Strategies helps businesses and individuals solve the complexities of dealing with the government at every level. Our team of specialists concentrate exclusively on government affairs, representing clients nationwide who need assistance with public policy, advocacy, and government relations strategies.
This unique program provides innovative and affordable opportunities to startups and early-stage emerging companies with a solid technology or scientific foundation. We help companies that have a quality management team in place and do not have other significant legal representation.
eMerge’s lawyers and technologists work together to deliver strategic end-to-end eDiscovery and data management solutions for litigation, investigations, due diligence, and compliance matters. We help clients discover the information necessary to resolve disputes, respond to investigations, conduct due diligence, and comply with legal requirements.
Locke Lord’s Privacy & Cybersecurity Newsletter provides topical snapshots of recent developments in the fast-changing world of privacy, data protection and cyber risk management. For further information on any of the subjects covered in the newsletter, please contact one of the members of our privacy and cybersecurity team.
In This Issue
State Developments
U.S. State Privacy Laws: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia
In 2023, new consumer privacy laws will be effective in California, Colorado, Connecticut, Utah, Virginia. Other laws from the states of Delaware, Indiana, Iowa, Montana, Tennessee, Oregon, and Texas were signed this year and will become effective by 2026. read more
New Amendments to NY DFS Cybersecurity Regulation: Big Changes for Big Companies, and Other Implications
Effective November 1, 2023, the New York Department of Financial Services issued its second amended Cybersecurity Regulation (the “Regulation,” 23 NYCRR Part 500). The amendment follows extensive public comments, some of which were reflected in the Regulation. Compliance is required by April 29, 2024 (180 days after the effective date), subject to the transition dates. read more
EU, U.K. Developments
New Mechanism for Cross-Border Data Transfer: The EU-U.S. Data Privacy Framework
On June 10, 2023 the European Commission (the “Commission”) issued an adequacy decision on the new EU-U.S. Data Privacy Framework (the “DPF”). The decision restored free transfer of data between the EU and U.S. after three years of uncertainty following the Schrems I and Schrems II decisions, which overturned the preceding Safe Harbor Framework of 2000 and 2016 Privacy Shield. read more
U.S.-U.K. Data Transfer Developments
The U.K. Data Bridge extension to the EU-U.S. Data Privacy Framework (“DPF”) was formally green-lighted by the U.K. Government on 12 October 2023. read more
Incident Response
Challenging Recent Developments for Incident Response
The United States is on track to see a record number of data breaches in 2023 and state regulators are paying attention. The swift action required by victim companies includes containment and elimination of the threat, and quick and thorough analysis to determine required notifications to state and Federal agencies, affected individuals, and other third parties. Notice requirements vary by jurisdiction, as does the level of regulatory oversight. The need for companies to strengthen their incident response plans is highlighted by the recent increase in the volume, severity and complexity of incidents, and changes in the legal, regulatory and litigation environment. Good preparation will reduce the time and increase the effectiveness of breach response and help mitigate the related cost and potential exposure. read more
Litigation
More Safe Harbor Protections for Navigating Cyber and Privacy Litigation
Cybersecurity and data privacy risks continue to loom large with potentially significant consequences. Litigation, often filed soon after incidents, adds to the possible repercussions. In our previous article, we discussed a trio of states providing affirmative defenses or “safe harbors” that companies can take advantage of to minimize litigation exposure resulting from a data breach. Three other states have recently followed, with Oklahoma, Iowa, and Tennessee recently passing their own “safe harbor” laws. read more
Beware Common Website Technology Tools That Can Lead to Wiretap Claims
Knowing how consumers behave while on a website can provide businesses with valuable information. Frequently businesses employ “session replay” tools to analyze what users do on their website. “Session replay” is software embedded in a website that allows companies to improve the effectiveness of a website. Use of this technology has been challenged in a number of class action lawsuits filed over the past few years. Another group of lawsuits allege that some companies are unlawfully embedding code in their chat features that allows a third-party service provider to create and retain a real time transcript of chats with consumers. read more
Visit Locke Lord’s Privacy & Cybersecurity Resource Center for topical, practical snapshots of recent developments in the fast-changing world of privacy, data protection and cyber risk management.
This just in
Speaking Engagements
Executive Compensation and Benefits in M&A Transactions: Foundational Frameworks
July 15, 2026 | 1:00 PM – 2:00 PM ET
Virtual
Speaking Engagements
Business Track: Litigation Practicum
July 14, 2026 | 11:00 AM – 12:15 PM ET
Newport Marriott Hotel & Spa
25 America’s Cup Avenue, Newport, RI 02840
Speaking Engagements
Infocast PowerUp Data Center – Infrastructure Summit 2026
July 14 – 16, 2026
Hyatt Regency Austin
208 Barton Springs Road, Austin, TX 78704
Sponsored Events
ABI Northeast Bankruptcy Conference & Consumer Forum 2026
July 13 – 15, 2026
Newport Marriott Hotel & Spa
25 America’s Cup Avenue, Newport, RI 02840
