Michael G. Morgan Michael G. Morgan

Subscribe to Michael G. Morgan's Posts
Michael Morgan is a leader of the Firm’s Global Privacy and Cybersecurity practice. Recognized as one of the nation’s leading lawyers in cyber incident response, Mike has guided clients through some of the largest and most complex data breaches, including state-sponsored attacks, breaches involving more than 50 million records, and incidents affecting persons in more than 100 countries around the world. He represents clients in the defense of breach-related government investigations and class action litigation as well as pre-breach planning and post-breach remediation. Read Michael Morgan's full bio.

Tackling Increased Cybersecurity Requirements in the Defense Industrial Base


By , , , , and on Feb 3, 2020
Posted In Cybersecurity

On January 30, 2020, the US Department of Defense (DoD) released version 1.0 of the Cybersecurity Maturity Model Certification (CMMC) framework, which is available here, with appendices available here. This highly anticipated 390-page release supersedes the prior draft versions, the last of which was released in December 2019. The DoD will begin requiring contractors to obtain certification...

Continue Reading



California Enacts a Groundbreaking New Privacy Law


By , , , , and on Jun 29, 2018
Posted In Cybersecurity, Data Privacy

California’s Senate and Assembly unanimously approved AB 375 (also known as the California Consumer Privacy Act of 2018), on June 28, 2018. This new consumer privacy bill will be the most progressive and comprehensive privacy law in the United States, reaching far beyond California’s borders to give California consumers more visibility and control over their...

Continue Reading



The General Data Protection Regulation: Key Requirements and Compliance Steps for 2018


By , , , , , , , , and on Feb 6, 2018
Posted In Big Data, Consumer Protection, Cybersecurity, Data Privacy

Enforceable in all EU member states on 25 May 2018, the General Data Privacy Regulation will require action by organisations both inside and outside the European Union to ensure compliance with this far-reaching privacy legal framework. Compliance is even more urgent given that the GDPR provides for large penalties in cases of infringement. As some...

Continue Reading



To Scan or Not to Scan: Surge in Lawsuits under Illinois Biometrics Law


By , , , and on Nov 8, 2017
Posted In Big Data, Consumer Protection, Cybersecurity, Data breach, Data Privacy, Workplace Privacy

Although the Illinois Biometric Information Privacy Act has been on the books for almost 10 years, a recent surge in lawsuits has likely been brought on by developments in biometric scanning technology and its increased use in the workplace. At least 32 class action lawsuits have been filed in recent months by Illinois residents in...

Continue Reading



Irish Court Casts Serious Doubt on EU Model Clauses


By , , , , and on Oct 17, 2017
Posted In Cybersecurity, Data Privacy, Data Transfers/Safe Harbor/Privacy Shield

The validity of Model Clauses for EU personal data transfer to the United States is now in real doubt as a result of a new Irish High Court judgment stating that there are “well founded grounds” to find the Model Clauses invalid. The issue of Model Clauses as a legitimate data transfer mechanism will now...

Continue Reading



The Department of Transportation Helps Clear the Road for Autonomous Vehicles


By , , and on Sep 27, 2017
Posted In Cybersecurity, Data Privacy, General Interest

The US Department of Transportation’s National Highway Traffic Safety Administration recently released A Vision for Safety 2.0, an update to its prior guidance on automated driving systems. The new guidance adopts a voluntary, flexible approach to regulation of automated driving systems and clarifies that it alone, and not the states, is responsible for regulating the...

Continue Reading



New York’s Cybersecurity Requirements Pose Multi-Year Compliance Challenges


By , , and on Sep 20, 2017
Posted In Cybersecurity, Data Privacy

New cybersecurity regulations issued by the NYDFS define the nonpublic information they regulate in exceptionally broad terms. This expanded definition of Nonpublic Information will create major challenges for regulated companies and their third-party service providers that will likely ripple through other ancillary industries. Continue Reading.

Continue Reading



New Cybersecurity Report Asks the Private Sector to Join Forces with the Government


By on Sep 13, 2017
Posted In Cybersecurity, Data breach, Data Privacy, General Interest

The government is continuing to ask for more help from the private sector to defend against cyber attacks. The National Infrastructure Advisory Council (NIAC) recently published a report discussing current cyber threats and urging private companies and executives to join forces with the government to better address those threats. The report proposes “public-private and company-to-company...

Continue Reading



UK Government Issues Cybersecurity Guidance for Connected and Automated Vehicles


By and on Sep 13, 2017
Posted In Cloud, Consumer Protection, Cybersecurity, Data Privacy, General Interest

On 6 August 2017, the UK government released ‘The Key Principles of Vehicle Cyber Security for Connected and Automated Vehicles’, guidance aimed at ensuring minimum cybersecurity protections for consumers in the manufacture and operation of connected and automated vehicles. Connected and automated vehicles fall into the category of so-called ‘smart cars’. Connected vehicles have gained,...

Continue Reading



The Privacy Shield: September 30, 2016, Deadline for Early Self-Certification Offers Compliance Opportunity and Risk


By , and on Sep 6, 2016
Posted In Data Privacy, Data Transfers/Safe Harbor/Privacy Shield

The European Commission recently determined that the Privacy Shield Framework is adequate to legitimize data transfers under EU law, providing a replacement for the Safe Harbor program. The Privacy Shield is designed to provide organizations on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data...

Continue Reading



STAY CONNECTED

TOPICS

ARCHIVES