On February 9, the Securities and Exchange Commission (“SEC”) voted to propose rule 206(4)-9 under the Advisers Act and 38a-2 under the Investment Company Act (collectively, “Proposed Rule”). In general, the Proposed Rule...more
2/11/2022
/ Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Financial Services Industry ,
Investment Adviser ,
Investment Management ,
Investors ,
Policies and Procedures ,
Popular ,
Proposed Rules ,
Recordkeeping Requirements ,
Retirement Plan ,
Risk Assessment ,
Securities and Exchange Commission (SEC)
In honor of Data Privacy Day, we provide the following “Top 10 for 2022.” While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2022...more
1/28/2022
/ Americans with Disabilities Act (ADA) ,
Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Coronavirus/COVID-19 ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Privacy ,
EU ,
General Data Protection Regulation (GDPR) ,
National Security ,
Popular ,
Ransomware ,
Standard Contractual Clauses ,
State Privacy Laws ,
TCPA
Efforts to secure systems and data from a cyberattack often focus on measures such as multifactor authentication (MFA), endpoint monitoring solutions, antivirus protections, and role-based access management controls, and for...more
1/13/2022
/ Biometric Information Privacy Act ,
Breach Notification Rule ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Retention ,
Data Security ,
Data Storage ,
General Data Protection Regulation (GDPR) ,
Incident Response Plans ,
Multi-Factor Authentication ,
Third-Party
Over the past several years, if your organization experienced a cyberattack, such as ransomware or a diversion of funds due to a business email compromise (BEC), and you had cyber insurance, you likely were very thankful....more
1/3/2022
/ Business Interruption ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Defense Costs ,
Incident Response Plans ,
Multi-Factor Authentication ,
Popular ,
Ransomware ,
SHIELD Act ,
Training
According to reports, Kronos, the cloud-based, HR management service provider, suffered a data incident involving ransomware affecting its information systems. Kronos communicated that it discovered the incident late on...more
Last week, the Department of Justice (“DOJ”) announced the launch of its Civil Cyber-Fraud Initiative (“the Initiative”) aimed at combating “new and emerging cyber threats to the security of sensitive information and critical...more
10/18/2021
/ Criminal Prosecution ,
Critical Infrastructure Sectors ,
Cryptocurrency ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Department of Justice (DOJ) ,
Enforcement ,
Enforcement Actions ,
False Claims Act (FCA) ,
Federal Contractors ,
Government Investigations ,
Popular ,
Ransomware
Watch out! A spike in ransomware attacks may be headed our way over Labor Day weekend. Yesterday, the FBI jointly with the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning to be on high alert for...more
9/3/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
FBI ,
Holidays ,
Multi-Factor Authentication ,
Passwords ,
Popular ,
Ransomware ,
Remote Desktop Protocols
Facial recognition technology has become increasingly popular in recent years in the employment and consumer space (e.g. employee access, passport check-in systems, payments on smartphones), and in particular during the...more
In April, we posted about the U.S. Department of Labor’s (DOL) Employee Benefits Security Administration (EBSA) issuing cybersecurity guidance for employee retirement plans. That is, April 14, 2021. Shortly thereafter, the...more
Effective October 1, 2021, Connecticut becomes the third state with a data breach litigation “safe harbor” law (Public Act No. 21-119), joining Utah and Ohio. In short, the Connecticut law prohibits courts in the state from...more
Individuals who serve as a fiduciaries to their company’s retirement plan often feel they may not be sufficiently informed or qualified to make prudent decisions for the plan. They might ask themselves: “How do I know which...more
In April, we posted about the U.S. Department of Labor’s (DOL) Employee Benefits Security Administration (EBSA) issuing cybersecurity guidance for employee retirement plans. That is, April 14, 2021. Shortly thereafter, the...more
Thousands of devices connecting to the internet make up the Internet of Things (IoT). While helping to streamline operations and improve productivity, the advantages of IoT are not without risks. Recent federal and state laws...more
By now, plan fiduciaries and their service providers likely have heard about the DOL’s cybersecurity guidance. The Department of Labor’s stepping into cybersecurity in this way – a posting of best practices on the agency’s...more
The Texas Legislature, which meets every other year, pushed a change to its data breach notification law at the end of the session in late May, and yesterday Governor Greg Abbott signed the bill into law...more
6/15/2021
/ Corporate Counsel ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Governor Abbott ,
Notification Requirements ,
State Attorneys General ,
State Data Breach Notification Statutes
The Biden Administration has issued the much-anticipated “Improving the Nation’s Cybersecurity” Executive Order (EO), setting certain standards and requirements to prevent cyberattacks for government agencies, federal...more
5/18/2021
/ Biden Administration ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Executive Orders ,
Federal Acquisition Regulations (FAR) ,
National Security ,
Oil & Gas ,
Pipelines ,
Popular ,
Ransomware ,
SolarWinds
On May 12, 2021, the Biden Administration issued an Executive Order on “Improving the Nation’s Cybersecurity” (EO). The EO was in the works prior to the Colonial Pipeline cyberattack, reportedly a ransomware incident that...more
5/17/2021
/ Biden Administration ,
Cyber Attacks ,
Cybersecurity ,
Executive Orders ,
Hackers ,
Information Management ,
Information Technology ,
Oil & Gas ,
Pipelines ,
Popular ,
Software ,
Supply Chain
In a recent post, we highlighted the need for a privacy and cybersecurity training program, one not solely focused on spotting phishing attempts (although that is quite important as well). A primary reason, quite simply, is...more
4/28/2021
/ Coronavirus/COVID-19 ,
Cybersecurity ,
Data Security ,
Employee Training ,
GitHub ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personally Identifiable Information ,
Popular ,
Remote Working ,
Security Breach ,
State Health Departments
Increased remote work due to the COVID-19 pandemic has only exacerbated privacy and cybersecurity concerns, and likely has not changed the finding in Experian’s 2015 Second Annual Data Breach Industry Forecast:.....more
Today, the U.S. Department of Labor’s Employee Benefits Security Administration (EBSA) issued much anticipated cybersecurity guidance for employee retirement plans. This comes more than four and a half years after the ERISA...more
4/15/2021
/ Best Practices ,
Cybersecurity ,
Department of Labor (DOL) ,
EBSA ,
Employee Retirement Income Security Act (ERISA) ,
Employee Training ,
Encryption ,
Popular ,
Retirement Plan ,
Third-Party Service Provider ,
Wage and Hour
In mid-March, Utah Governor Spencer Cox signed into law the Cybersecurity Affirmative Defense Act (HB80) (“the Act”), an amendment to Utah’s data breach notification law, creating several affirmative defenses for persons...more
4/7/2021
/ Affirmative Defenses ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
New Legislation ,
NIST ,
Personally Identifiable Information ,
Popular ,
State and Local Government ,
State Data Breach Notification Statutes
For the past several years, thousands of businesses have been hit with phishing scams during tax season. Through these social engineering scams, hackers obtain employee Forms W-2 for filing fraudulent tax returns seeking...more
In honor of Data Privacy Day, we provide the following “Top 10 for 2021.” While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2021...more
1/28/2021
/ Americans with Disabilities Act (ADA) ,
Artificial Intelligence ,
ATDS ,
Biometric Information ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Coronavirus/COVID-19 ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Internet of Things ,
OCR ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
TCPA
Setting up that new IoT device you received for Christmas? Maybe you’ve been derelict in feeding the dog and found a smart dog feeder under the tree, one that will alert you that Luna has been fed or that you have to refill...more
One of the last things pension plan participants would want to learn as they get ready to celebrate the Christmas holiday is that personal data from their pension accounts may have been compromised. This is the case,...more