The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Healthcare Document Retention
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
Episode 326 -- Dottie Schindlinger on Diligent's Report on Board Oversight of Cybersecurity Risks and Performance
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Information Security and ISO 27001
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
Data Centers: Demand, Development, and Future Challenges With Ali Greenwood — TAG Infrastructure Talks Podcast
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
No Password Required: LIVE From Sunshine Cyber Con
Each of the 50 states has its own definition of what constitutes a reportable data breach. For some, it requires “unauthorized access” to personal information. For others, it requires “unauthorized acquisition.” And then,...more
The Internal Revenue Service (IRS) has begun the process of informing over 70,000 taxpayers that their confidential tax information was leaked in a widespread breach by a former IRS contractor. Those impacted should take...more
Kaiser Permanente is notifying 13.4 million current and former members that their personal information may have been compromised when it was transmitted to tech giants Google, Microsoft Bing and X (formerly Twitter) when...more
A new Illinois data privacy law specifically tailored to motor vehicle-secured financing transactions becomes effective on January 1, 2024, and is likely to lead to similar laws in other states. ...more
IRS Awareness Campaign for the Summer 2023 focuses on data theft signs and the importance of staying alert against new and ongoing threats of tax-related identity in order to protect the taxpayer and the tax professional. ...more
CYBERSECURITY - Joint Advisory Warns of Snatch Ransomware - The FBI and CISA issued a Joint Cybersecurity Advisory “#StopRansomware: Snatch Ransomware” on September 20, 2023. The Advisory outlines the indicators of...more
CYBERSECURITY - Joint Commission Issues Alert on Patient Safety After a Cyber-Attack - On August 15, 2023, the Joint Commission issued a Sentinel Event Alert entitled “Preserving patient safety after a cyberattack,”...more
A former hospital worker in Arizona was sentenced to 54 months in prison and ordered to pay restitution after pleading guilty to two felony counts involving identity theft and health information disclosure. In the plea deal,...more
Law firms are one of the most attractive targets for cybercriminals, making strong cybersecurity a critical concern for these organizations. With confidential client information, sensitive legal documents, and valuable...more
Katten's Privacy, Data and Cybersecurity Quick Bytes is a monthly newsletter highlighting the latest news and legal developments involving privacy, data and cybersecurity issues across the globe. ...more
Identity theft and cybercrime are now a multi-billion dollar industry causing severe harm to the individuals affected and the institutions we trust. In recognition of this unfortunate truth and Identity Theft Awareness Week,...more
The People’s Republic of China’s Regulations on the Administration of Deep Synthesis of Internet Information Services (Regulations) entered into force on 10 January 2023, following their adoption by the Cyberspace...more
The SEC Division of Examinations recently published a risk alert summarizing observations from exams of registered investment advisers and broker-dealers related to compliance with Reg. S-ID, which is generally designed to...more
A 34-page class action was filed against Blackhawk Network for a data breach that occurred on MyPrepaidCenter.com in September of this year. The plaintiffs allege that Blackhawk Network’s failure to prevent or detect this...more
CYBERSECURITY - Health Care Organizations Warned of Venus Ransomware - The Health Care Sector Cybersecurity Coordination Center (IC3) recently released an Analyst’s Note to health care organizations providing information...more
Dark Reading reports that thousands of college and university students are being targeted by cyber-attackers who are using a legitimate domain to impersonate Instagram and steal credentials of the users. The attack is able to...more
The Federal Trade Commission (“FTC”) announced on Monday that it is settling a case against Drizly and its CEO stemming from a 2020 data breach that impacted roughly 2.5 million consumers. The proposed order not only...more
CYBERSECURITY - CISA + MS-ISAC Alert: Threat Actors Exploiting Zimbra Collaboration Suite - On August 16, 2022, CISA (the Cybersecurity and Infrastructure Security Agency) and the Multi-State Information Sharing & Analysis...more
On August 11, 2022, the Consumer Finance Protection Board issued Consumer Financial Protection Circular 2022-04 for enforcers of federal consumer financial laws. The new Circular reflects the consumer watchdog’s increasing...more
ACTS Retirement Services, Inc. (ACTS), a non-profit corporation that manages retirement communities, suffered a data breach in April 2022, which led to unauthorized access to thousands of current and former employees’...more
Unjected, a dating app and the “largest unvaccinated platform” online, apparently left its entire website’s back end unsecured. Security researchers, working with Daily Dot reporters, reportedly accessed the site’s...more
On July 27, 2022, the Securities and Exchange Commission (SEC) separately settled three enforcement actions with broker-dealers and investment advisers for alleged deficiencies relating to the prevention of customer identity...more
CYBERSECURITY - Cloaked Ursa Using Trusted Online Storage Services to Evade Detection - According to research by Palo Alto’s Unit 42, the most recent campaign by advanced persistent threat Cloaked Ursa (aka APT 20,...more
Online mortgage lender Lending Tree sent breach notification letters to affected individuals on June 29, 2022. The letter advises those persons that their name, social security number...more
The University of Pittsburgh Medical Center (UPMC) recently settled a data breach class action for $450,000 stemming from a 2020 data breach that led to the compromise of about 36,000 UPMC patients....more