Michael G. Morgan
Subscribe to Michael G. Morgan's Posts
Michael Morgan is a leader of the Firm’s Global Privacy and Cybersecurity practice. Recognized as one of the nation’s leading lawyers in cyber incident response, Mike has guided clients through some of the largest and most complex data breaches, including state-sponsored attacks, breaches involving more than 50 million records, and incidents affecting persons in more than 100 countries around the world. He represents clients in the defense of breach-related government investigations and class action litigation as well as pre-breach planning and post-breach remediation. Read Michael Morgan's full bio.
Tackling Increased Cybersecurity Requirements in the Defense Industrial Base
By Michael G. Morgan, James W. Kim, Brian Long and McDermott Will & Emery on Feb 3, 2020
Posted In Cybersecurity
On January 30, 2020, the US Department of Defense (DoD) released version 1.0 of the Cybersecurity Maturity Model Certification (CMMC) framework, which is available here, with appendices available here. This highly anticipated 390-page release supersedes the prior draft versions, the last of which was released in December 2019. The DoD will begin requiring contractors to obtain certification...
Continue Reading
California Enacts a Groundbreaking New Privacy Law
By Amy C. Pimentel, Daniel F. Gottlieb, Jonathan Ende, Li Wang and Michael G. Morgan on Jun 29, 2018
Posted In Cybersecurity, Data Privacy
California’s Senate and Assembly unanimously approved AB 375 (also known as the California Consumer Privacy Act of 2018), on June 28, 2018. This new consumer privacy bill will be the most progressive and comprehensive privacy law in the United States, reaching far beyond California’s borders to give California consumers more visibility and control over their...
Continue Reading
The General Data Protection Regulation: Key Requirements and Compliance Steps for 2018
By Jared T. Nelson, Leon C.G. Liu, Michael G. Morgan, Mark E. Schreiber, Paul McGrath, Romain Perray, Sabine Naugès, Dr. Wolfgang Freiherr Raitz von Frentz and McDermott Will & Emery on Feb 6, 2018
Posted In Big Data, Consumer Protection, Cybersecurity, Data Privacy
Enforceable in all EU member states on 25 May 2018, the General Data Privacy Regulation will require action by organisations both inside and outside the European Union to ensure compliance with this far-reaching privacy legal framework. Compliance is even more urgent given that the GDPR provides for large penalties in cases of infringement. As some...
Continue Reading
To Scan or Not to Scan: Surge in Lawsuits under Illinois Biometrics Law
By Michael G. Morgan and Mark E. Schreiber on Nov 8, 2017
Posted In Big Data, Consumer Protection, Cybersecurity, Data breach, Data Privacy, Workplace Privacy
Although the Illinois Biometric Information Privacy Act has been on the books for almost 10 years, a recent surge in lawsuits has likely been brought on by developments in biometric scanning technology and its increased use in the workplace. At least 32 class action lawsuits have been filed in recent months by Illinois residents in...
Continue Reading
Irish Court Casts Serious Doubt on EU Model Clauses
By Michael G. Morgan, Mark E. Schreiber, Romain Perray, Amy C. Pimentel and Katherine F. Froelicher on Oct 17, 2017
Posted In Cybersecurity, Data Privacy, Data Transfers/Safe Harbor/Privacy Shield
The validity of Model Clauses for EU personal data transfer to the United States is now in real doubt as a result of a new Irish High Court judgment stating that there are “well founded grounds” to find the Model Clauses invalid. The issue of Model Clauses as a legitimate data transfer mechanism will now...
Continue Reading
The Department of Transportation Helps Clear the Road for Autonomous Vehicles
By Amy C. Pimentel, Michael G. Morgan and William M. Friedman on Sep 27, 2017
Posted In Cybersecurity, Data Privacy, General Interest
The US Department of Transportation’s National Highway Traffic Safety Administration recently released A Vision for Safety 2.0, an update to its prior guidance on automated driving systems. The new guidance adopts a voluntary, flexible approach to regulation of automated driving systems and clarifies that it alone, and not the states, is responsible for regulating the...
Continue Reading
New York’s Cybersecurity Requirements Pose Multi-Year Compliance Challenges
By McDermott Will & Emery, Michael G. Morgan, Mark E. Schreiber and Scott Weinstein on Sep 20, 2017
Posted In Cybersecurity, Data Privacy
New cybersecurity regulations issued by the NYDFS define the nonpublic information they regulate in exceptionally broad terms. This expanded definition of Nonpublic Information will create major challenges for regulated companies and their third-party service providers that will likely ripple through other ancillary industries. Continue Reading.
Continue Reading
New Cybersecurity Report Asks the Private Sector to Join Forces with the Government
By Michael G. Morgan on Sep 13, 2017
Posted In Cybersecurity, Data breach, Data Privacy, General Interest
The government is continuing to ask for more help from the private sector to defend against cyber attacks. The National Infrastructure Advisory Council (NIAC) recently published a report discussing current cyber threats and urging private companies and executives to join forces with the government to better address those threats. The report proposes “public-private and company-to-company...
Continue Reading
UK Government Issues Cybersecurity Guidance for Connected and Automated Vehicles
By Michael G. Morgan on Sep 13, 2017
Posted In Cloud, Consumer Protection, Cybersecurity, Data Privacy, General Interest
On 6 August 2017, the UK government released ‘The Key Principles of Vehicle Cyber Security for Connected and Automated Vehicles’, guidance aimed at ensuring minimum cybersecurity protections for consumers in the manufacture and operation of connected and automated vehicles. Connected and automated vehicles fall into the category of so-called ‘smart cars’. Connected vehicles have gained,...
Continue Reading
The Privacy Shield: September 30, 2016, Deadline for Early Self-Certification Offers Compliance Opportunity and Risk
By McDermott Will & Emery, Amy C. Pimentel and Michael G. Morgan on Sep 6, 2016
Posted In Data Privacy, Data Transfers/Safe Harbor/Privacy Shield
The European Commission recently determined that the Privacy Shield Framework is adequate to legitimize data transfers under EU law, providing a replacement for the Safe Harbor program. The Privacy Shield is designed to provide organizations on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data...
Continue Reading