companies to stay away from multinational providers that are ...

April 27, 2020, Law360

Michael Lloyd is quoted in Law360 regarding the implications of EU data protection laws on the U.S. Foreign Account Tax Compliance Act’s requirements. Mr. Lloyd says there has been very little, if any, traction for cases against FATCA in the U.S. He adds, “Those cases went nowhere in the U.S. They didn’t survive and there has been no real challenge.”

April 27, 2020, The Wall Street Journal

Yan Luo is quoted in The Wall Street Journal regarding China’s tough, new adoption of  cybersecurity rules for buyers of technology equipment, which could place foreign tech products at a disadvantage in the Chinese market. Ms. Luo says the prospect of potentially lengthy reviews may prompt Chinese companies to stay away from foreign products and services.

April 15, 2020

WASHINGTON—Cybersecurity Docket has named David Fagan and Ashden Fein to its “Incident Response 30” for 2020. The list features “30 of the best data breach response lawyers in the business.” Mr. Fagan co-chairs the firm’s Data Privacy and Cybersecurity Practice. He has counseled companies on responding to some of the most sophisticated documented cyber-based ...

April 8, 2020, Covington Alert

As the world moves online during the COVID-19 pandemic, companies’ privacy and security practices are coming under increased scrutiny. Because class actions often follow such scrutiny, as demonstrated by lawsuits recently filed against Google and Zoom, companies should keep the following six developments on their radar as they rush to meet the demands of our new ...

April 2, 2020, Law360

Mark Young spoke with Law360 about a UK Supreme Court case involving the intentional breach of customer data information by an employee at Morrisons. The court ruled Morrisons will no longer  have to pay a fine. Mr. Young says this is the “dual-edged result” of the Supreme Court judgment. Although a company is off the hook if an employee “goes off the deep end” ...

April 1, 2020, Global Data Review

Daniel Cooper spoke with Global Data Review about a UK high court case involving the deliberate breach of personal information by a supermarket employee from Morrisons. The court ruled that the supermarket was not liable for the actions of the employee. Mr. Cooper described the decision as “dual-edged” and said that “when coupled with the Lloyd Court of Appeal ...

April 1, 2020, Risk Management

April 2020, Privacy Laws & Business

March 22, 2020, Covington Alert

On March 21, 2020, the data security requirements of the New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act (the “Act”) became effective. These provisions require businesses that own or license computerized data that includes the “private information” of New York residents to maintain “reasonable” security measures. Generally speaking, the ...

March 20, 2020, Global Data Review

Dan Cooper spoke with Global Data Review about how telecommunications companies are providing data regulators location data to track the effects of social distancing in the wake of coronavirus. Mr. Cooper told GDR that the measures in Europe are “not too much of a concern” from a privacy perspective as the data being used by authorities is anonymized and ...

March 19, 2020, Bloomberg

David Stein spoke with Bloomberg about legislation from Senate Democrats to shield U.S. citizens from negative credit reporting for the duration of the new coronavirus crisis. Three senators are looking to throw out a rule where credit bureaus are required under the Fair Credit Reporting Act to collect negative information. Mr. Stein  says, “To the extent that ...

March 16, 2020, Global Data Review

Trisha Anderson spoke with Global Data Review about Congress’s lapse in renewing the Freedom Act while dealing with COVID-19. Ms. Anderson told GDR if Congress doesn’t renew the business records provision, the FBI will have to operate with pre-Patriot Act surveillance tools. She adds that the FBI would still be able to obtain business records via grand jury ...

Spring 2020, The Business Lawyer

February 11, 2020, Global Data Review

Libbie Canter is quoted in Global Data Review regarding the California Attorney General Xavier Beccera’s revisions to the California Consumer Privacy Act’s (CCPA)  regulations. The revisions have left many businesses concerned and with unanswered questions. Ms. Canter says despite the revisions “ambiguities” remain for entities that collect data from third ...

February 5, 2020, Law360

Susan Cassidy is quoted in Law360 regarding the DoD’s implementation of cybersecurity requirements for defense contractors. Ms. Cassidy says that questions about the process, such as who will audit the thousands of contractors that need to be certified for cybersecurity compliance, how they will be audited and what options they will have if they disagree with an ...

February 4, 2020, Legaltech News

Lee Tiedrich spoke with Legaltech News about lawyers’ obligations pertaining to the law and artificial intelligence. Ms. Tiedrich indicated that much like the internet in the 1990s, the growth of technologies such as AI continues to outstrip the development of the law. The lack of absolute regulatory clarity raises the stakes for organizations. “You need to be ...

January 31, 2020, Covington Alert

This evening, at 11:00 p.m. GMT, the UK will leave the European Union. Brexit day marks a beginning, not an end. The UK today embarks on a complex process of negotiating new arrangements for trade and cooperation with the EU and partners around the world. Regulatory divergence seems inevitable, given that the UK will want to make its own decisions on existing ...

January 31, 2020, Covington Alert

At 11 p.m. tonight, the UK will officially leave the EU. Although this is a significant milestone in the development of the UK’s data protection framework, the UK will remain very closely linked to the EU in the short term at least, and for many the change may be imperceptible.

January 13, 2020, Global Data Review

Lindsey Tonsager is quoted in Global Data Review regarding a recently released draft privacy bill from the US House Committee on Energy & Commerce which differs from current Senate bills. With roughly a quarter of House Democrats coming from California, Ms. Tonsager told GDR that there will be major opposition to pre-emption in the House. “We’ve already seen the ...

January 10, 2020, Global Data Review

Daniel Cooper is quoted in Global Data Review regarding the UK ICO’s decision to fine DSG Retail £500,000 under pre-GDPR data protection law. The fine stems from the company being compromised by a cyberattack affecting at least 14 million people.   Mr. Cooper says, “the ICO's imposition of a maximum fine appears due, in part, to the fact that it felt DSG should ...

January 9, 2020, WatersTechnology

Michael Nonaka spoke with WatersTechnology about the impact of the California Consumer Privacy Act on financial institutions. Mr. Nonaka says, “There are exemptions [in the CCPA] for information that is covered by the GLBA. This is consumer information used by FIs, including broker-dealers. But there is not a broad exemption that just takes out the entirety of ...

January 9, 2020, Global Data Review

Daniel Cooper spoke with Global Data Review about the European Commission’s recommended changes to artificial intelligence liability rules. Mr. Cooper says the commission is keen to stress that the conclusions drawn from the report remain those of the expert group only. “One has to assume that the commission wants to be careful to test the waters first and gauge ...

January 8, 2020, Reuters

Yan Luo is quoted in Reuters Practical Law China's GC Agenda China with her thoughts on the new compliance challenges that China's new data privacy and cybersecurity regimes with bring. Specifically, Yan expects that China's draft Data Security Law and Personal Information Protection Law will be finalized in 2021. Together with the Cybersecurity Law, the three ...

January 1, 2020, Financial Times

Lindsey Tonsager spoke with the Financial Times about the California Consumer Privacy Act (CCPA) and the different ways companies are trying to comply with the new law. Addressing some companies’ efforts to create self-serve portals to handle users’ privacy requests, Ms. Tonsager says, “This works fine but if you get a high spike of data access requests — right ...

January 2020

Covington has created a list of Top 10 Questions for Ideation of Digital Health Solutions that can help lawyers contribute to the digital health ideation process. Our clients increasingly apply agile product and business development methodologies when they are developing digital health solutions. "Ideation" is part of that process and involves the rapid ...

December 20, 2019, Covington Alert

On December 19, 2019, Advocate General (“AG”) Henrik Saugmandsgaard Øe handed down his Opinion in Case C-311/18, Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (“Schrems II”). The AG’s Opinion provides non-binding guidance to the Court of Justice of the EU (“CJEU”) on how to decide the case.

December 13, 2019, Legaltech News

Lee Tiedrich is quoted in Legaltech News regarding the continued use of artificial intelligence, despite ethics concerns. Ms. Tiedrich says that companies could put in “good governance processes to manage the [AI] product design, development and implementation in accordance with their ethnical principles.” She also noted that to limit bias, it is also necessary ...

December 4, 2019, Daily Journal

Lindsey Tonsager is quoted in Daily Journal regarding a new voter initiative designed to improve consumer privacy in California. Ms. Tonsager says, “The new ballot initiative has introduced some uncertainty into the conversation for businesses. There has been a real whiplash throughout the whole process of the CCPA. It was enacted back in 2018, and its already ...

December 2019, Government Contracting Law Report

December 2019, Privacy Laws & Business

November-December 2019, Privacy & Cybersecurity Law Report

November 27, 2019, Law360

Atli Stannard is quoted in Law360 regarding the U.S. Department of the Treasury’s claims of European Union banks violating privacy and anti-discrimination laws when they share customer information with the IRS. EU countries may negotiate with the Treasury Department, but only if they receive larger cross-border effort against tax avoidance. Mr. Stannard says, ...

November 21, 2019, Law360

Micaela McMurrough is quoted in Law360 regarding a recently unveiled cybersecurity protocol guidelines aimed at arbitrators, institutions and arbitration users on topics including baseline security measures. Ms. McMurrough says, "We tried to build in flexibility [so that the] document can be used as guidance, rather than something that's prescriptive.”

October 29, 2019

As the effective date of the California Consumer Privacy Act looms closer, companies are grappling with the significance of the law and its definitions. One defined term in particular, “sale,” has sparked heated debate between industry and consumer advocates, and even within the legal profession. While much has been said about this term, more needs to be said. ...

October 24, 2019, Law360

Susan Cassidy spoke with Law360 about the Department of Defense’s goal for its Cybersecurity Maturity Model Certification (CMMC) and its impact on join bid contractors.   Ms. Cassidy says such teaming arrangements are already complicated and can take years to put together for big defense procurements. Although the DOD has said cybersecurity compliance will be ...

October 22, 2019, Legaltech News

Trisha Anderson spoke with Legaltech News about a bilateral data access agreement, a new mechanism of the CLOUD Act and its effect on law firms. A year after the CLOUD Act, the first data-sharing agreement is most relevant to U.K. law enforcement agencies having access to the vast data held by U.S.-based tech companies, says Ms. Anderson. She adds, “The most ...

October 13, 2019, South China Morning Post

Yan Luo is quoted in the South China Morning Post regarding China's revised cybersecurity rules. Ms. Luo says many of the relevant cybersecurity requirements are “not that out of the global norm”, and unlikely to be a challenge for firms that already has “robust cybersecurity programmes.”

October 11, 2019, Covington Alert

On October 10, 2019, California state attorney general Xavier Becerra announced the release of proposed implementing regulations concerning the California Consumer Privacy Act (CCPA). Interested stakeholders can submit written comments until December 6, 2019 at 5 PM (Pacific Time). In addition, four public hearings will be held on December 2nd (Sacramento), ...

October 10, 2019, Covington Alert

On Monday, the Federal Trade Commission held a workshop to examine whether to update the FTC’s rule adopted under the Children’s Online Privacy Protection Act (“COPPA Rule”). The Future of the COPPA Rule: An FTC Workshop featured a range of speakers and panelists, including representatives from industry, consumer groups, and academia.

October 10, 2019, Covington Alert

On October 2, 2019, the English Court of Appeal handed down a landmark judgment in Lloyd v Google LLC [2019] EWCA Civ 1599 (“Lloyd”) concerning Google’s alleged misuse of the personal data of over 4 million iPhone users via cookies placed on the Safari browser.

October 9, 2019, Law360

Kristof Van Quathem is quoted in Law360 regarding a European Court of Justice’s decision to increase web cookie consent measures. Mr. Van Quathem says, “It’s unfortunate that the court didn’t address that point because it’s commercially and politically a very sensitive topic, on which there is a lot of uncertainty right now, and it’s a question that could have ...

October 3, 2019, Global Data Review

Global Data Review covered Yan Luo’s recent promotion to partner. Ms. Luo is a member of GDR’s inaugural 40 under 40 set. “This experience has broadened my horizons and is very fulfilling for me personally,” she told GDR.

October 2, 2019

Boards and CEOs at companies of all sizes operating around the world list cybersecurity as one of the top concerns keeping them up at night. Cyber threats are in the news on a daily basis and we hear about data breaches all the time. But our practice often helps clients respond to cyber incidents that are much broader than data breaches; they range from small ...

October 2019, Intellectual Property & Technology Law Journal

September 30, 2019, Global Data Review

September 30, 2019, Global Data Review

Lindsey Tonsager spoke with Global Data Review about proposed amendments to the California Consumer Privacy Act filed by Alastair Mactaggart of the Californians for Consumer Privacy. Ms. Tonsager said that given the time and resources spent on preparing staff within California’s office of the attorney general for the CCPA, she was “baffled” to see the proposal ...

September 27, 2019, Covington Alert

Real estate developer Alastair Mactaggart is making news with the announcement of another privacy ballot initiative, the California Privacy Rights and Enforcement Act (“CPREA”). He intends to include his new initiative on the November 2020 ballot.

September 26, 2019, Financial Times

Lindsey Tonsager is quoted in the Financial Times regarding the California Consumer Privacy Act’s effect on businesses in the state and around the world. Ms. Tonsager says, “Once the new law takes effect, the California attorney-general will overnight become one of the most powerful privacy regulators in the world.” She adds, “Companies that already had to apply ...

September 23, 2019, Bloomberg Law

Lee Tiedrich recently participated in the “AI and the Rule of Law Roundtable” in Athens and spoke with Bloomberg Law about with the event, which was , focused on ensuring that AI tech works as intended—and that those who implement and operate such systems are competent to do so.   Ms. Tiedrich says, “Although the Roundtable participants came from different ...

September 16, 2019, Global Data Review

Lindsey Tonsager spoke with Global Data Review about the recently-passed California Consumer Privacy Act. Ms. Tonsager says the issues the attorney general need to clarify include what a “do not sell my personal information” link should look like on company websites, how that link should be formatted, and where it should be placed. One of the most important ...

September 11, 2019, Legaltech News

Lindsey Tonsager is quoted in Legaltech News regarding Google’s settlement with the FTC involving violations of the Children's Online Privacy Protection Act. Ms. Tonsager says, “This is the first FTC settlement that dealt with behavioral advertisements against a platform that just hosts third-party content.” She noted FTC Commissioner Rebecca Kelly Slaughter’s ...

August 27, 2019

FRANKFURT—WirtschaftsWoche, Germany’s leading business weekly news magazine, has named Covington as the top law firm for IT law and Dr. Lars Lensdorf, a partner in Covington’s Frankfurt office, to its list of top IT lawyers in Germany. Dr. Lensdorf focuses his practice on IT law, outsourcing, digitalization and industry 4.0, IT related bank regulatory matters, ...

August 15, 2019, Computer Law Review International

August 4, 2019, CoinTelegraph

Michael Nonaka spoke with CoinTelegraph to discuss cryptocurrency regulation in the U.S.   Mr. Nonaka says, "The U.S. Financial Crimes Enforcement Network issued its first guidance addressing cryptocurrency companies in 2013, and since then regulatory action for digital assets has been slow to develop but has picked up in the past few years as an increasing ...

July 25, 2019, Legaltech News

Lindsey Tonsager spoke with Legaltech News about the FTC’s public request for comment on the Children’s Online Privacy Protection Act (COPPA). Ms. Tonsager said, “Regardless of whether the FTC is looking at the rule or not, I think the common best practice is to collect only the information that you need. The data minimization helps regardless if the regulator ...

July 17, 2019, Covington Alert

On July 5, 2019, China’s Standing Committee of the National People's Congress (NPC) published a new draft Encryption Law (“the draft Law”) for public comment. The draft Law, if enacted as drafted, would bring significant new changes to China’s commercial encryption regime.

July 17, 2019, Covington Alert

On July 9, 2019, the European Court of Justice (“ECJ”) heard oral argument in Case C-311/18, Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (“Schrems II”). The primary question before the ECJ is whether the European Commission’s standard contractual clauses (“SCCs”) are valid for transfers of personal data to the United States.1 Given ...

July 9, 2019

BRUSSELS—Today, a team of Covington lawyers argued before the European Court of Justice in a landmark data protection case, Case C-311/18, Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (“Schrems II”). The case has significant ramifications for any organization that relies on the standard contractual clauses (“SCCs”) to transfer personal ...

July 9, 2019, Wall Street Journal

Lindsey Tonsager is quoted in the Wall Street Journal regarding the initiative to increase artificial intelligence legal practices. Ms. Tonsager says data is the fuel that drives artificial intelligence, but it can come with legal restrictions. Companies acquiring datasets need to be sure their contracts give them the right to use the data to train algorithms. ...

July 8, 2019, Pharmaceutical Executive

Eric Carlson spoke with Pharmaceutical Executive about the compliance challenges prevalent in the Asia-Pacific region.   On the emergence of general compliance in the region, Mr. Carlson says, “When I first moved to Beijing in 2008, there were only a couple of dozen people who had compliance on their business card. It just wasn’t a job in China then. Ten years ...

July 2, 2019, Thomson Reuters Regulatory Intelligence

June 27, 2019

SAN FRANCISCO—The Daily Journal has named Lindsey Tonsager to its 2019 “Top Artificial Intelligence Lawyers,” recognizing the top artificial intelligence lawyers in California. Ms. Tonsager co-chairs the firm’s Artificial Intelligence Initiative, which is a cross-functional practice advising companies developing or utilizing AI technologies. She is advising ...

June 21, 2019, The Wall Street Journal

Michael Nonaka is quoted in The Wall Street Journal regarding the Financial Act Task Force’s request to virtual currency firms to develop procedures for sharing customer information with other financial institutions. Mr. Nonaka says that some crypto companies have invested heavily in compliance, others have a long way to go to build the systems necessary for ...

June 18, 2019, GIR - The Guide to Cyber Investigations

June 14, 2019, Government Contracting Law Report

June 10, 2019, TechNode

Yan Luo was quoted in Technode regarding China's evolving cybersecurity framework. Ms. Luo says foreign companies operating in China are pursing compliance through tailoring their existing global cybersecurity program to fit China's regulatory environment.

June 7, 2019, Law360

Anne Termine is quoted in Law360 regarding the SEC’s enforcement on fintech and cryptocurrency matters. Ms. Termine says, “From my perspective, having a no-fine case is a pretty big deal. And I think the SEC wanted to make pretty clear that it was a big deal that this was a self-report and that [the company was] recognizing the SEC jurisdiction, that they were ...

June 4, 2019, Thomson Reuters

Mark Young participated in a Q&A with Thomson Reuters about the EU Cybersecurity Act and its new cybersecurity certification schemes for information and communication technology products, services, and processes, especially internet of things devices. The interview also discusses how the Act supports the EU Directive on the Security of Network and Information ...

June 3, 2019, Law360

Michael Nonaka is quoted in Law360 regarding the OCC and New York Department of Financial Services’ legal battle over how the fintech industry will be regulated. Mr. Nonaka says, “The litigation challenging the OCC's authority to issue a special purpose fintech charter certainly has delayed the process for nondepository fintech firms to apply and receive ...

June 2019, Pharmind

April 18, 2019

This webinar covered such topics as: Securing rights to use data created by connected and automated vehicles (CAVs); Key elements of a data strategy for connected and autonomous vehicles; the data risks involved with CAVs including privacy, cybersecurity, and law enforcement; and best practices in negotiating commercial agreements involving data.

April 9, 2019, Global Data Review

Trisha Anderson spoke with the Global Data Review about the U.S.’s encryption law and its role electronic communication. According to Ms. Anderson, authorities in the U.S. have only general legal tools to seek access to encrypted data. Some traditional U.S. investigative tools, issued through courts and codified in law enforcement procedures, contain general ...

2019, American Bar Association

Our cross-disciplinary Internet of Things initiative contributed to the ABA's first book on IoT, The Internet of Things: Legal Issues, Policy, & Practical Strategies.   Laura Kim and Jennifer Johnson authored the chapter “U.S. Regulatory Framework for IoT,” with contributions from Sarah Wilson (product safety); Wade Ackerman, Elizabeth Guo, Christopher Hanson, ...

April 2019, Pratt's Privacy & Cybersecurity Law Report

March 31, 2019, The Economist Intelligence Unit

Yan Luo was acknowledged as an advisory board member for the special report The Transparent Business Barometer: Preparing for the End of Easy Data, published by the Economist Intelligence Unit. The report revealed key trends in data privacy and cyber security on global businesses through the survey of hundreds of business executives across China, the U.S., ...

March 29, 2019, Global Data Review

March 19, 2019, Law360

February 11, 2019, Covington Alert

On February 1, 2019, China’s National Information Security Standardization Technical Committee (“TC260”) released a set of amendments to GB/T 35273-2017 Information Technology – Personal Information Security Specification (“the Standard”) for public comment. The comment period ends on March 3.

February 6, 2019, Global Data Review

Trisha Anderson is quoted in Global Data Review regarding developments in cryptography. Ms. Anderson says that though the report “sounds a gloomy note,” she is optimistic that cryptography will keep pace with developments in quantum computing. She adds that we have to “assume that adversaries are collecting encrypted data that they could decrypt in the future. ...

February 6, 2019, Covington Alert

The National Institute of Standards and Technology (“NIST”) is seeking comments on its draft project on securing sensor networks for the Internet of Things (“IoT”). Organizations and individuals concerned with the security of IoT sensor networks are invited to comment on the draft through March 18, 2019.

February 2019, Privacy Laws & Business International Report

January 22, 2019, Covington Alert

On January 21, 2019, the French Supervisory Authority for data protection (“CNIL”) issued a fine of €50 million against Google for violations of the General Data Protection Regulation (“GDPR”) (the decision was published in French here).

January 14, 2019, Covington Alert

In the wake of destructive cyber incidents over the past few years, the insurance industry and its regulators have focused more attention on so-called “silent cyber” exposures in traditional property/casualty insurance policy forms and started taking steps to reduce or specifically address those exposures. We explain here what “silent cyber” means, and what the ...

January 2, 2019, Covington Alert

The past year was a particularly significant one for the development of Chinese privacy law. During 2018, the Chinese government systematically established the country’s regulatory requirements for cybersecurity and data privacy and continued to implement the Cybersecurity Law, which took effect on June 1, 2017.

January 2019, GCR Insight - E-Commerce Competition Enforcement Guide

December 26, 2018, Bloomberg Law

Michael Nonaka is quoted Bloomberg Law regarding the Office of the Comptroller of the Currency’s 2019 revamped rules for banks’ community investments. Mr. Nonaka says, “It’ll be interesting to see what the next step is in the rulemaking process, and that will reveal whether there are these differences.” He said the agencies are likely to come together on some ...

December 7, 2018, Law360

Terrell McSweeny is quoted in Law360 regarding being named a distinguished fellow at Georgetown Law's Institute for Technology Law & Policy. Ms. McSweeny says, "I am thrilled to join the important discussion on technology law and policy at the Institute. As an alum, I am looking forward to contributing to the excellent work Georgetown Law School [is] doing ...

November 30, 2018, Global Data Review

Trisha Anderson is quoted in Global Data Review regarding cyber and ransomware attacks. Ms. Anderson said that while the use of technologies like Tor and Bitcoin pose challenges to law enforcement by “raising the level of investigative effort and sophistication required to identify and locate cyber criminals,” the indictment in the SamSam Ransomware cyberattacks ...

November 5, 2018, Legaltech News

Lee Tiedrich spoke with Legaltech News regarding a recent survey on the legal and regulatory risks of artificial intelligence. Ms. Tiedrich suggested clients take a global perspective when assessing what laws are relevant to a particular AI program. She notes that artificial intelligence is not limited to a single jurisdiction, and clients should seek advice on ...

October 25, 2018, Covington Alert

On October 16, 2018, the Securities and Exchange Commission (the “Commission”) issued a Section 21(a) report of investigation (the “Report”) warning public companies about the importance of assessing the likelihood of cyber-related threats when designing internal accounting controls. The Report described the Division of Enforcement’s investigation of nine ...

October 23, 2018, The Law Society Gazette

Daniel Cooper spoke with The Law Society Gazette regarding a UK Court of Appeal decision that could make employers vicariously liable for employees’ actions even if they had taken preventative steps and bore no criminal responsibility.   Mr. Cooper said the employer should bear the enterprise risk and assume liability for the actions of its employees, as long as ...

September 21, 2018

Lindsey Tonsager is quoted in the San Francisco Business Times regarding California’s new cybersecurity bill regulating internet-connected devices. Ms. Tonsager believes the vagueness of the “reasonable” standard makes the law flexible. She says, “It’s really helpful that the legislation acknowledges flexibility in identifying which standards are reasonable. ...

September 19, 2018

BEIJING — Global Data Review has named Covington’s Yan Luo to its inaugural “40 Under 40” list, recognizing the 40 individuals who represent the best and the brightest of the data law bar around the world. Based in the firm’s Beijing office, Ms. Luo advises clients on a broad array of regulatory matters in connection with data privacy, international trade, ...

September 17, 2018, Law360

Lindsey Tonsager is quoted in Law360 regarding California’s newly enacted rules mandating security features for internet-connected devices. Makers of IoT devices will be required under Senate Bill 327 to equip products with "reasonable security features." Ms. Tonsager says, "The 'reasonable security' standard is quite flexible, which is good when operating in a ...

September 13, 2018, Legal Business

Louise Freeman spoke with Legal Business regarding the latest trends in disputes. She highlights the growing potential for litigation from the rise in cyberattacks impacting major companies. Ms. Freeman observed ‘The UK courts are increasingly adapting to deal with this kind of litigation,’ and points to the Clarkson v Person or Persons Unknown High Court case ...

September 11, 2018, Am Law Litigation Daily

Terrell McSweeny is quoted in Am Law Litigation Daily regarding her move to the firm. “I am excited to join a firm that is well positioned to guide clients through the increasingly complex global antitrust, cybersecurity and consumer protection landscape,” said Ms. McSweeny.

September 11, 2018, Politico

Politico featured Terrell McSweeny’s recent move to Covington’s antitrust law, data privacy and cybersecurity practice groups.

September 10, 2018

WASHINGTON— Terrell McSweeny has joined Covington as a partner in the Antitrust and Competition Law and Data Privacy and Cybersecurity Practice Groups in Washington. Ms. McSweeny most recently served as a Commissioner at the Federal Trade Commission. Ms. McSweeny has held senior appointments in the FTC, Department of Justice, White House, and United States ...

September 10, 2018, The National Law Journal

Deborah Garza is quoted in The National Law Journal regarding Terrell McSweeny joining the firm. Ms. Garza says, “Having served both at the FTC and in the Antitrust Division, Terrell has an exceptionally broad base of experience to draw upon in helping clients understand and manage the antitrust enforcement, privacy, and data security issues. She also has ...

September 10, 2018, Global Competition Review

Terrell McSweeny and Deborah Garza are quoted in Global Competition Review regarding Ms. McSweeny’s move to the firm. Ms. McSweeny says that Covington is a “wonderful fit” due to its bench of former DOJ and FTC lawyers. She added that it will be good to work with colleagues who have had similar experiences. Ms. Garza praised McSweeny’s excellent reputation and ...

September 10, 2018, Law360

Terrell McSweeny is quoted in Law360 regarding her move to the firm. Ms. McSweeny says, “I am very excited to be joining a terrific firm to deal with the global challenges of antitrust, cybersecurity and consumer protection.”

September 10, 2018, Bloomberg

Terrell McSweeny’s move to Covington’s data privacy and cybersecurity practice group is highlighted in Bloomberg.

September 7, 2018, Global Investigations Review

Trisha Anderson and James Garland are quoted in Global Investigations Review regarding Ms. Anderson rejoining the firm. Mr. Garland believes Ms. Anderson will be a valuable asset to helping navigate the U.S. Cloud Act. He says, “Trisha has that ability to spot the pain points for both the clients and the government and help figure out a way forward. Sometimes ...

September 4, 2018

WASHINGTON—Trisha B. Anderson, an experienced national security and cybersecurity lawyer who has held senior positions at multiple federal agencies, has rejoined Covington as a partner in Washington. Ms. Anderson most recently served as Principal Deputy General Counsel of the Federal Bureau of Investigation, where she handled complex national security and cyber ...

August 17, 2018

LONDON—Covington has advised Sensyne Health on medical device regulatory and data protection matters in connection with its £60 million IPO on London’s AIM market. The firm also represented Sensyne Health in negotiating strategic research and data processing agreements with the Chelsea and Westminster Hospital NHS Foundation Trust, the Oxford University ...

August 17, 2018

WASHINGTON— Law360 named Covington lawyers Alexander Berengaut, Michael Nonaka, and Ursula Owczarkowski to its list of “2018 Rising Stars.” This annual recognition honors top attorneys under 40 “whose legal accomplishments transcend their age.” Alex Berengaut represents clients in civil litigation, international arbitrations, and government enforcement ...

August 7, 2018, Global Data Review

David Stein is quoted in Global Data Review regarding the U.S. Department of Treasury’s recommendation to introduce data protection regulations in the fintech industry. Mr. Stein suggested that such a law may have to be modeled on existing state-level legislation. He says, “There likely would be pressure to enhance existing federal data security laws that apply ...

August 1, 2018, Bloomberg Law

Michael Nonaka is quoted in Bloomberg Law on the fintech industry’s enthusiasm regarding the Treasury Department’s recommendation that Congress support the “valid when made” doctrine. Mr. Nonaka adds, “The [recommendation] shows that these issues are not going away and that the uncertainty created from a growing body of inconsistent court opinions isn't a stable ...

August 2018, Radar

July 31, 2018, Law360

Michael Nonaka is quoted in Law360 regarding the Office of the Comptroller of the Currency accepting applications for special-purpose national bank charters from financial technology companies. Mr. Nonaka says it will be a while before any fintech firms operate as national banks, and they may ultimately decide the special purpose charter does not suit their ...

July 30, 2018

SILICON VALLEY—Covington advised GlaxoSmithKline on its multi-year collaboration with and $300 million equity investment in 23andMe. GSK will become 23andMe’s exclusive collaborator for drug target discovery programs. The collaboration will focus on research and development of innovative new medicines and potential cures using human genetics as the basis for ...

July 5, 2018, Covington Alert

On June 27, 2018, China’s Ministry of Public Security (“MPS”) released for public comment a draft of the Regulations on Cybersecurity Multi-level Protection Scheme (“the Draft Regulation”). The highly anticipated Draft Regulation sets out the details of an updated Multi-level Protection Scheme, whereby network operators (defined below) are required to comply ...

July 3, 2018, Covington Alert

On June 28, 2018, the Governor of California signed the California Consumer Privacy Act of 2018 (“CCPA”). The new law is the most comprehensive data privacy statute in the United States and introduces significant privacy requirements for covered businesses. The CCPA takes effect on January 1, 2020, but based on comments from both the public-interest and business ...

June 28, 2018, Politico

Lindsey Tonsager is quoted in a Politico article regarding a bill passed by California lawmakers that imposes stricter consumer privacy rules on companies. Should the California law trigger other states to put their own restrictions on consumer privacy, industry lobbyists and advocates will likely look to Congress to create consistent standards, says Tonsager. ...

June 14, 2018, Financial Times

Kristof Van Quathem participated in a Financial Times podcast to discuss the impact of the General Data Protection Regulation on medical research and health technology companies. According to Van Quathem, "One of the main concerns I think that we see in the research circle is the uncertainty that is being created by the GDPR, and in particular, when it comes to ...

May 24, 2018, The Wall Street Journal

Henriette Tielemans is quoted by The Wall Street Journal in an article regarding the upcoming deadline for companies to comply with the General Data Protection Regulation. “Companies are struggling with the concrete deliverables—the record of processing activities, the transfer agreements, the notices, the website—because of the sheer volume,” says Tielemans. ...

May 15, 2018, Global Data Review

Susan Cassidy is quoted in a Global Data Review article regarding the focus on privacy by design by the International Organization for Standardization and the U.S. National Institute of Standards and Technology. Cassidy says that the anecdotal evidence she has from speaking to her private sector clients is that they are increasingly considering NIST guidelines, ...

May 4, 2018, The Washington DC 100

April 23, 2018, Law360

Suzanne Bell and Tom DeFilipps are quoted in a Law360 article regarding Bell's arrival to Covington's Technology Transactions practice. Bell says she is excited to join Covington and looks forward to helping it build its tech practice and advise clients on incorporating new technologies into their businesses. “The firm’s collaborative approach will allow me to ...

April 19, 2018

WASHINGTON—The BTI Consulting Group has named Covington lawyers Andrew Smith, Jonathan Sperling, and Allan Topol to its 2018 “Client Service All-Stars” list, which recognizes “the leaders in superior client service.” Mr. Smith, based in Washington, advises clients on retail financial services, credit reporting, privacy, technology, and e-commerce issues. He ...

April 18, 2018, Thomson Reuters Regulatory Intelligence

April 12, 2018, The Recorder

The Recorder highlights the arrival of Suzanne Bell to Covington's Technology Transactions practice. Bell says she was attracted to the firm's strong regulatory practice given the increased intersection between the technology sector and government regulations. Bell adds that she is looking forward to using her experience in technology transactions to assist ...

April 3, 2018, IAPP

Henriette Tielemans participated in a session at the Global Privacy Summit and is quoted in an IAPP article regarding what happens once GDPR goes into effect. "For a lead regulator for the one-stop shop, you need a mean establishment. You lose a lot of the benefits of the GDPR if you're unable to come up with what your main establishment is," Tielemans said.

April 1, 2018, Financial Times

Yan Luo is quoted in a Financial Times article regarding survey findings that suggest that more than half of Chinese internet finance lenders are failing to comply with data privacy regulations. According to Luo, “Investors should certainly expect more government scrutiny on their business model from a data protection perspective."

March 29, 2018, Law360

Henriette Tielemans spoke at an IAPP event and is quoted in a Law360 article regarding the Irish privacy authority's focus once GDPR takes effect. According to Tielemans, while “the GDPR has 150 articles, and businesses are worried about all 150 of them,” companies are most concerned about the regulators’ ability to issue massive fines of up to 4 percent of ...

March 29, 2018, E-Commerce Times

Yaron Dori is quoted in an E-Commerce Times article regarding the FTC's recent report on mobile privacy protection. According to Dori, "The FTC is limited in its ability to bring enforcement actions against telecommunications carriers because of the 'common carrier' exemption in the FTC Act." A federal appeals court recently ruled that this exemption does not ...

March 29, 2018, Law360

March 28, 2018

LONDON—Covington will open an office in Frankfurt, Germany on April 3 led by eight partners. Frankfurt will be the firm’s third European office and will work closely with the firm’s five offices in the United States, its three offices in Asia, and its offices in the Middle East and Africa. “Covington will offer German companies a unique capability to help them ...

March 28, 2018, The Cybersecurity Law Report

Yaron Dori is quoted by The Cybersecurity Law Report in an article regarding the FTC's report, “Mobile Security Updates: Understanding the Issues." “The FTC has long been interested in data security and the extent to which consumer data—especially personally identifiable or sensitive consumer data—is protected from unauthorized disclosure,” say Dori. Dori calls ...

March 27, 2018

BRUSSELS—Henriette Tielemans, co-chair of Covington’s global Data Privacy and Cybersecurity practice, has today received the IAPP Privacy Vanguard Award, the industry's top honor, for her lifelong services to the data privacy community. The International Association of Privacy Professionals (IAPP) is the world’s largest and most comprehensive global information ...

March 27, 2018, IAPP

Henriette Tielemans was the recipient of the 2018 IAPP Privacy Vanguard Award, a recognition reserved for individuals who display “exceptional leadership, knowledge, and creativity in the field of privacy and data protection.”

March 27, 2018, Covington Alert

On March 23, 2018, Congress passed, and President Trump signed into law, the Clarifying Lawful Overseas Use of Data (“CLOUD”) Act, which creates a new framework for government access to data held by technology companies worldwide.

March 23, 2018, MLex

Lindsey Tonsager recently spoke at the BCLT Privacy Law Forum in Silicon Valley is quoted in an mLex article discussing whether GDPR will automatically become a global privacy standard. Tonsager said that working with companies that depend on AI technology to become compliant with the GDPR “is incredibly, incredibly challenging." Commenting on modifications to ...

March 19, 2018, Covington Advisory

Cyberattacks targeting defense contractors illustrate the need for cybersecurity, for thoughtful planning—and for insurance when security and planning prove insufficient. Understanding your insurance policies before things go wrong can help ensure financial protection when they do.

March 2018, Microsoft

March 2, 2018, Chartered Management Institute

Daniel Cooper is quoted in a Chartered Management Institute article regarding wearable technology. Providing the legal perspective, Cooper says, "Any employer processing personal information is subject to a range of obligations–this includes making sure they’re very transparent about what they collect, ensuring they have a legal basis for processing that data. ...

March 2018, Data Protection Leader

March 1, 2018, Covington Alert

On February 21, 2018, the U.S. Securities and Exchange Commission (the “Commission”) approved a statement and interpretive guidance that provides the Commission’s views on a public company’s disclosure obligations concerning cybersecurity risks and incidents (the “2018 Commission Guidance”).

February-March 2018, Pratt’s Privacy & Cybersecurity Law Report

February 15, 2018, Bloomberg Law

Anne Termine is quoted in a Bloomberg Law article regarding the settlement reached with AMP Global Clearing LLC following charges from the CFTC stating that AMP's failure to diligently supervise a cybersecurity vendor resulted in a data breach. According to Termine, cybersecurity is “an area of increasing concern and scrutiny for the CFTC as it goes directly to ...

February 6, 2018

LOS ANGELES—The Los Angeles Business Journal recognized Wade Ackerman and Aaron Lewis in its second annual list of the most influential diverse lawyers in Los Angeles. The list recognizes 50 "stellar diverse lawyers in the LA region." In Mr. Ackerman’s profile, the Business Journal emphasized his work in the FDA regulatory space. The profile noted that “with a ...

February 2018, Data Protection Leader

January 26, 2018, Law360

January 24, 2018, Covington Alert

Digital advertising typically involves a vast network of publishers, advertisers and their agencies, advertising exchanges and networks, technology platforms, and measurement and data analytics providers. To help streamline the commercial dealings of all of these parties in this complex ecosystem, advertising industry self-regulatory groups have developed ...

January 22, 2018

WASHINGTON—Covington advised Bacardi Limited in its definitive agreement to acquire Patrón Spirits International AG and its PATRÓN® brand, the world’s top-selling ultra-premium tequila, from John Paul DeJoria, a founder of Patrón. The transaction reflects an enterprise value for Patrón of $5.1 billion. The transaction follows the successful relationship the ...

January 22, 2018, E-Commerce Times

Susan Cassidy is quoted in an E-Commerce Times article regarding efforts to create an online marketplace for government purchasers. "One model that was discussed would require a portal provider to contract with GSA to provide an online interface. Under this approach, suppliers would then sign up to use the portal, potentially via a contract with the portal ...

January 4, 2018, National Defense

January 2, 2018, Politico

Susan Cassidy is quoted in Politico Pro's "Morning Cybersecurity" newsletter regarding the December 31st deadline for defense contractors to meet minimum cybersecurity requirements for the systems they operate for the Pentagon. According to Cassidy, the cybersecurity rule presents “a problem for DoD because there’s a lot of subjectivity in what is ‘adequate ...

January 2, 2018, Law360

January 1, 2018, Law360

Kristof Van Quathem and Yan Luo are quoted in a Law360 article regarding cybersecurity and privacy policies to watch in 2018. Commenting on the General Data Protection Regulation (GDPR), Van Quathem says that although one of the legislation's aims is to harmonize a splintered set of national data privacy laws within Europe, it may end up causing companies aiming ...

January 1, 2018, Law360

Kurt Wimmer is quoted in a Law360 article providing a roundup of cybersecurity and privacy cases to watch in 2018. Commenting on LabMD Inc. v. Federal Trade Commission, Wimmer says, "Both the courts and the FTC are grappling with the meaning of 'harm,' and I believe 2018 will be the year when these efforts will converge, with a more sophisticated understanding ...

January 1, 2018, Law360

Kurt Wimmer and John Buchanan are quoted in a Law360 article providing cybersecurity and privacy predictions for 2018. Wimmer says, once Europe's General Data Protection Regulation (GDPR) is in force, non-EU countries around the world will begin looking at privacy regimes based on the 1995 Directive [which the GDPR will replace] and think about whether they ...

January 2018, Pratt's Privacy & Cybersecurity Law Report

December 26, 2017

SILICON VALLEY—The Financial Times has recognized Covington among the most innovative firms in 2017 in the category of "Enabling Business Growth," for advising "Tencent in its acquisition of a $8.6bn majority stake in Supercell, the Finnish gaming company, while maintaining Supercell’s creative culture and retaining its employees by introducing incentive ...

December 12, 2017, Microsoft

Eric Holder participated in Microsoft's #TechTalk series to discuss "Law Enforcement & Data." Topics included the role of national borders when it comes to accessing electronic evidence, the significance of e-evidence in investigations, the protection of fundamental rights online, the need for international police cooperation, and the unnecessary barriers to ...

December 4, 2017, Law360

Kurt Wimmer is quoted in a Law360 article regarding the Ninth Circuit’s ruling in a case involving the disclosure of user app data to a third-party. "The court recognized that the concept of being publicly identified has limits, despite technological evolution," says Wimmer. "By reducing ambiguity around what qualifies as PII, this decision permits content and ...

November 30, 2017

WASHINGTON—Covington represented Aristocrat Leisure Limited in its $990 million acquisition of Big Fish Games, Inc. This acquisition expands Aristocrat’s Social Gaming business into new game genres. Aristocrat is a global provider of gaming solutions. It offers a diverse range of products and services including electronic gaming machines and casino management ...

November 2017, Pratt's Privacy & Cybersecurity Law Report

November 2017, Pratt's Privacy & Cybersecurity Law Report

November 24, 2017, Los Angeles Business Journal

Susan Cassidy is quoted in a Los Angeles Business Journal article regarding the difficulties that some defense contractors in Southern California were facing trying to meet the Department of Defense deadline of December 31, 2017 for implementing the cybersecurity controls in NIST Special Publication 800-171. Cassidy notes that the definition of the information ...

November 20, 2017, Compliance Reporter

David Kornblau is quoted in a Compliance Reporter article regarding the SEC's annual enforcement report for 2017. According to Kornblau, the report showed a decrease in enforcement actions compared to the prior year, as the industry expects a downshift in regulation by the agency under new SEC Chair Jay Clayton. “My sense is that the overall level of new ...

November 20, 2017, Webinar

November 10, 2017, HR Magazine

Jadzia Butler is quoted in an HR Magazine article regarding a recent court order requiring Glassdoor to reveal the identities of users in response to a grand jury subpoena in a wire fraud case. It is "particularly concerning" if Internet users who believe they can have anonymous online discussions have their anonymity compromised by a mere subpoena, Butler says. ...

November 2017, Pratt's Government Contracting Law Report

October 31, 2017, Bloomberg Government

Susan Cassidy is quoted in a Bloomberg Government article regarding contractors' efforts to comply with new cybersecurity standards. According to Cassidy, the mandate that contractors develop cybersecurity plans—the most recent requirement added to the NIST list—is crucial for contractors. Contractors must “develop, document, and periodically update system ...

October 29, 2017, The Times

Lindsey Tonsager is quoted by The Times in an article regarding the use of artificial intelligence in healthcare. Commenting on how regulators are beginning to address some of the issues, Tonsager says, "The law hasn’t caught up with the technology. Nobody knows exactly who will be responsible.” “Some diseases disproportionately affect certain types of ...

October 24, 2017

WASHINGTON—As the result of a high-profile First Amendment challenge to the federal statute invoked by law enforcement to impose gag orders on technology companies, Microsoft, and its counsel Covington and Davis Wright Tremaine, have secured landmark reform of the U.S. Department of Justice's approach to digital surveillance.  Covington and Davis Wright Tremaine ...

October 24, 2017, The Litigation Daily

Jim Garland and Alex Berengaut are quoted by The Litigation Daily in an article regarding the role Covington and co-counsel Davis Wright played together on behalf of Microsoft that led to a groundbreaking policy memo from Deputy Attorney General Rod Rosenstein curbing the government's use of gag orders on tech companies. “It’s not always the case that the tech ...

October 18, 2017, Covington Alert

The European Commission published its Report today on the first-annual review of the EU-U.S. Privacy Shield (the Report is accompanied with a Staff Working Document, Infographic, and Q&A).

October 13, 2017, Covington Alert

In a draft regulation released earlier this year, China proposed regulating the import, export, manufacture, sale, and use of “commercial encryption products,” building on a patchwork of regulations.1 These regulations have focused on restricting the import and use of encryption products produced by certain manufacturers, and many entities have expressed concern ...

October 12, 2017

WASHINGTON—Laura Kim has joined Covington’s Advertising and Consumer Law and Data Privacy and Cybersecurity practices in Washington. For more than a decade, Ms. Kim held a variety of roles in the Bureau of Consumer Protection at the Federal Trade Commission (FTC), including Assistant Director in two divisions, Chief of Staff to former Bureau Director Jessica ...

October 3, 2017, Commercial Dispute Resolution

David Fagan is quoted in a Commercial Dispute Resolution article regarding how companies are bracing for cyber attacks. According to Fagan, cybersecurity is “a one-way ratchet: all constituents, whether customers, regulators, business partners, claimant counsel and finders of fact, are increasingly aware of and focused on the risk [which] arises from operating ...

October 2017, Pratt's Government Contracting Law Report

October 2017

Covington's Data Privacy and Cybersecurity practice is excited to take part in National Cybersecurity Awareness Month. Throughout October, our lawyers will highlight top-of-mind concerns, provide helpful tips, and discuss the cybersecurity landscape more generally through a series of posts on our Inside Privacy blog. Below you can find our most recent content, ...

September 22, 2017, The Recorder

Lindsey Tonsager is quoted by The Recorder in an article regarding the recent decision in a case brought by the FTC alleging that selling connected devices with known security weaknesses is an unfair and deceptive business practice. According to Tonsager, "Judge Donato's order should discourage the FTC from adopting a legal standard that would consider potential ...

September 18, 2017, Covington Alert

Last week, in his annual State of the European Union Address, the President of the European Commission Jean-Claude Juncker called out cybersecurity as a key priority for the European Union in the year ahead. In terms of ranking those priorities, President Juncker placed tackling cyber threats just one place below the EU leading the fight against climate change, ...

September 5, 2017, Bloomberg

Helena Milner-Smith is quoted in a Bloomberg article regarding the European Court of Human Rights ruling on employee privacy in a case brought by Bogdan Mihai Barbulescu. According to Milner-Smith, the ruling should remind employers not to "go beyond what is necessary for a legitimate purpose." She adds, "However, the Grand Chamber’s ruling will have very little ...

September 5, 2017, The Law Society Gazette

Helena Milner-Smith is quoted by The Law Society Gazette in an article regarding the European Court of Human Rights ruling on employee privacy in a case brought by Bogdan Mihai Barbulescu. According to Milner-Smith, "The decision serves as a reminder for employers who monitor workplace communications to ensure their monitoring practices do not go beyond what is ...

September 5, 2017, Law360

Helena Milner-Smith is quoted in a Law360 article regarding the European Court of Human Rights ruling on employee privacy in a case brought by Bogdan Mihai Barbulescu. "The decision serves as a reminder for employers who monitor workplace communications to ensure their monitoring practices do not go beyond what is necessary for a legitimate purpose, that ...

August 31, 2017, Covington Alert

On August 31, 2017, China’s National Information Security Standardization Technical Committee (“NISSTC”), a standard-setting committee jointly supervised by the Standardization Administration of China (“SAC”) and the Cyberspace Administration of China (“CAC”), released an updated draft of the Information Security Technology - Guidelines for Data Cross-Border ...

August 25, 2017, Bloomberg BNA

Kurt Wimmer is quoted by Bloomberg BNA in an article regarding the FTC's weekly data security investigation blog. According to Wimmer, the FTC’s "Stick With Security” blog is “serving a highly useful role.” He adds that the initiative is “taking many of the key principles from the ‘Start with Security’ program and the FTC’s consent orders and rolling them out in ...

August 22, 2017, Bank Info Security

Alex Berengaut's Law360article weighing the constitutionality of the Marcus Hutchins indictment is cited in a Bank Info Security story examining questions raised by the case. According to Berengaut, it's not clear that federal prosecutors have a right to bring charges against Hutchins. 

August 21, 2017, Security Week

Alex Berengaut's Law360 article on the constitutionality of the Marcus Hutchins indictment is cited in a Security Week story examining recent case developments. “Since Hutchins’ indictment, commentators have questioned whether the creation and selling of malware—without actually using the malware—violates the two statutes under which Hutchins was charged: the ...

August 17, 2017, Law360

August 11, 2017

WASHINGTON—Law360 named Covington partners Elizabeth Canter and Shankar Duraiswamy to its list of “Rising Stars for 2017.” This annual recognition honors top attorneys under 40 “whose legal accomplishments transcend their age.” Ms. Canter advises multinational companies on privacy, cyber security, and technology transaction issues. She has special expertise in ...

August 10, 2017, The Wall Street Journal

Mark Young is quoted in The Wall Street Journal's "Morning Risk Report" in an article regarding the Network and Information Systems directive. According to Young, “This is another data-related compliance requirement and it carries heavy penalties for failure to have in place appropriate network security measures."

August 8, 2017, Financial Times

Lisa Peets is quoted in a Financial Times article regarding the EU's new General Data Protection Regulation which will be introduced into UK law later this year. "Under the regulations, the definition of 'personal data' will be extraordinarily broad—any information that is related to a person," says Peets. "Companies are finding out that they are processing a ...

August 2, 2017, Law360

Libbie Canter was named a "Rising Star" by Law360, recognizing her as a top lawyer under 40 in Privacy & Cybersecurity law. In its profile of Canter, Law360 highlights her advisory role on significant transactions, including Microsoft’s $8.5 billion acquisition of video call service Skype.

July 28, 2017, Medtech Insight

Marialuisa Gallozzi, John Buchanan, and Jeff Kiburtz are quoted in a Medtech Insight article regarding the growing interest in the healthcare sector in buying cyber insurance. According to Gallozzi, "We are in the midst of an evolution of the insurance market right now in this area." She says cyber insurance policies have been a growing trend but unlike other ...

July 21, 2017, Law360

Kurt Wimmer is quoted in a Law360 article regarding the State of Washington's new law governing the collection and use of consumers’ biometric information. According to Wimmer, the law “is more sensible and targeted than some other biometric laws because it applies only to biometric identifiers stored in a database that matches those identifiers to specific ...

July 12, 2017, Covington Alert

On July 11, 2017, the Cyberspace Administration of China (CAC) released the draft Regulation for the Protection of the Critical Information Infrastructure (“Draft Regulation”) for public comment (official Chinese version available here). The comment period ends on August 10, 2017.

July 2, 2017, San Antonio Express-News

Susan Cassidy is quoted in a San Antonio Express-News article regarding new cybersecurity requirements for contractors. According to Cassidy, "Essentially, the DOD wants its contractors to protect its information, because the DOD is a huge target, and its contractors are also a target." Commenting on the fact that over the years, contractors have been working ...

June 29, 2017, Bloomberg Law

Lindsey Tonsager is quoted in a Bloomberg Law article regarding the FTC's updated guidance that includes adding online-based questions as a method of obtaining parental consent under the Children's Online Privacy Protection Act. According to Tonsager, the new methods are a quick way for parents to give consent without having to mail in forms, and will largely ...

June 20, 2017, Law360

Kurt Wimmer is quoted in a Law360 article regarding LabMD Inc. v. FTC , where the FTC will attempt to justify its data security enforcement authority. “The LabMD argument will provide an important window into how the new FTC will deal with the all-important question of 'harm' in the context of data security enforcement actions,” says Wimmer. “The argument ...

June 19, 2017, Bloomberg BNA

Kurt Wimmer is quoted in a Bloomberg BNA article regarding LabMD Inc. v. FTC , where the FTC will attempt to justify its data security enforcement authority. According to Wimmer, "[o]ral argument “presents an opportunity for the FTC to explain its current view of ‘harm,’ and how it should be applied in the LabMD case."

June 1, 2017, The Hill

Yan Luo is quoted by The Hill in an article regarding some of the uncertainties surrounding China's new Cybersecurity Law. Under the new law, cross-border data transfers for operators of "critical information infrastructure" are subject to security reviews and restrictions. According to Luo, "We don’t really have a definition of critical information ...

May 24, 2017, Covington Alert

On May 25, 2018, employers located or with staff in the European Union (“EU”) will have to comply with a new data protection law—Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data—commonly referred to as the General Data Protection Regulation (“GDPR”). This will ...

May 23, 2017, Cloud, Big Data and AI Conference, Seattle, Washington

May 23, 2017, Cloud, Big Data and AI Conference, Seattle, Washington

May 19, 2017, Covington Alert

On May 19, 2017, the Cyberspace Administration of China (“CAC”) invited international stakeholders to attend a seminar to discuss an updated version of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (“the Measures”). Given that the Measures have an intended effective date of June 1, 2017, it is likely ...

May 17, 2017, The Cybersecurity Law Report

May 17, 2017, Covington Alert

Last Friday may mark the start of a new era in cyber crime. The first worldwide ransomware attack, commonly dubbed “WannaCry,” emerged on May 12. The malware is believed to have infected more than 300,000 computers in 150 countries to date. A cyber criminal or ring of criminals, taking advantage of an exploit made available by the ShadowBrokers hacker group that ...

May 10, 2017, Silicon Valley Business Journal

Emily Henn was profiled by Silicon Valley Business Journal as a part of the publication's "Women of Influence" feature, honoring 100 of the most influential business women in Silicon Valley.

May 9, 2017, Covington Alert

On April 13, 2017, China’s State Cryptography Administration (“SCA”) published a draft Encryption Law (“the draft Law”) for public comment. After several years of drafting, the draft Law, if enacted as drafted, would be the first Chinese statute to systematically address encryption, covering “the research, production, management, import and export, testing, ...

May 3, 2017, The Cybersecurity Law Report

May 3, 2017, Covington Alert

On May 2, 2017, the Cyberspace Administration of China (“CAC”) released the final version of the Measures on the Security Review of Network Products and Services (Trial) (“the Measures”), with an effective date of June 1, 2017 (official Chinese version available here). The issuance of the Measures marks a critical first step toward implementing China’s ...

May 1, 2017, Covington Alert

In a widely anticipated step, FCC Chairman Ajit Pai has released the text of a draft Notice of Proposed Rulemaking (“NPRM”) proposing to change the legal framework that governs broadband providers, eliminate the “Internet conduct standard” for evaluating broadband provider practices on a case-by-case basis, and seek comment on whether to keep, modify, or ...

April 27, 2017, Law360

Kurt Wimmer is quoted in a Law360 article regarding the Eleventh Circuit's decision to reject a proposed class action brought by a CNN app user claiming that CNN violated the Video Privacy Protection Act. According to Wimmer, "Unlike the Yershov court, the CNN panel seems to understand how apps actually work, which will be helpful going forward."

April 26, 2017

SILICON VALLEY—Silicon Valley Business Journal has named Covington partner Emily Henn to its annual “Women of Influence” list, honoring “100 of the most influential business women in Silicon Valley.”   Ms. Henn serves as co-chair of the firm’s Class Action Litigation Practice, specializing in defending antitrust, consumer, and other types of class actions. Ms. ...

April 21, 2017, Luxembourg Forum (Triannual Meeting Between the United States Supreme Court and the European Court of Justice), Washington, DC

April 20, 2017, Law360

Earlier this month, in Maloney v. T3Media Inc.,[1] the Ninth Circuit held that former college athletes could not assert a right of publicity to prevent the NCAA and its licensee, T3Media, from distributing images of the players. The court ruled that the players’ right of publicity was preempted by Section 301 of the Copyright Act because photographs of the ...

April 14, 2017, Harvard Law School Entertainment Symposium

April 12, 2017, Covington Alert

On April 11, 2017, the Cyberspace Administration of China (“CAC”) released a draft of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (“the Draft Measures”) for public comment (official Chinese version available here; Covington’s translation of the Draft Measures is appended at the end of this alert).

Spring 2017, The Business Lawyer

March 30, 2017, Business Forums International Ltd.

March 7, 2017, Compliance Week

Compliance Week references a Covington client alert on China’s draft regulation on cybersecurity review of network products and services. According to the alert, “As the draft measures come into force in the coming months, such companies will need to carefully assess the implications of the draft measures, including whether to voluntarily seek security reviews ...

March 6, 2017, Business Insurance

Lindsay Burke is quoted in a Business Insurance article regarding the risks associated with internal office chat applications. “People think of it as a casual form of communication,” Burke says, “and they forget that it’s business and usually the company is keeping a record of the communication. And if the company finds itself in litigation, then the discovery ...

March 4, 2017, ABA Insurance Coverage Litigation Committee CLE Seminar

March 2017, National Defense

March 2017, Pratt's Government Contracting Law Report

Spring 2017, Communications Lawyer (American Bar Association)

February 22, 2017, The Cybersecurity Law Report

Steve Surdu was interviewed by The Cybersecurity Law Report for a three-part series on the role of forensic firms during a cyber breach. Part one discusses how to understand and leverage the expertise of forensic firms from the start. According to Surdu, forensic consultants have specialized skills and knowledge “that are very difficult for most organizations to ...

February 15, 2017, Webinar

February 7, 2017, Covington Alert

On February 4, 2017, the Cyberspace Administration of China (“CAC”) released the draft Measures on the Security Review of Network Products and Services (“the draft Measures”) for public comment (official Chinese version available here; Covington’s translation of the draft Measures is here). The comment period ends on March 4, 2017.

February 3, 2017, Global Investigations Review

Ian Hargreaves and David Lorello are quoted in a Global Investigations Review article regarding Hargreaves’ recent arrival to Covington. According to Hargreaves, the firm’s “pre-eminence in dispute resolution, and its immense strength and global recognition as a market-leader in white-collar crime matters and investigations” fueled his decision. Lorello says, ...

February 1, 2017

WASHINGTON—Matthew S. DelNero has rejoined Covington as a partner in its Communications and Media Practice Group in Washington. Mr. DelNero most recently served as Chief of the Federal Communications Commission’s Wireline Competition Bureau. Mr. DelNero was a Covington partner from 2011 until January 2014, when he became Deputy Chief of the Wireline Competition ...

February 2017, The American Lawyer

Eric Mogilnicki was featured as a “Lateral All-Star” in The American Lawyer’s Lateral Report, recognizing his move to Covington as one of the “most notable and intriguing” in 2016. 

February 1, 2017, Law360

Matt DelNero and Yaron Dori are quoted in a Law360 article regarding DelNero’s return to Covington as a partner in its Communications and Media Practice Group where he will oversee a diverse portfolio of telecom issues, including broadband expansion, privacy, data security and merger activity, bringing to the practice a new appreciation for the policy process ...

February 1, 2017, Broadcasting & Cable

Matt DelNero is quoted in a Broadcasting & Cable article regarding his return to Covington’s Communications and Media practice. According to DelNero, “I look forward to handling a diverse array of issues for clients in the content, telecommunications, and technology sectors and to helping develop the firm’s Media & Communications practice into the future.”

January 31, 2017

LONDON—Ian Hargreaves has joined Covington as a partner in the firm’s European Dispute Resolution practice resident in London. Mr. Hargreaves’ arrival follows that of litigation partners Craig Pollack, Greg Lascelles, Elaine Whiteford, and Louise Freeman over the past six months. Mr. Hargreaves advises on major European white collar and related civil and ...

January 24, 2017, Law360

Mark Young and Ian Hargreaves are quoted in a Law360 article regarding the high level of cyberattacks on the financial services industry and the resulting regulatory pressures. According to Young, “The GDPR [General Data Protection Regulation] is a massive text with groundbreaking change in the data privacy area, in terms of compliance requirements and the new ...

January 17, 2017, Federal Contracts Report

Susan Cassidy is quoted in a Federal Contracts Report article regarding the fate of cybersecurity improvements made by the DoD under President Trump. According to Cassidy, “I would expect those to continue forward because I don't see a political will to say, ‘No you shouldn't protect this.’”  The nomination of former Sen. Dan Coats (R-Ind.) to serve as director ...

January 4, 2017, Covington Alert

President Obama announced several actions on December 29 to respond to Russian cyber operations that the U.S. intelligence community previously had concluded were intended to influence the U.S. presidential election. Specifically, the President revised and expanded an earlier executive order that blocks the property and interests in property of persons that ...

January 2017, Pratt’s Government Contracting Law Report

December 15, 2016, CCT News

Daniel Cooper is quoted by CCT News in an article regarding the use of wearable technology in the workplace. According to Cooper, the use of wearable devices is a good way, especially for insurers.  However, the wearers’ privacy must be taken care of as well as their legitimate treatment concerns.

December 14, 2016, Covington Alert

Recent reports from both government and private groups have highlighted the risk that cyber hacking may now cause serious physical injury or damage. This new risk stems from connected industrial controls or electronic devices comprising the Internet of Things (IoT)—the network of over 50 billion objects ranging from children’s toys to home appliances to medical ...

November 21, 2016, Financial Times

Daniel Cooper is quoted in a Financial Times article regarding wearable technology in the workplace. According to Cooper, not everyone will welcome sharing intimate personal information with the boss, however. “Wearable devices could be a good way for insurers to get the data . . . but it’s essential to address wearers’ privacy and fair treatment concerns and ...

November 8, 2016, Covington Alert

On November 7, the Standing Committee of China’s National People’s Congress (“NPC”) passed China’s first Cybersecurity Law (the “Law”), which will take effect starting June 1, 2017. Described as China’s “fundamental law” in the area of cybersecurity, the new Law articulates the government’s priorities with respect to “cyberspace sovereignty,” consolidates ...

October 20, 2016, Covington Alert

On October 19, 2016, the Board of Governors of the Federal Reserve System (Federal Reserve), Office of the Comptroller of the Currency (OCC), and Federal Deposit Insurance Corporation (FDIC) (collectively the “Agencies”) released a joint Advance Notice of Proposed Rulemaking (ANPR) requesting public comment on enhanced cybersecurity standards that would apply to ...

October 3, 2016, Federal Contracts Report

Susan Cassidy is quoted in a Federal Contracts Report article regarding the Defense Department’s updated cyber incident reporting rule. According to Cassidy, the rule succeeded in clarifying some industry concerns, but did not address them all. “They didn't take an opportunity to clarify everything you might have hoped they would.” For example, when asked ...

September 28, 2016, The FCPA Report

Eric Carlson is quoted in an FCPA Report article regarding China’s data privacy and cybersecurity laws and how they apply to companies doing business in China. Commenting on performing due diligence while avoiding data privacy issues, Carlson says, “For due diligence purposes, it is still safe and appropriate to gather corporate information such as whether a ...

September 20, 2016

WASHINGTON—Global Investigations Review has named the Microsoft warrant access case as the winner of the “Most Important Court Case of the Year.” Covington served as co-counsel to Microsoft and helped secure a landmark win in the U.S. Court of Appeals for the Second Circuit. GIR also ranked Covington among the top 15 investigations practices in the world in its ...

September 14, 2016, 2016 Covington Government Contracts Briefing: Solving Problems, Securing Opportunities

September 12, 2016

LOS ANGELES—The Los Angeles Business Journal has recognized Aaron Lewis as one of the “Most Influential Minority Lawyers” in Los Angeles. The inaugural list names 40 “stellar minority lawyers in the LA region,” highlighting recent success in their respective areas of practice.  The Los Angeles Business Journal highlighted Mr. Lewis’s recent significant ...

August 11, 2016, The American Lawyer

James Garland participated in a Q&A with The American Lawyer regarding the firm’s relationship with Microsoft and its recent work on an important internet search case in the Second Circuit. According to Garland, “Microsoft has a very strategic approach toward its legal functions and litigation in particular. In cases like this that are of strategic policy ...

July 27, 2016, Global Investigations Review

Stephen Surdu and James Garland are quoted in a GIR article regarding Surdu’s arrival to Covington as a Senior Cybersecurity Advisor. “In the fog of war, companies do not think clearly,” Surdu says. “They want to do the right thing, but they do not quite know what that is. As someone who has handled many cybersecurity investigations, I can help calm the ship.” ...

July 25, 2016, Covington Alert

Search warrants served on U.S. Internet companies and cloud service providers cannot obtain customer data stored overseas, the U.S. Court of Appeals for the Second Circuit ruled on July 14. The federal appellate decision focuses on warrants issued under the federal Electronic Communications Privacy Act (“ECPA”) and formally applies only in the Second Circuit, ...

July 21, 2016, Law360

David Fagan and Stephen Surdu are quoted in a Law360 article regarding the launch of Covington’s new Cybersecurity Incident Response Team in conjunction with the arrival of Surdu and Jenny Martin. According to Fagan, “We’re a big firm with clients that span the globe. They can’t control when they have incidents, and you can get calls on a Friday afternoon from ...

July 18, 2016

WASHINGTON—Covington has formed an enhanced team of lawyers and advisors to provide cybersecurity incident response services to clients, highlighted by Stephen Surdu, who formerly led the professional services group of Mandiant, joining the team as a Senior Cybersecurity Advisor.  Through the formation of the Cybersecurity Incident Response Team with members on ...

July 18, 2016, Federal News Radio

Michael Chertoff appeared on Federal News Radio for a panel discussion on the current cybersecurity environment and the evolution of data-centric security. “What’s different now is because of modern data analytics, the ability to take huge volumes of data at enormous scale and then to be able to analyze and make use of that data is something that’s brand new.”

July 18, 2016, The American Lawyer

James Garland and Steve Surdu are quoted in an American Lawyer article regarding the launch of Covington’s Cybersecurity Incident Response Team, highlighted by Surdu’s recent arrival as a Senior Cybersecurity Advisor. According to Garland, "The lawyers that do the interviews and oversee the forensic investigation, we're experienced but we're not engineers." He ...

July 14, 2016

WASHINGTON—The U.S. Court of Appeals for the Second Circuit has ruled in favor of Covington’s client Microsoft Corporation in its challenge to a U.S. warrant seeking customer emails stored in Ireland.  Microsoft argued that the warrant—issued under the Electronic Communications Privacy Act (ECPA)—could not be used to obtain emails stored abroad because it would ...

July 14, 2016, Covington Alert

At a joint press conference on July 12, 2016 in Brussels, EU Commissioner for Justice, Consumers and Gender Equality, Věra Jourová and the U.S. Secretary of Commerce, Penny Pritzker, presented the Privacy Shield (see Press Release here, Adequacy Decision text here, Annexes here, Communication here, and Q&A factsheet here). The press conference followed the ...

July 12, 2016, Covington Alert

On July 5, 2016, China’s National People’s Congress (“NPC”) released a new draft of the Cybersecurity Law for public comment (official Chinese version available here; unofficial translation from AmCham China available here). The revised draft contains a number of significant changes from the first draft, which was released in July 2015, but retains many of the ...

July 7, 2016, Covington Alert

The Brazilian financial industry has long been a target of cyber criminals, and with the continued growth of sophisticated online banking services in Brazil, such systems are a prime target for organized crime. In addition, among the emerging BRICS countries (Brazil, Russia, India, China, and South Africa), Brazil is on a par with China and Russia in terms of ...

July 2016, BNA’s World Data Protection Report

June 22, 2016, Covington Alert

On Tuesday, June 21, 2016, the Federal Aviation Administration (“FAA”) finalized its long-awaited rule on the commercial use of small unmanned aircraft systems (“UAS” or “drones”). The rule is significant because it provides a comprehensive and generally applicable set of rules for anyone wishing to operate a small drone for commercial purposes.

June 21, 2016

SILICON VALLEY—Covington advised Tencent Holdings Limited, a leading provider of internet service in China, in connection with its acquisition of a majority stake in Supercell from SoftBank. A consortium established by Tencent will acquire up to 84% of Supercell for $8.6 billion in a transaction valuing Supercell at approximately $10.2 billion. Supercell is a ...

June 21, 2016, Webinar

June 16, 2016

WASHINGTON—Legal Bisnow has named Covington partner Alexander Berengaut to its 2016 “Top 40 Lawyers Under 40” list.  Mr. Berengaut focuses on international arbitration, civil litigation, and government enforcement proceedings. He has experience handling a range of arbitral proceedings and U.S. court litigation matters, including at trial, and has significant ...

May 31, 2016, Inside Cybersecurity

Susan Cassidy participated in a panel discussion at the annual cybersecurity conference at Georgetown University Law Center and is quoted in this Inside Cybersecurity article regarding the limited scope of liability protections under the new cyber info-sharing law. According to Cassidy, "Anything you create could be used in litigation against you," in referring ...

May 5, 2016, Data Guidance

Michael Nonaka is quoted in this Data Guidance article regarding the Payment Card Industry Security Standards Council’s latest version of its data security standard. According to Nonaka, "PCI DSS version 3.2 does not reflect sweeping changes to the requirements in prior versions, but it is indicative of the data security priorities being expressed by card ...

May 2, 2016, Law360

May 2016, National Defense Magazine

April 23, 2016, The Washington Post

James Garland is quoted in this Washington Post article discussing whether the discovery of alternative ways to unlock iPhones without the help of Apple during investigations undermines the Justice Department’s case in seeking similar, future court orders. According to Garland, “[T]he fact that they subsequently figured out how to do it — without Apple’s help — ...

April 12, 2016, Law360

April 8, 2016, Covington Alert

On April 6, the National Telecommunications and Information Administration (NTIA), part of the U.S. Department of Commerce, issued a Request for Comment (RFC) seeking public feedback on the benefits, challenges, and potential roles for the government in fostering the advancement of the Internet of Things (IoT). NTIA issued the RFC as part of the Commerce ...

March 24, 2016, The Wall Street Journal

Daniel Cooper is quoted in The Wall Street Journal’s “Morning Risk Report” discussing how companies should best comply with global data protection regulations. Commenting on the binding corporate rule process, Cooper said,“The one thing we know about binding corporate rules is [they tend] to have more appeal to European regulators.” He continues, “For a lot of ...

March 2016, Cyber Security Law & Practice

March 2016, eHealth Law & Policy

February 19, 2016, Law360

Mark Young and Libbie Canter are quoted in this Law360 article offering tips on how deal makers can mitigate cybersecurity risks.  According to Young, any discovered incidents can give buyers pause on how  — and if — they want to move forward. “We’ve dealt with at least a couple examples where deals were at least delayed if not reconsidered because of ...

February 18, 2016, Covington Alert

February 5, 2016, LexisNexis

February 1, 2016, The Guardian

Henriette Tielemans is quoted by The Guardian in an article discussing the missed Safe Harbor deadline. According to Tielemans, companies faced “enormous uncertainty” about what European regulators would deem adequate privacy protection.

January 27, 2016, Covington Alert

January 25, 2016, The Lawyer

David Fagan is quoted by The Lawyer in an article discussing the continued vulnerability of companies to data breaches and targeted cyber attacks. Fagan, commenting on cyber-related litigation, states, “Up until now, in the US, there has been little cyber-related litigation because it is very difficult to quantify the level of damage done – I can imagine the ...

January 21, 2016, MarketWatch

Kurt Wimmer is quoted in this MarketWatch article regarding the FAA’s decision to allow Cape Productions, a drone video startup, to fly drones hundreds of feet closer to people than previously permitted. According to Wimmer, the FAA’s approval for Cape Productions sets a “much more realistic precedent” for future commercial drone usage.

January 15, 2016, Law360

Henriette Tielemans is quoted in a Law360 article discussing the recent European Court of Human Rights’ decision allowing employers in the EU to monitor their employees’ online activities for business purposes. “This decision is important,” according to Tielemans. “It will bring much needed legal certainty in an area that many companies are struggling with.”

January 12, 2016, Covington Alert

January 5, 2016

WASHINGTON, DC, January 5, 2016 - Covington announced that Eric Mogilnicki has joined the firm as a partner in its Washington office and will co-chair the firm’s new Consumer Financial Services practice. Andrew Smith, who served as a senior financial services lawyer at the Federal Trade Commission prior to joining the firm, will also lead the newly formed ...

January 5, 2016

WASHINGTON, DC, January 5, 2016 - Covington announced that Matthew Schlesinger has joined the firm as a partner in its insurance recovery practice. “Matt has a strong track record of success in the insurance recovery field, in particular on behalf of policyholders in the financial services sector,” said Mitchell Dolin, co-chair of the firm’s global coverage ...

January 4, 2016, The National Law Review

December 21, 2015, Covington Alert

On December 15, the EU institutions finally agreed the text of the new EU data protection law, the General Data Protection Regulation (“GDPR”), completing a process that began in January 2012. The LIBE committee has published the consolidated version of the GDPR text. The GDPR heralds a new era of data protection. It replaces the existing data protection ...

December 14, 2015

WASHINGTON, DC, December 14, 2015 - The National Law Journal has named Covington partner David Fagan as one of its “Cybersecurity & Data Privacy Trailblazers.” The list profiles 50 lawyers “who have helped make a difference in the fight against criminal cyber activity and towards adding much needed layers of data security in an increasingly digital world of ...

December 8, 2015, Law360

Mark Young is quoted in a Law360 article discussing the EU Network and Information Security Directive, which sets a cybersecurity and breach reporting baseline for both critical infrastructure operators, as well as digital service providers. This directive, which is the first of its kind, comes after two years of negotiations. According to Young, “There’s going ...

December 2015, Privacy & Data Protection

November 24, 2015, The Register

Dan Cooper is quoted by The Register in an article discussing the uncertainty and complications continuing to surround the Schrems decision that derailed Safe Harbour. Cooper stated that his business clients were both “surprise[d] and shock[ed]” by the European Court’s decision. “Businesses felt like the rug had been pulled out from under them,” said Cooper. ...

November 17, 2015, Covington Alert

November 9, 2015, Multichannel News

October 13, 2015

WASHINGTON, DC, October 13, 2015 - Covington addresses the critical issue of how to manage risks associated with third-party outsourcing in Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers. Published in collaboration with Palo Alto Networks and the New York Stock Exchange, the book provides boards, executives and ...

October 13, 2015, Bloomberg BNA

Henriette Tielemans is quoted in this BNA article that explores the idea of finding alternative means for the transfer of data with the elimination of Safe Harbor. Countries that require national data protection authority approval may find even more issues arise when trying to formulate new ways to navigate data transfer laws. Tielemans notes that the process ...

October 6, 2015, Al Jazeera

Dan Cooper appeared on the show to discuss the implications of the ECJ Schrems judgment.

October 6, 2015, Fortune

Brussels-based partner Henriette Tielemans is quoted in this Fortune article that discusses the effects of the highest E.U. court eliminating the U.S.-E.U. data transfer agreement known as the Safe Harbor Act. “Hindsight is a beautiful thing,” said Tielemans. “We must all remember that in 2015 things are different than they were in 2000.”

October 6, 2015, Covington Alert

October 2015, Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers

September 23, 2015, InsidePrivacy Blog

September 17, 2015, InsidePrivacy Blog

September 11, 2015, Covington Alert

September 2015, Bloomberg BNA World Data Protection Report

August 27, 2015, Inside Cybersecurity

Susan Cassidy was quoted in this article.

August 24, 2015, InsidePrivacy Blog

August 20, 2015

SAN FRANCISCO, August 20, 2015 — Covington advised Tencent Holdings Ltd. on its US$50 million investment in Ontario-based Kik Interactive, Inc., a messenger application with more than 200 million registered users. Tencent is a Chinese company that provides value-added Internet, mobile and telecom services and online advertising. Its messaging app WeChat has ...

August 13, 2015, Inside Cybersecurity

Susan Cassidy was quoted in this article.

August 12, 2015, The Cybersecurity Law Report

August 11, 2015

WASHINGTON, DC, August 11, 2015  —The Los Angeles Business Journal has named Covington partner and former federal prosecutor Daniel Shallman to its list of the city’s “Most Influential Lawyers” in the white collar and cyber practice areas. In selecting Mr. Shallman, the publication noted that he has handled “a string of impressive matters” since joining the firm ...

August 2015, Privacy Laws & Business

Article written by Covington's Lisa Peets.    

August 2015, Bloomberg BNA World Data Protection Report

August 2015, Privacy Laws & Business International Report

July 17, 2015, Webinar

July 13, 2015, China Law & Practice

July 10, 2015, Covington Alert

July 2, 2015, Covington Alert

July 2, 2015, InsidePrivacy Blog

July 2015, Bloomberg BNA World Data Protection Report

June 24, 2015

WASHINGTON, DC, June 24, 2015  — Covington partner Mark E. Plotkin has been named to The National Law Journal’s list of 45 Regulatory and Compliance Trailblazers. The list recognizes lawyers who have “made a difference navigating the ever-changing mandates of regulatory and compliance.” Mr. Plotkin, co-chair of Covington’s national security and defense industry ...

June 12, 2015, InsidePrivacyBlog

June 9, 2015, Inside Cybersecurity

Covington's David Fagan and Susan Cassidy have authored this article for Inside Cybersecurity. 

June 9, 2015, InsideCounsel

June 8, 2015, Financial Times

Covington's Daniel Cooper is quoted regarding the legal implications of wearables in the workplace: “Historically European regulators in the data protection area have been very sceptical you can ever get a valid employee consent — they feel that for existing employees, [the relationship] is almost inherently coercive.”

May 12, 2015, Inside Counsel

May 6, 2015, Covington E-Alert

May 2015, Privacy Laws & Business UK Report

April 22, 2015, Covington E-Alert

April 8, 2015, The Cybersecurity Law Report

Covington's David Fagan is quoted regarding cybersecurity: "Companies 'should have a process in place to categorize vendors in terms of levels of risk and then they should apply assessment from that basis,' Fagan said. The first step should be to 'assign a risk classification to them. And that should track to what kind of assessment you provide.'"

April 2015, Covington Newsletter

March 20, 2015, The Media Institute Policy Views

March 13, 2015, CDR News

March 12, 2015, Inside Counsel

Richard Shea, Lindsay Burke and Ashden Fein have authored this article on cybersecurity threats: "Cybersecurity threats can emanate not just from outside sources but from company insiders as well — including employees, executives, directors and contractors. According to NetDiligence’s 2014 Cyber Insurance Claims Study, roughly one-third of the reported events ...

March 12, 2015, InsideCounsel

March 11, 2015

WASHINGTON, DC, March 11, 2015 — Covington’s Jeff Kosseff has co-authored “Law for Media Startups,” a 12-chapter web guide for entrepreneurs launching media ventures and educators teaching students how to do it. The guide, co-authored by J-Lab Executive Director Jan Schaffer, was published by City University of New York’s Tow-Knight Center for Entrepreneurial ...

March 9, 2015, The National Law Journal

February 28, 2015, InsidePrivacy Blog

February 23, 2015, The Hill

David Fagan is quoted in this article regarding cybersecurity: David Fagan, a partner with Covington & Burling, said clients’ needs have evolved over the past five years when it comes to cybersecurity.  “[The] Target and Sony [hacks] captured the minds and also the fears of a lot of boards of directors and executives,” Fagan said. “As a result, in-house ...

February 19, 2015, Inside Counsel

February 19, 2015, Inside Counsel

Covington's David Fagan, James Garland and Kurt Wimmer have authored this article on questions that in-house counsel should be able to answer about his or her organization’s legal and business cybersecurity risk profile: "In the wake of the much publicized North Korean cyber-attacks against Sony — as well as recent favorable rulings for the plaintiffs in class ...

February 17, 2015, Covington E-Alert

February 17, 2015, InsidePrivacy Blog

February 2015, Bloomberg BNA World Data Protection Report

January 22, 2015, Covington E-Alert

January 2015, Corporate Counsel

January 2015, Regulatory Rapporteur

December 22, 2014, Covington E-Alert

November/December 2014, E-Commerce Law Reports

October 21, 2014, Law360

October 16, 2014, Lawyer 2B

October 2014, Data Protection Law & Policy

2014, Data Protection and Privacy Law (2nd Edition, Thomson Reuters)

October 1, 2014, Inside Cybersecurity

Covington's David Fagan and Marialuisa Gallozzi are quoted in this article regarding a symposium co-hosted by Covington & Burling and George Washington University's Cybersecurity Initiative titled "Cybersecurity for Government Contractors." "That is the bubble that we're sitting on at this moment," said Covington and Burling insurance attorney Marialuisa ...

September 30, 2014, Politico

Michael Chertoff is quoted regarding a symposium co-hosted by Covington & Burling and George Washington University's Cybersecurity Initiative titled "Cybersecurity for Government Contractors." "Information sharing between the government and private sector shouldn’t just be about swapping threat signatures or intelligence, former DHS Secretary Michael Chertoff ...

10/9/2014

London, October 9, 2014 - Covington & Burling has been selected as the winner in the Technology, Media and Telecoms category of Legal 500 UK Awards 2014, with a focus on Data Protection. Covington’s European technology, media and telecoms lawyers draw on the firm’s deep roots in the software, Internet, telecommunications and media industries and act as strategic ...

September 14, 2014, The Kernel

Covington partner Kurt Wimmer is quoted in this article regarding the legal implications of wearable cameras: "The current laws on privacy take hidden cameras and other Glass-type devices into account,” says Wimmer, whose clients include Facebook, Microsoft, Samsung, CBS, Viacom, and the National Football League. “There have been tiny cameras for a long time, ...

August 22, 2014, Law360

July 24, 2014, Law360

Covington partner Kurt Wimmer is quoted in this article regarding the Federal Trade Commission pursuing companies such as Snapchat Inc. and Fandango LLC over allegedly misleading privacy promises and lax data security. "To me, the FTC's work in the first half of 2014 has been more about security than privacy — both in advocating for its ability under Section 5 ...

July 2014, Bloomberg BNA World Data Protection Report

June 2014, E-Commerce Law & Policy

May 14, 2014, InsidePrivacy Blog

May 2014, Privacy Laws & Business

April 28, 2014, Bloomberg BNA

Covington partner Susan Cassidy was interviewed for Bloomberg BNA regarding the General Services Administration's draft plan to manage cybersecurity risks in the federal acquisition process. The article states: “When you read the actual proposal from GSA, it's hard to figure out what they are going to do,” Covington & Burling LLP Partner Susan Cassidy said. ...

April 11, 2014, Covington E-Alert

April 8, 2014, InsidePrivacy Blog

April 2014, West Briefing Papers

March 25, 2014, Covington E-Alert

March 15, 2014, InsidePrivacy Blog

February 20, 2014

NEW YORK, February 20, 2014 — Covington & Burling represented Banco Bilbao Vizcaya Argentaria, an international financial group based in Spain, in its acquisition of financial technology company Simple. The acquisition is part of BBVA's strategy to lead the technology-driven change that is transforming the financial services industry. According to Francisco ...

January 22, 2014, Covington E-Alert

November 27, 2013, Covington E-Alert

November 6, 2013, Covington E-Alert

October 24, 2013, InsidePrivacy Blog

October 24, 2013, Covington E-Alert

October 18, 2013, InsidePrivacy Blog

October 17, 2013, InsidePrivacy Blog

October 11, 2013, InsidePrivacy Blog

October 9, 2013, Covington E-Alert

October 8, 2013, Law360

September 30, 2013, Covington E-Alert

September 4, 2013, InsidePrivacy Blog

August 15, 2013, Covington Advisory

June 26, 2013

LONDON, 26 June, 2013 — The UK Information Commissioner's Office has authorised GlaxoSmithKline’s 'Binding Corporate Rules' (BCRs) – a set of internal policies and procedures used to protect personal data across GSK’s operations globally. The privacy and data security team at Covington & Burling was instrumental in the development, implementation and ...

June 4, 2013, InsidePrivacy Blog

May 24, 2013, Law360

May 10, 2013, InsidePrivacy Blog

April 30, 2013, Law360

April 25, 2013, Law360

April 11, 2013, Covington E-Alert

April 2013, Data Protection Law & Policy

April 2013, World Data Protection Report

March 27, 2013

WASHINGTON, DC, March 28, 2013 — Rep. Mike Rogers, chairman of the House Permanent Select Committee on Intelligence, and former Homeland Security Secretary Michael Chertoff addressed the complexity of cybersecurity threats at a program sponsored by Covington & Burling and The Chertoff Group. Mr. Chertoff is senior of counsel at Covington and chairman and founder ...

March 14, 2013, InsidePrivacy Blog

March 2013

February 26, 2013

WASHINGTON, DC, February 26, 2013 — The BTI Consulting Group has named Covington & Burling partners David Martin and Henriette Tielemans to its 2013 “Client Service All-Stars” list. The BTI “Client Service All-Stars” were singled out by general counsel and direct reports at large and Fortune 1000 organizations in one-on-one interviews. Mr. Martin, based in ...

February 26, 2013, InsidePrivacy Blog

February 21, 2013, Law360

February 18, 2013, InsidePrivacy Blog

February 15, 2013, Covington E-Alert

February 14, 2013, Covington E-Alert

February 7, 2013, InsidePrivacy Blog

January 22, 2013

WASHINGTON, DC, January 22, 2013 — For the second straight year, Law360 named Covington & Burling’s global privacy and data security practice as one of the top five “Privacy & Consumer Protection Practice Groups of the Year.” In a profile highlighting the firm’s privacy-related work, Law360 noted the group’s recent litigation win for LinkedIn Corp. In that case, ...

January 11, 2013, Covington E-Alert

January 9, 2013, InsidePrivacy Blog

November 8, 2012, Law360

October 19, 2012, InsidePrivacy Blog

September 2012, Publisher Roundtable on Data Privacy in conjunction with The Publishers Association

August 14, 2012

WASHINGTON, DC, August 14, 2012 — Covington & Burling LLP has received a top tier ranking in six practice areas and 18 individual attorneys are named “Leading Lawyers” in the recently released Legal 500 US 2012 edition. Additionally, Legal 500 US also “recommended” 36 Covington practice areas and 123 Covington lawyers. The six Covington practices given the top ...

August 2, 2012, Covington E-Alert

June 11, 2012

WASHINGTON, DC, June 11, 2012 — Chambers USA recognized 106 individual Covington & Burling lawyers and 46 Covington practice areas in the 2012 Chambers USA: America’s Leading Lawyers for Business guidebook released on June 7, 2012. Many of the 106 Covington lawyers ranked by Chambers USA were recognized in multiple categories, resulting in a total of 131 ...

May 29, 2012

LONDON, 29 May, 2012 — Covington & Burling LLP is pleased to announce Louise Nash as the new London office managing partner. She succeeds Roger Enock, who steps down after five years in the role. The firm also announced that Christopher Walter will succeed Ms. Nash as the office deputy managing partner. Mr. Enock will continue as head of the firm’s London ...

May 21, 2012, Corporate Counsel

March 27, 2012, Covington E-Alert

March 19, 2012

LONDON, 19 March, 2012 — Covington & Burling LLP received 46 individual mentions and 20 practice mentions in the Chambers Global 2012 edition. The guidebook, which ranks lawyers globally by pan-regional and country practice area, is designed to identify the most skilled legal practitioners based on the qualities most valued by clients. The Covington lawyers ...

March 1, 2012, Law Society Gazette

February 27, 2012, Covington E-Alert

February 10, 2012, Stanford Law Review Online

January 25, 2012, Covington E-Alert

January 2012, Covington E-Alert

January 9, 2012

WASHINGTON, DC, January 9, 2012 — Law360 named Covington & Burling’s global privacy & data security practice as one of the top five “Privacy & Consumer Protection Practice Groups of the Year.” In a profile about the firm published on Jan. 5th, Law360 pointed to Covington’s broad practice in assisting clients in transactions, on advisory matters, in social ...

December 22, 2011, InsidePrivacy Blog

December 8, 2011, Bloomberg Technology Law Report

October 21, 2011, Covington E-Alert

October 17, 2011, Covington Advisory

September 2011, European Lawyer

July 2011, Privacy Laws & Business

June 10, 2011

WASHINGTON, DC, June 10, 2011 — Covington & Burling LLP received 123 individual mentions and 45 practice mentions in Chambers USA 2011. The guidebook, which ranks lawyers by state and national practice area, is designed to identify the most skilled legal practitioners based on the qualities most valued by clients. Here are the Covington lawyers and practices ...

June 9, 2011

WASHINGTON, DC, June 10, 2011 — Covington & Burling LLP received 92 individual mentions and 32 practice mentions in the Legal 500 US 2011 edition.  Legal 500 reviews the strengths and strategies of law firms in more than 90 countries in Europe, the Middle East, Asia, North and South America, and the Caribbean. Here are the Covington lawyers and practices ...

June 2011, E-Commerce Law & Policy

April 2011, Clinica

March 10, 2011, Covington Advisory

March 8, 2011, InsidePrivacy Blog

February 15, 2011, EuroWatch

February 10, 2011, Covington Advisory

February 2011, Intellectual Property & Technology Law Journal

January 28, 2011, Covington E-Alert

January 2011, World Data Protection Report

December 24, 2010, Covington Advisory

December 21, 2010, Covington Advisory

December 17, 2010, Covington E-Alert

December 14, 2010, Covington E-Alert

December 1, 2010, Covington E-Alert

November/December 2010, Data Protection Ireland: Volume 3, Issue 6

November 9, 2010, Covington Advisory

October 19, 2010, Covington E-Alert

June 23, 2010

WASHINGTON, DC, June 23, 2010 — Covington & Burling LLP received 85 individual mentions and 23 practice mentions in the Legal 500 US 2010 edition. Legal 500 reviews the strengths and strategies of law firms in more than 90 countries in Europe, the Middle East, Asia, North and South America, and the Caribbean. Here are the Covington lawyers and practices ...

June 18, 2010, Covington E-Alert

June 16, 2010

WASHINGTON, DC, June 16, 2010 — Covington & Burling LLP received 112 individual mentions and 44 practice mentions in Chambers USA 2010. The guidebook, which ranks lawyers by state and national practice area, is designed to identify the most skilled legal practitioners based on the qualities most valued by clients. Here are the Covington lawyers and practices ...

June 15, 2010, Covington Advisory

May 28, 2010, Covington E-Alert

May 2010, Privacy Law & Business

April 23, 2010, Covington E-Alert

March 29, 2010, Covington Advisory

March 22, 2010, Covington E-Alert

March 1, 2010, Covington Advisory

March 1, 2010, Covington E-Alert

February 25, 2010, Covington Advisory

February 9, 2010, Covington E-Alert

January/February 2010, The Privacy Advisor

January 15, 2010, Covington E-Alert

January 13, 2010, Covington E-Alert

January 5, 2010, Covington Advisory

January 5, 2010, Covington E-Alert

2010, E-Commerce Law Reports

January 2010, World Data Protection Report

November 23, 2009, Covington Advisory

November 20, 2009, Covington Advisory

October 26, 2009, Covington Advisory

10/1/2009

WASHINGTON, DC, October 1, 2009 — Covington & Burling LLP today announced that ten of its lawyers have been elected to the firm’s partnership effective today. The new partners practice in the corporate, litigation, and regulatory fields. The ten new partners and their practices are as follows:  Marney Cheek (International) represents companies and trade ...

October 2009, Privacy Law & Business

September 30, 2009, EuroWatch

September 22, 2009, Covington Advisory

September 9, 2009, Covington E-Alert

Fall 2009, The Secure Times

September 2009, Privacy & Data Protection Journal

8/3/2009

WASHINGTON, DC, August 3, 2009 — Four Covington & Burling LLP partners have been named to The Ethisphere Institute’s 2009 “Attorneys Who Matter” list, which recognizes leading legal professionals in private practice and at government agencies and major companies who have excelled in and made a significant contribution in the corporate compliance field. In ...

July 29, 2009, Covington E-Alert

July 16, 2009, Covington E-Alert

July 14, 2009, Covington E-Alert

7/13/2009

WASHINGTON, DC, July 13 2009 — The National Law Journal has named Covington & Burling LLP partners Erin Egan and Paul Schmidt to its survey of “40 Under 40.” The list, which is featured in the July 13 issue, recognizes 40 Washington-area lawyers under the age of 40 who have already made their marks in private practice, government service, or the public interest ...

June 2009, Data Protection Law & Policy

June 24, 2009, Covington E-Alert

June 24, 2009, Covington E-Alert

June 19, 2009, Covington E-Alert

6/09/2009

LONDON, June 9, 2009 — An enhanced version of the world’s first data protection standard for athletes took effect on June 1, 2009. The International Standard for the Protection of Privacy and Personal Information took effect on January 1, 2009, and an enhanced version was unanimously approved in early May 2009 by the Executive Committee of the World Anti-Doping ...

5/15/2009

WASHINGTON, DC, May 15, 2009 — Three practices at Covington & Burling LLP have been nominated for 2009 Chambers USA Awards for Excellence. The firm received team nominations in the Insurance, International Trade and Privacy & Data Security categories. The awards recognize significant achievements over the past 12 months, including notable work, strategic growth, ...

April 29, 2009, Covington E-Alert

April 27, 2009, Covington E-Alert

April 2009, Privacy & Informatie

February 2009, Data Protection Law & Privacy

January 23, 2009, Covington E-Alert

December 2008, Data Protection Law & Policy

11/12/2008

BRUSSELS, November 12, 2008 — Covington & Burling LLP partner Henriette Tielemans has been appointed to the Data Protection expert group (GEX PD) by the European Commission. The Data Protection expert group will assist the Commission in identifying challenges for the protection of personal data in the EU, and putting forward proposals for addressing those ...

10/1/2008

WASHINGTON, DC, October 1, 2008 — Covington & Burling LLP today announced that 12 of its lawyers have been elected to the firm’s partnership. These new partners are resident in four of the firm’s offices and practice in the litigation, corporate/tax, and regulatory fields. Timothy Hester, chair of the firm’s management committee, commented: “These young and ...

August 21, 2008, Covington E-Alert

August 14, 2008, The Lawyer

June 16, 2008

WASHINGTON, DC, June 16, 2008 — Covington & Burling LLP received 81 individual mentions and 45 practice mentions in the newly released 2008 Chambers USA. The guidebook, which ranks lawyers by state and national practice area, is designed to identify the most skilled legal practitioners based on the qualities most valued by clients. Here are the Covington ...

5/12/2008

NEW YORK, NY, May 12, 2008 — Covington & Burling LLP is pleased to announce that Nigel Howard has joined the firm’s technology transactions practice as a partner. Mr. Howard will be resident in Covington’s New York office. Mr. Howard’s practice focuses on information technology, outsourcing, and intellectual property issues. He represents clients in complex ...

12/28/2007

LONDON, December 28, 2007 - The latest edition of Chambers Global has ranked Covington & Burling LLP’s expertise in 12 categories globally. “Sound knowledge of the industry” and “sheer breadth of experience“ are just some of the comments gathered by the research team from the firm’s clients. The firm has also achieved 10 individual rankings and a further 16 ...

June 18, 2007

WASHINGTON, DC, June 18, 2007 — Covington & Burling LLP received 44 practice mentions and 74 individual mentions in the newly released 2007 Chambers USA guidebook. The 2007 edition of Chambers USA attempts to identify the most skilled legal practitioners throughout the country based on the qualities most valued by clients. Covington attorneys have been ...

April 3, 2007

WASHINGTON, DC, April 3, 2007 — Covington & Burling LLP has announced the promotion of four new Of Counsel and six new Special Counsel.The four new Of Counsel are Daniel P. Cooper, Christian Neira, Matthew J. O’Connor, and Kevin J. Shortill.Daniel P. Cooper advises on European privacy and data protection matters, as well as on contentious and non-contentious ...

February 20, 2007, Covington E-Alert

December 2006, The Privacy & Data Protection Legal Reporter

August 18, 2006, Covington E-Alert

June 2006, BNA International World Data Protection Report

January 27, 2006, Covington E-Alert

January 16, 2006, Covington E-Alert

April 18, 2005, Covington E-Alert

April 14, 2005, Covington E-Alert

March 16, 2005, Covington E-Alert

February 22, 2005, Covington E-Alert

December 10, 2004, Covington E-Alert

November 1, 2004, Covington E-Alert

October 14, 2004, Covington E-Alert

August 13, 2004, Covington E-Alert

July 23, 2004, Covington E-Alert

July 15, 2004, Covington E-Alert

May 21, 2004, Covington E-Alert

December 8, 2003, Covington E-Alert

American Banker

David Stein is quoted in the American Banker regarding the push from U.S. lawmakers for a moratorium on all negative credit reporting during the COVID-19 crisis. According to Mr. Stein, lenders have one additional option to prevent damage to consumers’ credit scores. He says that lenders can stop reporting data to the credit bureaus altogether, though he ...