The vast majority of commentary and public advice concerning data breaches surround, deservedly, the breach itself. This focus is only natural; it is the breach itself that requires victims to bring enormous resources to bear...more
On October 22, 2024, the U.S. Securities and Exchange Commission (SEC) charged four publicly traded technology companies with making materially misleading disclosures regarding cybersecurity risks and incidents (SEC press...more
11/7/2024
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement Actions ,
Form 10-K ,
Form 8-K ,
Material Misstatements ,
Penalties ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC)
With the recent wave of ransomware and other security incidents, it is now more important than ever for impacted organizations to have a thorough understanding of each element of a proper data breach response. That includes...more
On July 18, 2024, District Court Judge Engelmayer of the Southern District of New York issued his 107-page opinion and order dismissing most – but not all – of the landmark allegations of the SEC against SolarWinds Corp. and...more
7/29/2024
/ Board of Directors ,
Chief Information Security Officer (CISO) ,
Corporate Governance ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Enforcement Actions ,
Fraud ,
Incident Response Plans ,
Misleading Statements ,
Popular ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC) ,
Securities Fraud ,
SolarWinds
Last year was a pivotal one for data privacy, as privacy received substantial attention from many regulators, including the Federal Trade Commission (“FTC”). Looking back at the FTC’s 2023 enforcement actions, statements and...more
With the onslaught of new privacy legislation and cyber threats coupled with upticks in enforcement, running a well-functioning and flexible privacy program is now, more than ever, a critical component of an organization’s...more
1/5/2024
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Compliance ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Privacy ,
EU ,
General Data Protection Regulation (GDPR) ,
Incident Response Plans ,
Personally Identifiable Information ,
Privacy Laws ,
Publicly-Traded Companies ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Sensitive Personal Information ,
State Privacy Laws ,
Targeted Digital Advertising
On October 10, 2023, California Governor Gavin Newsom signed SB 362 into law. The “Delete Act” is intended to bridge a gap in consumer privacy rights – whereas the California Privacy Rights Act (the CPRA) grants consumers the...more
On March 15, 2023, the Colorado Attorney General’s Office announced the finalization of the Regulations implementing the Colorado Privacy Act (CPA), which will take effect on July 1, 2023. Covered businesses that make use of...more
2023 will be yet another dynamic year for data privacy regulation. In addition to the data privacy laws in Virginia, Colorado, Utah, and Connecticut going into force this year, businesses also have to contend with the fact...more
Under the PRC Cybersecurity Law, PRC Personal Information Protection Law and PRC Data Security Law, certain organisations (as well as individuals) are now required to conduct a security assessment of outbound transfers of...more
The security incident response process inevitably brings a myriad of challenges for a company unfortunate enough to experience one. Although implementing an appropriate communication strategy may not be at the top of the list...more
The Information Commissioner’s Office or the “ICO” is the British supervisory authority charged with enforcing GDPR. The Commission Nationale de l’informatique et des libertes (the “CNIL”) is the French supervisory authority....more