On June 18, 2024, the Securities and Exchange Commission (“SEC”) announced a $2.1 million civil penalty settlement of charges against R.R. Donnelley & Sons (“RRD”), a global provider of business communications services and...more
State regulators across the country continue to increase their focus on cyber security and data privacy compliance and enforcement. For years, cloud company Blackbaud, a service provider to thousands of nonprofit enterprises,...more
12/8/2023
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Incident Response Plans ,
Personally Identifiable Information ,
Popular ,
Ransomware ,
Settlement
On June 30, 2023, the California Superior Court issued a decision blocking the California Privacy Protection Agency (“CPPA” or the “Agency”) from enforcing new regulations governing the collection and use of consumer data...more
The final countdown has begun to July 1, when Colorado’s Data Privacy Act (the “CPA”) takes effect. The CPA joins a fast-growing number of state comprehensive privacy statutes. We have previously written on the laws from...more
The White House recently issued a Memorandum designed to strengthen the cyber defenses of “National Security Systems” – information systems operated by the federal government that are used for intelligence or military...more
2/4/2022
/ Biden Administration ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Executive Orders ,
Government Agencies ,
National Security ,
Risk Mitigation
A federal court recently added additional wrinkles to one of the most important aspects of responding to a data breach: a forensic investigative report. The court ordered a law firm to turn over a report produced by a...more
On December 13, the software and service provider SolarWinds announced that its Orion software platform had been the target of a sophisticated cyber-attack that may have resulted in malicious code being pushed to as many as...more
As we previously reported, companies across the globe increasingly have been targeted by cyber criminals during the COVID-19 pandemic. Just last month, a major U.S. healthcare provider, United Health Services (“UHS”),...more
The Cybersecurity and Infrastructure Security Agency (CISA) teamed up with the Federal Bureau of Investigation (FBI) to issue a joint warning of cyber-attacks emanating from Iran and targeting U.S. federal agencies and...more
9/21/2020
/ Corporate Governance ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Protection ,
FBI ,
Hackers ,
NCSC ,
Risk Mitigation ,
Workplace Privacy
As we previously reported, Capital One Financial Corporation announced in July 2019 a major data security breach when an individual gained unauthorized access to personal information about Capital One credit card customers. ...more
8/14/2020
/ Capital One ,
Cyber Attacks ,
Data Breach ,
Data Protection ,
Data Security ,
Financial Services Industry ,
Fines ,
Hackers ,
OCC ,
Personally Identifiable Information ,
Popular ,
Settlement Agreements
Over the past month, many have discovered video chat and conferencing apps such as Zoom and Houseparty, using them for both business and to keep connected to friends and family during this period of global social distancing....more
Businesses, consumers, and regulators continue to grapple with balancing privacy, cybersecurity, and the response to the COVID-19 pandemic. Last week, this blog explored the increased cyber risks that the pandemic poses to...more
The California Consumer Privacy Act (“CCPA”) becomes operative on January 1, 2020. See Cal Civ. Code § 1798.100 et al. To date, the CCPA is the most sweeping consumer privacy law in the United States, covering most for-profit...more
10/3/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Privacy Laws ,
Private Right of Action
The California Consumer Privacy Act (CCPA) has significantly altered the potential consequences of a data breach under California law by permitting California consumers to bring civil suits for statutory damages, Cal. Civ....more
8/24/2019
/ Cal Code of Civil Procedure ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Declaratory Relief ,
Injunctive Relief ,
Popular ,
Privacy Laws ,
Private Right of Action ,
Statutory Damages
Last Thursday, Governor Cuomo signed New York’s latest data security bill – the Stop Hacks and Improve Electronic Data Security, or “SHIELD” Act. The Act, which we have followed on this blog since November 2017, imposes new...more
The U.S. Office of Personnel Management (“OPM”) made headlines when several hacks of confidential data came to light in 2015, intrusions that compromised the personal data of over 20 million individuals. On July 21, 2019, in...more
7/16/2019
/ Article III ,
Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Identity Theft ,
Office of Personnel Management (OPM) ,
Personally Identifiable Information ,
Popular ,
Standing
The New York State Senate recently passed The Stop Hacks and Improve Electronic Data Security Act, or SHIELD Act, leaving only the Governor’s signature as the final step to the SHIELD Act becoming the country’s newest—and one...more
As we’ve written about in the past, the SAFETY Act has the potential to help companies mitigate their risk from cyber-terrorism. As previously noted, the statute has never been fully tested in courts, so the full contours of...more
As we’ve discussed in previous posts, the SAFETY Act has the potential to serve as a valuable tool for companies looking to mitigate risk from cyber-terrorism. ...more
The incoming chief of New York’s top financial services regulator called cybersecurity “the number one threat facing all industries and governments globally” during a speech on Friday, April 12, 2019 at the Association of the...more
An obscure federal law called the SAFETY Act recently captured national headlines when MGM Resorts International invoked it in a series of pre-emptive, declaratory judgment law suits against the victims of the 2017 Route 91...more
California’s landmark digital privacy law – enacted less than two weeks ago – is the most sweeping consumer data protection law in the United States. The California Consumer Privacy Act of 2018, or CCPA, will apply to more...more
7/12/2018
/ Biometric Information ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
New Legislation ,
Opt-Outs ,
Personally Identifiable Information ,
Private Right of Action ,
State and Local Government
For thousands of financial institutions and insurance companies covered by New York DFS’s sweeping data security regulation, the countdown to yet another deadline has begun. Those companies will remember last August, when...more