Cyber incidents have been growing at an exponential rate in recent years. A recent report from the Identity Theft Resource Center found that there were over one billion data breach victims in Q2 of 2024, which is around five...more
The Federal Trade Commission ("FTC") intends to "strengthen and modernize" the Health Breach Notification Rule with revamped and increased scrutiny on entities holding health information, including health apps, websites, and...more
On May 21, 2024, Erik Gerding, the director of the Division of Corporation Finance of the Securities and Exchange Commission (SEC), released a statement containing guidance for public companies regarding the disclosure of...more
The Internal Revenue Service (IRS) has begun the process of informing over 70,000 taxpayers that their confidential tax information was leaked in a widespread breach by a former IRS contractor. Those impacted should take...more
The big regulatory news out of the FTC in April was the issuance of a new Final Rule governing noncompete agreements. If it becomes effective, the new rule, which would ban most noncompetes nationwide, would radically change...more
We ended last month’s update noting that the Federal Trade Commission (FTC) had finalized its Combating Auto Retail Scams (CARS) Rule. Shortly following the Final Rule’s publication, the National Automobile Dealers...more
Balancing cybersecurity incident disclosures has been a challenge for those in the trenches for years. That has not changed, and recent regulatory activity should not alter the challenges breach counsel confront. In short,...more
A flurry of legislative activity over the past year has brought meaningful changes to a variety of privacy and security provisions in state and federal law. At the state level, as in 2022, we have seen a handful of changes to...more
The FTC took a bit of a break in August, issuing only one Notice of Proposed Rulemaking on a relatively low-profile topic—Power Output Claims for Amplifiers Used in Home Entertainment Products. While the Proposed Rule is...more
The Federal Trade Commission (FTC) didn’t mince words. On September 2021, it called out the health app industry for failing to understand the agency’s Health Breach Notification Rule (HBNR) and for not disclosing its...more
The Federal Trade Commission (FTC) announced on February 1, 2023 that it has settled, for $1.5M, its first enforcement action under its Health Breach Notification Rule against GoodRx Holdings, Inc., a telehealth and...more
The U.S. Department of Veterans Affairs (VA) is overhauling and remaking its regulations aimed at contractor cybersecurity and privacy practices. Any companies in the VA supply chain should take note and ensure compliance...more
In response to the increased frequency and severity of data breaches in the telecommunications industry, the Federal Communications Commission recently published a Notice of Proposed Rulemaking that seeks to strengthen and...more
While new comprehensive state privacy laws took most of the headlines this year, security threats and incident response remain key risk factors for privacy compliance programs and the subject of important legal developments....more
The Federal Trade Commission (FTC) recently announced its position on breach notification: “Regardless of whether a breach notification law applies, a breached entity that fails to disclose information to help parties...more
FTC Publishes Blog Post That Could Expand Data Breach Notification Requirements – On May 20, 2022, the Federal Trade Commission (FTC) published a blog post suggesting that, in certain instances, a company may have to do...more
On March 15, 2022, President Biden signed into law the “Cyber Incident Reporting for Critical Infrastructure Act of 2022” (the Act) as part of the 2022 federal funding bill. Among other things, the Act requires critical...more
Last week, the U.S. Senate passed S. 3600, the Strengthening American Cybersecurity Act, which represents a significant step forward in the establishment of a national data breach notification law for certain critical...more
A cyber security incident is a stressful and frightening event for an organization’s team. When it comes to putting cyber plans in place, organizations need to prepare for the worst-case scenario since it is no longer a...more
On January 12, 2021, the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (Board), and the Federal Deposit Insurance Corporation (FDIC) published a Notice of Proposed...more
CYBERSECURITY - Further Fall-Out from Russian Hacking of SolarWinds - U.S. intelligence agencies, including the FBI, the Office of the Director of National Intelligence, the National Security Agency and the Cybersecurity...more
The Office of the Comptroller of the Currency, Treasury (OCC), the Board of Governors of the Federal Reserve System (Board), and the Federal Deposit Insurance Corporation (FDIC) recently announced a “Notice of Proposed...more
Six years ago, the Personal Data Protection Act 2012 (PDPA) came fully into force – a lifetime in technology terms. That period has seen the development of blockchain technology and the rise of artificial intelligence (AI),...more
On April 7, 2020, the staff of the Office of Compliance Inspections and Examinations (OCIE) issued a risk alert (Alert) informing investment advisory firms of the potential areas of focus for Form CRS-related examinations. In...more
Potential amendments to the PDPO would impose much stricter controls on organisations that process personal data of individuals located in Hong Kong. Key Points: ..On 20 January 2020 the Legislative Council debated...more