This month, the Senate Homeland Security and Government Accountability Committee (HSGAC) and the House Subcommittee on Cyber Security, Information Technology, and Government Innovation held hearings on the risks and...more
As Congress and the White House continue to grapple with the fallout of Silicon Valley Bank’s (SVB) collapse, both parties are united on one thing: Congress must investigate what happened. Following news that regulators...more
On March 2, 2023, the White House released its National Cybersecurity Strategy (the Strategy). The Strategy sets out ambitious goals for the federal government to hold countries accountable for irresponsible behavior in...more
This past month saw a potential new era ushered in across the pond regarding corporate funding of Environmental, Social, and Governance (ESG) programs. In the UK, an environmental law firm filed a lawsuit against 11 members...more
With Republicans narrowly taking control of the House of Representatives and Democrats maintaining a slim majority in the Senate in the 118th Congress, companies should be prepared for significant private sector oversight and...more
On October 7, 2022, President Biden signed an Executive Order (Order) on Enhancing Safeguards for United States Signals Intelligence Activities. This marks the latest step towards the new EU-U.S. Data Privacy Framework...more
On March 15, 2022, the Federal Trade Commission (FTC) announced it had filed a complaint against Residual Pumpkin Entity, LLC, formerly doing business as CafePress, and PlanetArt LLC, which bought CafePress in 2020...more
On March 9, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new rules that would require current and periodic reporting of material cybersecurity incidents as well as more detailed disclosure of cybersecurity...more
On January 12, 2021, the District Court of the District of Columbia was the latest court to grant a motion to compel production of a forensic report prepared by an external security-consulting firm in data breach...more
In a security advisory this past weekend, SolarWinds disclosed that its systems experienced a highly sophisticated supply chain attack on versions of its Orion network monitoring products released between March and June...more
12/15/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Hackers ,
Personally Identifiable Information ,
SolarWinds
On January 8, 2019, the California Department of Justice, Office of the Attorney General, held the first of six public forums regarding the implementation of the California Consumer Privacy Act (CCPA). The CCPA, effective...more
CFIUS Past, Present, and Future:
A 2018 CFIUS Carol -
The year 2018 was a turning point in the history of the Committee on Foreign Investment in the United States (CFIUS). CFIUS’s change in direction in 2017 suggested that a...more
12/21/2018
/ CFIUS ,
China ,
Corporate Counsel ,
Cross-Border Transactions ,
Emerging Technology Companies ,
FIRRMA ,
Foreign Acquisitions ,
Foreign Governments ,
Foreign Investment ,
National Security ,
Trump Administration
In an October 16, 2018 investigation report, the Securities and Exchange Commission found that nine companies that suffered Business Email Compromise, or BEC, had insufficient internal controls to prevent such attacks....more
11/1/2018
/ Cyber Attacks ,
Cybersecurity ,
Email ,
Hackers ,
Information Governance ,
Internal Controls ,
Publicly-Traded Companies ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Security and Privacy Controls ,
Wire Fraud
So you've heard a lot about CFIUS reform and the changes that may result from FIRRMA, perhaps from our prior pieces. While the President just signed FIRRMA into law on August 13, you probably know that many key FIRRMA...more
On Tuesday, Congress released its final draft of the Foreign Investment Risk Review Modernization Act (FIRRMA)—a compromise bill which reconciles the differences between the versions previously passed by the House and Senate....more
In a surprising twist, the California legislature rushed last week to pass one of the most comprehensive privacy laws in the country. The bill was introduced only a week prior, and within hours of passage, it was signed into...more
The U.S. Court of Appeals for the Eleventh Circuit recently released its highly anticipated decision in the long-running case pitting the now-defunct medical laboratory LabMD against the Federal Trade Commission (FTC),...more
On March 23, 2018, President Trump signed into law the Consolidated Appropriations Act, 2018, which contained a section entitled the Clarifying Lawful Overseas Use of Data (CLOUD) Act. The CLOUD Act significantly revises the...more
5/29/2018
/ CLOUD Act ,
Criminal Investigations ,
Electronically Stored Information ,
Extraterritoriality Rules ,
Internet Service Providers (ISPs) ,
Mootness ,
Mutual Legal Assistance Treaties (MLAT) ,
Search Warrant ,
Stored Communications Act ,
Subpoenas ,
US v Microsoft
On April 17, 2018, at the request of both sides of United States v. Microsoft Corp., the U.S. Supreme Court remanded and dismissed one of the most closely watched privacy cases of the last several years just a few weeks after...more
5/2/2018
/ CLOUD Act ,
Cloud Storage ,
Criminal Investigations ,
Dismissals ,
Electronically Stored Information ,
Extraterritoriality Rules ,
International Litigation ,
Internet Service Providers (ISPs) ,
Mootness ,
Mutual Legal Assistance Treaties (MLAT) ,
SCOTUS ,
Search Warrant ,
Stored Communications Act ,
Subpoenas ,
US v Microsoft
On February 21, 2018, the U.S. Securities and Exchange Commission (SEC) released its latest Interpretive Guidance on Public Company Cybersecurity Disclosures. Although cybersecurity has been a focus of the SEC for many years,...more
2018 promises to be an interesting year in the world of privacy and cybersecurity. In this article, we highlight a few of the most notable developments we expect this year, including major developments in Europe, changes and...more
1/30/2018
/ Article 29 Working Party (WP29) ,
Carpenter v US ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
NHTSA ,
Pending Legislation ,
Uber ,
US v Microsoft
Nearly a year ago, in February 2017, the IRS issued a warning regarding phishing attacks targeting a broad range of companies. The scam involves a hacker impersonating an employee of a company, usually the CEO, and sending an...more
In early January 2018, security researchers released their findings about vulnerabilities affecting almost all computer chips that could allow a hacker to access data stored in the memory of the chips. Dubbed "Spectre" and...more
The Federal Trade Commission (FTC) is seeking public comment on a petition by Sears Holding Management requesting that the FTC reopen and modify a 2009 FTC order settling charges that Sears failed to disclose adequately the...more
The biggest question looming over every class-action case filed in response to a data breach is: Will the plaintiffs have standing? The answer has divided courts in recent cases across the country....more