On Oct. 22, 2024, the Securities and Exchange Commission (SEC) announced settled charges against four current and former public companies, Unisys, Avaya Holdings, Check Point Software Technologies and Mimecast, for allegedly...more
After a nearly five-year rulemaking process, the U.S. Department of Defense (DoD) published the Final Cybersecurity Maturity Model Certification 2.0 (CMMC) program rule in the Federal Register on Oct. 15, 2024, codified at 32...more
On March 9, 2022, the U.S. Securities and Exchange Commission (SEC) released proposed rules regarding public companies’ reporting of (i) cybersecurity incidents, (ii) policies and procedures for identifying and managing...more
On June 21, 2023, the U.S. Department of Homeland Security (DHS) issued a long-anticipated cybersecurity final rule (DHS Final Rule), which revises an existing clause and adds two new clauses to the Homeland Security...more
As 2022 draws to a close, it is important to keep in mind that key state-level regulations on consumer and employee data privacy will become effective as soon as 2023 begins. Data security measures, personal data processing...more
On September 7, 2022, Jimmy Kirby, the Acting Deputy Director of the Financial Crimes Enforcement Network (“FinCEN”), gave remarks during the 2022 Federal Identity Forum & Exposition (“FedID”) on the importance of securing...more
On July 8, 2022, the U.S. Department of Justice announced a $9 million settlement with federal government contractor Aerojet Rocketdyne, Inc. for alleged violations of the False Claims Act (FCA) in a case pending in the...more
On March 9, 2022, the U.S. Securities and Exchange Commission (SEC) proposed a number of new rules to enhance public companies’ reporting of (i) cybersecurity incidents, (ii) their policies and procedures for identifying and...more
3/17/2022
/ Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Form 8-K ,
Policies and Procedures ,
Popular ,
Proposed Rules ,
Publicly-Traded Companies ,
Regulation S-K ,
Risk Management ,
Securities and Exchange Commission (SEC)
On March 8, 2022, the U.S. Department of Justice (DOJ) announced a $930,000 settlement with Comprehensive Health Services, LLC (CHS) for alleged violations of the False Claims Act (FCA). This settlement marks DOJ’s first...more
On October 6, 2021, the Department of Justice (DOJ) announced a new Civil Fraud Cyber Initiative to “combine the department’s expertise in civil fraud enforcement, government procurement and cybersecurity to combat new and...more
On May 12, 2021, President Biden signed an executive order (EO) mandating that the federal government significantly improve cybersecurity within its networks and modernize federal cyber defenses. The EO acknowledges that the...more
Data privacy is a top concern for many in-house legal professionals – and for good reason – data privacy and cybersecurity legal requirements are complex and continually evolving. Data Privacy Day is a great day to start...more
Zoom’s video communications platform service and its data privacy issues and security vulnerabilities have been a very hot topic of late, covered by numerous media outlets and in our recent Password Protected post. Due in...more
Two weeks ago we wrote about proposed legislation, The COVID-19 Consumer Data Protection Act of 2020 (“CCDPA”), introduced by a group of senior Republican senators, which was designed to address privacy issues arising in the...more
As the federal, state, and local governments and industry grapple with how to respond to and prevent the spread of COVID-19, a group of senior Republican senators recently announced consumer privacy legislation designed to...more
The global coronavirus pandemic continues on, and the cyberattacks and scams continue to multiply. In the midst of the pandemic, hackers are capitalizing on fears surrounding the outbreak by crafting COVID-19-themed attacks...more
Gov. Jerry Brown signed California Consumer Privacy Act of 2018, which grants California residents unprecedented control over the collection, use, and sale of personal information. Many have already speculated that other...more
On April 25, the Securities and Exchange Commission announced a settlement with Yahoo that constituted its first enforcement action against a public company for failing to disclose a data breach.
This settlement...more
Last week, as previously reported, the U.S. Securities and Exchange Commission (SEC) unanimously voted to approve additional guidance for reporting cybersecurity risks. The release of this guidance underscores the SEC’s...more
U.S. Department of Defense (DoD) contractors face new cybersecurity compliance requirements, including a significant deadline set for December 31, 2017.
Most DoD contracts now include clauses imposing obligations on...more
On September 7, Equifax, one of the three major credit reporting firms in the U.S., disclosed a data breach that potentially affects 143 million consumers. Equifax’s disclosure indicated that the breach, which Equifax claims...more
July 1, 2017 The impact from the recent Petya/NotPetya ransomware attack — or what was reported as a ransomware attack but now appears to be something even more damaging — continues to spread around the globe, with several...more
Several cybersecurity firms and news outlets are reporting a new major cyberattack spreading across the globe. The attack, which is still developing and appears to have hit the UK first, is being described as a “global...more
On Friday, May 12, 2017, a massive ransomware attack swept across the globe. As of the date of this post, the attack reportedly had infected more than 100,000 organizations in 150 countries. The attack continues to propagate...more
Our Data Privacy and Security team is currently assisting multiple clients in responding to nearly identical fraudulent requests for IRS Form W-2 information. Significantly, these clients are in a number of industries and are...more