Perkins on Privacy
Perkins on Privacy
Perkins on Privacy keeps you informed about the latest developments in privacy and data security law. Our insights are provided by Perkins Coie's Privacy & Security practice, recognized by Chambers as a leading firm in the field.
SEC Dismisses Cyber Disclosure Case Against SolarWinds and CISO
Key Takeaways
- The SEC’s agreement with defendants to dismiss, with prejudice, its case against SolarWinds Corporation (SolarWinds) and its chief information security officer (CISO) signals a retreat from aggressive, novel enforcement theories in cybersecurity disclosure cases.
- Although technical cybersecurity violations without investor harm
Preparing for the California Cyber Audit Regulations
On September 23, 2025, the California Privacy Protection Agency confirmed that their cyber audit regulations will at long last go into effect on January 1, 2026.
You can be forgiven for losing track since these were first proposed in September 2023, but now is the time to start considering how they will apply to your company and budgeting for that impact.
2025 Breach Notification Law Update
State Updates, Security Mandates, and the Federal Regulatory Horizon
Privacy in Focus: California’s Legislative Session Closes with Major Changes
California’s legislature has once again taken center stage in the national privacy conversation, passing a flurry of privacy bills during a marathon session that stretched into the night of September 12.
Mid-Year Recap: State Consumer Privacy Laws
With 2025 more than half over and many state legislatures adjourned for the year, we look back at significant legislative developments concerning state comprehensive consumer privacy laws.
Another Take on the TAKE IT DOWN Act
The TAKE IT DOWN Act (the Act), enacted on May 19, 2025, is a powerful (and controversial) new tool designed to stop people from sharing “nonconsensual intimate imagery,” or NCII, online.
Don’t Mind If I Do: Montana Says Hands Off Neural Data
In May 2025, Montana enacted Senate Bill 163 (SB 163), amending that state’s Genetic Information Privacy Act (MGIPA) to include protections for neurotechnology data—namely, data collected from the activity of the central or peripheral nervous system.
Can Providers Be Sued for Mistaken CSAM Reports? Maybe, Says New Ruling
Can a communications provider be held liable when it reports to the National Center for Missing and Exploited Children (NCMEC) an image the provider believes to be child sexual abuse material based on signals provided by NCMEC?
Massachusetts Supreme Court Decision Raises Bar for Website “Wiretap” Suits
In recent months, a wave of lawsuits has swept across the nation, targeting websites for allegedly violating state wiretapping laws through their use of tracking software.
FTC and State Coalition Settle Data Breach Cases with Marriott
2024 Breach Notification Law Update: Unique New State Obligations and Widespread New Federal Obligations
NJ Supreme Court: Wiretap Order Required for Prospective Online Communications
Updating Corporate and Cybersecurity Practices To Satisfy the SEC’s Final Cybersecurity Disclosure Rules: Assessing Materiality of Cybersecurity Incidents
A Deep Dive Into the SEC’s Materiality Trigger for Cybersecurity Incident Disclosures
The U.S. Securities and Exchange Commission (SEC) adopted final rules relating to cybersecurity disclosure on July 26, 2023, which will take effect on December 18, 2023.