On June 18, 2024, the Securities and Exchange Commission (“SEC”) announced a $2.1 million civil penalty settlement of charges against R.R. Donnelley & Sons (“RRD”), a global provider of business communications services and...more
A spate of recent ransomware attacks illustrates the increasingly difficult calculations that businesses face following the theft or encryption of their data....more
On December 18, 2023, prior to the trading session, VF Corp. (NYSE:VFC) issued a press release disclosing that the company was investigating unauthorized activity on its computer systems – and that the intrusion had encrypted...more
Last month, as the New York State Department of Financial Services (“DFS”) began phasing in amended cybersecurity regulations and continued enforcement actions against noncompliant entities, a wave of ransomware attacks...more
State regulators across the country continue to increase their focus on cyber security and data privacy compliance and enforcement. For years, cloud company Blackbaud, a service provider to thousands of nonprofit enterprises,...more
12/8/2023
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Incident Response Plans ,
Personally Identifiable Information ,
Popular ,
Ransomware ,
Settlement
On November 1, 2023, the New York State Department of Financial Services (“DFS”) amended its cybersecurity regulations to institute additional standards and controls aimed at securing sensitive data among the financial...more
11/14/2023
/ Chief Information Security Officer (CISO) ,
Compliance ,
Corporate Governance ,
Cybersecurity ,
Data Security ,
Financial Institutions ,
Financial Services Industry ,
NYDFS ,
Popular ,
Risk Management ,
Sensitive Personal Information
On June 30, 2023, the California Superior Court issued a decision blocking the California Privacy Protection Agency (“CPPA” or the “Agency”) from enforcing new regulations governing the collection and use of consumer data...more
The final countdown has begun to July 1, when Colorado’s Data Privacy Act (the “CPA”) takes effect. The CPA joins a fast-growing number of state comprehensive privacy statutes. We have previously written on the laws from...more
On March 15, 2023, the Securities and Exchange Commission (“SEC”) proposed a new rule concerning cybersecurity risk management as well as updates to Regulations S-P and SCI (Systems Compliance Integrity).[1] With these...more
The Supreme Court has declined, for now, to decide when attorney-client privilege will apply to communications viewed by courts as made for both legal and other purposes. In October 2022, the Court granted certiorari in In...more
The White House recently issued a Memorandum designed to strengthen the cyber defenses of “National Security Systems” – information systems operated by the federal government that are used for intelligence or military...more
2/4/2022
/ Biden Administration ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Executive Orders ,
Government Agencies ,
National Security ,
Risk Mitigation
In Episode 11 of Notorious, we discussed the case of Craig v. Boren, in which Ruth Bader Ginsberg, an attorney for the ACLU, helped shape a new level of judicial review in gender discrimination cases, appearing as amicus...more
A cryptocurrency entrepreneur recently paid $69.3 million for Beeple’s Everydays: The First 5,000 Days at a Christie’s auction. That record-breaking price purchased a work of art that can be seen only on a computer and the...more
In the wake of a data breach, counsel will often require the assistance of a forensic firm in order to provide legal advice to their client. The forensic analysis—which is often memorialized in a report to counsel—is crucial...more
Last November, California voters approved Proposition 24, enacting the California Privacy Rights Act (“CPRA”). The CPRA amends the California Consumer Privacy Act (“CCPA”), which was already the most sweeping consumer data...more
3/24/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consent ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Collection ,
Data Privacy ,
Data Sellers ,
Information Governance ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Personal Information
As the national landscape of data privacy laws evolves, New York may be poised to follow California in passing legislation that creates new data rights for New York consumers. New York is no stranger to this field. The New...more
A federal court recently added additional wrinkles to one of the most important aspects of responding to a data breach: a forensic investigative report. The court ordered a law firm to turn over a report produced by a...more
As remote learning continues to play a critical role in the world’s pandemic response, cybercriminals see another opportunity for exploitation. The Federal Bureau of Investigation, the Cybersecurity and Infrastructure...more
On December 13, the software and service provider SolarWinds announced that its Orion software platform had been the target of a sophisticated cyber-attack that may have resulted in malicious code being pushed to as many as...more
As we previously reported, companies across the globe increasingly have been targeted by cyber criminals during the COVID-19 pandemic. Just last month, a major U.S. healthcare provider, United Health Services (“UHS”),...more
The Cybersecurity and Infrastructure Security Agency (CISA) teamed up with the Federal Bureau of Investigation (FBI) to issue a joint warning of cyber-attacks emanating from Iran and targeting U.S. federal agencies and...more
9/21/2020
/ Corporate Governance ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Protection ,
FBI ,
Hackers ,
NCSC ,
Risk Mitigation ,
Workplace Privacy
As we previously reported, Capital One Financial Corporation announced in July 2019 a major data security breach when an individual gained unauthorized access to personal information about Capital One credit card customers. ...more
8/14/2020
/ Capital One ,
Cyber Attacks ,
Data Breach ,
Data Protection ,
Data Security ,
Financial Services Industry ,
Fines ,
Hackers ,
OCC ,
Personally Identifiable Information ,
Popular ,
Settlement Agreements
After over 18 months of private mediation, MGM Resorts International has finally dismissed a series of declaratory judgment actions the company brought against victims of the Route 91 Harvest Festival shooting. Those cases...more
Over the past month, many have discovered video chat and conferencing apps such as Zoom and Houseparty, using them for both business and to keep connected to friends and family during this period of global social distancing....more
In recent weeks, we have seen growing threats to cybersecurity and privacy by malicious actors seeking to exploit the COVID-19 pandemic. As companies transition their employees to remote working and focus their efforts on...more