The Impact of Data Security Incident Trends on Commercial Transactions: Part I – M&A

The 2021 edition of BakerHostetler’s annual Data Security Incident Response Report – a report based on the firm’s experience with data security incident response and litigation over the past year – features a number of important insights previously covered on this blog including trends in global breach notification, healthcare industry risks and ransomware.

The Report is a helpful tool for companies to identify and respond to trends in data privacy and security, especially as it relates to litigation, enforcement and risk management. But, while this may not be as obvious, the data privacy and security risk trends identified in the Report have also impacted general corporate transactions. Many different types of transactions, from M&A to product/service development to standard commercial service agreements, have been impacted by the data privacy and security trends highlighted in the Report. In this series, we’ll look at how some of the trends highlighted in the Report have had an impact on commercial transactions over the past year, and at some of the key data privacy and security sensitivities for businesses considering or involved in these transactions.

Continue Reading

Lindsey Carpino Takes Top Prize in Inaugural AALL Innovation Showcase

Carpino recognized as “showcase winner” in all three type-of-library categories

The American Association of Law Libraries’ (AALL) recently recognized BakerHostetler’s legal content services supervisor, Lindsey Carpino, for her role in developing “Review-it,” a crowd sourced review tool that shares feedback on legal resource tools to the community at large. “Review-it” swept all three type-of-library categories at the first-ever AALL Innovation Showcase.

“This award illustrates that Lindsey is a leader in the world of technological advancement,” said director of Legal Content and Research Services Katherine Lowry. “We are extremely lucky to have such an amazing team of innovators, like Lindsey, at BakerHostetler, and recognitions like this spotlight the importance of involving legal content and research services in data-rich projects.” Continue Reading

Colorado’s Privacy Act: A Curve Ball on Consent and Targeted Ads

On July 7, 2021, Gov. Jared Polis signed the Colorado Privacy Act (CoPA) into law, making Colorado the third state to enact a comprehensive privacy law, joining California and Virginia. The Act goes into effect on July 1, 2023, and shares many of the rights and obligations provided in other comprehensive privacy laws such as the GDPR, CCPA and Virginia CDPA. Our prior blog posts regarding the CCPA/CPRA and the CDPA outline the significant requirements of those laws.

Read more.

Game On: Addressing Security Challenges in the E-Sports Industry

The emergence of e-sports is no longer news. According to industry reports, the global e-sports industry created over $950 million in total revenue in 2020, and experts expect that number to grow to $1.6 billion by 2023. While the sports industry is struggling to stay afloat amid a global pandemic, e-sports has seized the moment to raise its profile as a viable — and for many, preferable — alternative to traditional sporting events.

But as with the rest of the world, the pandemic has changed the e-sports landscape. Two trends are noteworthy: e-sports matches that used to be held in person are increasingly migrating to online platforms, and more people are gambling on e-sports matches than ever. To adjust to these trends, the e-sports industry must pay attention to two neglected issues in e-sports law: cybersecurity and anti-cheating. In this post, we explain why implementing robust security and anti-cheating measures and being prepared for inevitable security and cheating incidents is a crucial next step for e-sports stakeholders in ensuring the industry’s continued success. Continue Reading

Podcast: Everything You Need to Know About NFTs in 10 Minutes or Less

Rob Musiala, a Counsel in the Digital Assets and Data Management group and the co-leader of our Blockchain Technologies and Digital Currencies team, breaks down everything you need to know about NFTs, all in 10 minutes or less.

Questions & Comments:

Listen to the episode.

Subscribe to BakerHosts
Apple Podcast | Google Podcast | iHeartRadio | Spotify | Stitcher | TuneIn
Download Episode Transcript

The Brave New World of Cybersecurity Compliance—Key Takeaways from Recent Government Action on Cybersecurity

After a series of high-profile supply chain and ransomware attacks, the federal government is ramping up its effort to improve the nation’s cybersecurity. In the past several months, multiple federal departments and agencies announced new policy initiatives and regulatory directives to drive their cybersecurity agenda forward, and state regulators are following the trend. It is unmistakably clear that companies in regulated sectors are entering a new era of cybersecurity regulatory compliance. And although much of this early action targets specific sectors (e.g., government contractors, pipeline operators, and public companies), these requirements will indirectly touch companies in other sectors and are a preview of broader regulation to come. Here, we discuss recent notable actions on cybersecurity by federal and state government agencies. Continue Reading

Welcome to the Digital Transformation and Data Economy Newsletter – July 2021 Issue

Across the economy, businesses are using digital technology to pivot into innovative service lines, accelerate growth and transform their businesses altogether. These businesses’ digital strategies and data assets play important roles in their success.

Since the California Consumer Privacy Act (CCPA) went into effect in January 2020, a growing number of comprehensive state privacy laws have been proposed in the United States, many of them aimed at providing consumers with privacy rights related to online advertising.

Read More.

The New China Data Security Law and the Impact on Multinational Companies

On June 10, 2021, the National People’s Congress of the People’s Republic of China (PRC) approved the passage of the Data Security Law (DSL), which will take effect on Sept. 1, 2021.


Unlike the PRC’s Cybersecurity Law of 2016 (CSL) and the Personal Information Protection Law – undergoing public comment for its second draft, released on April 29, 2021 – both of which permitted organizations doing business in the PRC to implement their own measures to protect personal data and data traversing organizations’ networks, the new DSL will mandate certain measures for the security of any record of information in electronic or other form (including physical copies) that has national or other security implications from a regulatory perspective. Continue Reading

Nevada Gov. Sisolak Signs Senate Bill (SB) 260 Expanding the State’s Internet Privacy Law

On June 2, 2021, Nevada Gov. Stephen F. Sisolak signed SB 260 approving amendments to the Nevada Privacy of Information Collected on the Internet from Consumers Act. Some key changes to the amended law include expanding the definition of “sale,” extending the current obligations of operators to “data brokers,” limiting the cure period and adding new exemptions. The amended law will go into effect on Oct. 1, 2021.

Definition of ‘Sale’

The amended law broadens the definition of “sale” by eliminating the previous requirement that the receiving person of the sale also licenses or sells the covered information after receiving it. Under the broadened definition, a “sale” is “the exchange of covered information for monetary consideration by an operator or data broker to another person.”

This means that what was previously out of scope – for example, the sale of covered information to a person who will use it to directly target consumers, for research purposes and/or for analytics purposes – will now be covered by the amended law. Consequently, a consumer’s right to opt out will apply to these previously out-of-scope transfers of covered information. Continue Reading

COVID-19 Consumer Protection Act Shows Alternative Path to Monetary Remedies

A recent Federal Trade Commission (FTC) action demonstrates how the FTC has pivoted toward enforcement actions based on specific acts of Congress and rules in light of the Supreme Court’s ruling in AMG Capital. Congress passed the COVID-19 Consumer Protection Act in December 2020, which made deceptive acts or practices involving the treatment, cure, prevention, mitigation, or diagnosis of COVID-19 unlawful. Since the pandemic began, the FTC has sent hundreds of warning letters to companies allegedly making deceptive or scientifically unsupported claims regarding their products’ ability to treat or prevent COVID-19.

Despite the hundreds of warning letters, the FTC did not file its first complaint under the COVID-19 Consumer Protection Act until April 15, 2021. In United States v. Nepute et al., the FTC and Department of Justice alleged that Quickwork and its chiropractor CEO, Eric Nepute, deceptively advertised that its vitamin D and zinc products are scientifically proven to treat or prevent COVID-19. Notably, the FTC had previously sent Nepute a warning letter in May 2020 regarding the same practices. After receiving the warning letter, however, the advertiser continued to make claims such as “COVID-19 Patients who get enough Vitamin D are 52% less likely to die.” Continue Reading