Last week, Erik Gerding, Director of the SEC’s Division of Corporation Finance (the Division), issued a statement providing clarification regarding the disclosure of cybersecurity incidents by reporting companies. This...more
6/4/2024
/ Corporate Counsel ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Foreign Private Issuers ,
Form 8-K ,
Investors ,
New Rules ,
Reporting Requirements ,
Securities and Exchange Commission (SEC) ,
Voluntary Disclosure
After years of internal discussion, the Board of the California Privacy Protection Agency (CPPA), at their March 8th meeting, voted to progress toward formalizing the proposed regulations on risk assessments and automated...more
3/26/2024
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Bias ,
California Privacy Protection Agency (CPPA) ,
Corporate Counsel ,
Cybersecurity ,
Employment Discrimination ,
Information Sharing ,
Personal Information ,
Policy Updates ,
Privacy Laws ,
Proposed Regulation ,
Risk Assessment
If you have been relying on last year’s court order staying the ability of the California Privacy Protection Agency (CPPA) to enforce regulations promulgated under the California Privacy Rights Act (CPRA) to also stay your...more
2/16/2024
/ Audits ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Contract Terms ,
Cybersecurity ,
Enforcement ,
New Regulations ,
Notice Requirements ,
Opt-Outs ,
Risk Assessment ,
Targeted Digital Advertising
A number of significant regulatory, legal, market, and ESG-related developments and issues will affect how public companies approach the upcoming year-end reporting process. As in past years, Mintz has prepared an in-depth...more
12/18/2023
/ 10b5-1 Plans ,
Artificial Intelligence ,
Chief Information Security Officer (CISO) ,
Clawbacks ,
Climate Change ,
Corporate Governance ,
Cybersecurity ,
Enforcement Actions ,
Environmental Social & Governance (ESG) ,
Form 10-K ,
Form 8-K ,
Nasdaq ,
Publicly-Traded Companies ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Shareholder Meetings ,
Trading Plans ,
Year-End Planning
The California Privacy Protection Agency (CPPA) has released its agenda for the September 8 board meeting, which includes (among other topics) presentation of a draft Cybersecurity Audit Regulation and a draft Risk Assessment...more
8/30/2023
/ Artificial Intelligence ,
Audits ,
Automated Decision Systems (ADS) ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Selling ,
New Regulations ,
Personal Information ,
Privacy Laws ,
Risk Assessment ,
Rulemaking Process
In a narrow 3-2 decision on July 26, the SEC adopted its final rule concerning cybersecurity risk management, strategy, governance, and incident disclosure (the “Final Rule”). Below we highlight some of the principal changes...more
8/2/2023
/ Compliance ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 8-K ,
Incident Response Plans ,
Information Governance ,
National Security ,
Policies and Procedures ,
Public Safety ,
Publicly-Traded Companies ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)
Texas has joined the growing list of states enacting comprehensive consumer data privacy laws. On June 18, 2023, Governor Abbott (R) signed H.B.4, otherwise known as the Texas Data Privacy and Security Act (“TDPSA”). The...more
Judge James Arguelles has sided with California businesses in holding that the California Privacy Protection Agency (CPPA) cannot start enforcement of regulations promulgated under the California Privacy Rights Act (CPRA) for...more
Our May Madness series is getting you caught up on comprehensive privacy legislation passing state legislatures across the nation. In April, governors signed legislation in Tennessee and Indiana, and this month ahead of...more
Indiana's New Law is on the Books -
Last month, three more state legislatures passed comprehensive data privacy laws. Just this week, Indiana’s governor signed one of them - the Indiana Consumer Data Privacy Act (“ICDPA’) -...more
5/4/2023
/ Cybersecurity ,
Data Privacy ,
Fair Credit Reporting Act (FCRA) ,
Fines ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Nonprofits ,
Penalties ,
Personal Data ,
Personal Information ,
Private Right of Action ,
Public Utility ,
State Privacy Laws
Just ahead of the expected April release of the final SEC cybersecurity regulations, the SEC has fined Blackbaud, a donor data management platform used widely by nonprofits, $3 million dollars for "misleading disclosures" in...more
The FBI and the Cybersecurity & Infrastructure Security Agency have been warning the healthcare sector for years about vulnerabilities and ransomware gangs targeting those vulnerabilities. With millions of records -- and...more
Public companies initiating the year-end reporting process will need to consider, and in many cases take steps to address, a number of significant developments and issues. To assist companies in this process, Mintz has...more
12/9/2022
/ Annual Meeting ,
Breach of Duty ,
Clawbacks ,
Climate Change ,
Corporate Governance ,
Cybersecurity ,
Data Protection ,
Disclosure Requirements ,
Diversity and Inclusion Standards (D&I) ,
Filing Deadlines ,
Insider Trading ,
Privacy Laws ,
Proxy Advisors ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC) ,
Shareholders ,
Stock Markets ,
Supply Chain ,
Ukraine
The Federal Trade Commission (“FTC”) announced on Monday that it is settling a case against Drizly and its CEO stemming from a 2020 data breach that impacted roughly 2.5 million consumers. The proposed order not only...more
10/31/2022
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Hackers ,
Identity Theft ,
Personal Data ,
Popular ,
Securities and Exchange Commission (SEC) ,
Settlement
Ransomware is the “business pandemic.” Warnings have been issued by multiple agencies around the world to alert businesses to increase their protection and awareness. Most recently, the Department of Health and Human...more
4/29/2022
/ American Hospital Association ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Malware ,
Phishing Scams ,
Popular ,
Ransomware ,
Russia ,
Ukraine ,
Vulnerability Assessments
On Monday, President Biden warned U.S. companies to be on guard against Russian cyberattacks, citing intelligence as a call to action.
“I have previously warned about the potential that Russia could conduct malicious...more
Following closely on its proposal for substantial new cybersecurity requirements for investment advisers and registered investment companies, the Securities and Exchange Commission (SEC) unveiled a new slate of proposed...more
Data Privacy Week kicked off with a major message for US publicly-traded companies: the Securities and Exchange Commission will be looking at cybersecurity. SEC Chairman Gary Gensler said in a speech to a virtual securities...more
As public companies embark on the year-end reporting process, they will need to consider, and in some cases take steps to address, a number of significant developments and issues. As in past years, Mintz has prepared a...more
1/19/2022
/ Annual Meeting ,
Coronavirus/COVID-19 ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Disclosure Requirements ,
Enforcement ,
Environmental Social & Governance (ESG) ,
Executive Compensation ,
Fiscal Year ,
Nasdaq ,
New Legislation ,
NYSE ,
Popular ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC) ,
Shareholder Meetings
Before the holidays, we warned of a critical vulnerability in a widely-used Java logging utility that could affect tens of thousands of companies. Since that original alert, multiple US and foreign government cybersecurity...more
We want to make our readers and your security operations aware of a critical vulnerability that is actively being exploited in the wild.
CVE-2021-44228 can easily be exploited to gain complete access to the targeted...more
It’s been a busy 2021 legislative session for changes to data breach laws, and that means it is time to review and update your incident response plans. Several states have shortened data breach notification timelines or...more
Welcome to Fall 2021! We’re trying to curate some of the week’s privacy and cybersecurity news to keep you up-to-date:
CONTI RANSOMWARE ON THE RISE — Another week, another US agency joint advisory on ransomware. The...more
There is a pattern here. Long holiday weekends make for ransomware attacks and data breaches. It is well-known that malicious actors take advantage of understaffed IT resources on holidays. In fact, it’s become such a common...more
9/3/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
FBI ,
Hackers ,
Holidays ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Ransomware ,
Risk Management
There is a glut of information out there regarding privacy and cybersecurity these days. Our new feature “What We’re Reading” provides a curated list of articles, blogs, newsletters, and books that you may find interesting...more