Latest Posts › Cybersecurity

Share:

SEC Continues its Cybersecurity Focus, Settles with Company over Lax Security Measures

The SEC recently issued an order and settlement against a company from a pair of cyberattacks in which millions of dollars of client funds were stolen. While the company was able to recover a portion of the funds and...more

Eye on Privacy: 2023 Year in Review

ARTIFICIAL INTELLIGENCE - What is the Privacy Impact of the White House AI Order for Businesses? Posted November 28, 2023 Biden’s sweeping AI Executive Order sought to have artificial intelligence used in accordance...more

What Do the CPPA’s Draft Regulations on Risk Assessments and Cybersecurity Audits Mean for Companies?

The CPPA, the California regulatory body charged with enforcing CCPA, has now issued draft regulations on risk assessments and cybersecurity audits. The draft was released ahead of a public board meeting to discuss those...more

State Privacy Law Roundup: What Financial Services Entities Need to Know

Financial services companies beware: the new state privacy laws exemption are not uniform. To recap, there are privacy laws in 12 states: California, Colorado, Connecticut, Florida, Indiana, Iowa, Montana, Oregon, Tennessee,...more

Utah Amends Data Breach Law, Creates Cyber Center

Utah’s breach notification requirements will change on May 3, 2023. The recently amended data breach notification law now requires companies to notify the Attorney General for a breach involving 500 or more state residents....more

Gaming Operators Latest to See Specific Privacy & Cybersecurity Laws

Two states recently passed laws with specific data security requirements for entities that are gaming operators or licensees. These new regulations in Nevada and Massachusetts add to the already complex set of data security...more

Movement on CPRA Regulations Expected

On Friday, February 3, the CPPA is scheduled to meet about current and forthcoming CPRA regulations. The Board had previously signaled that it expected to finalize the draft regulations in late January or early February 2023....more

FTC Action Against Drizly and CEO Provides Insight Into Its Security Expectations

The FTC recently took action against the online alcohol marketplace company Drizly and its CEO for alleged security failures. The case arose from a 2018 data breach which was caused – according to the FTC – by poor security...more

Indiana Breach Notification Law Amended, Changes Effective July 1, 2022

Indiana has made a minor amendment to its data breach notification law. Starting July 1, companies who are obligated to notify under the law must do so (to affected individuals and the Indiana Attorney General) without...more

Digital Health Trends and Privacy: What to Watch in 2022

The digital health sector has been rapidly growing, and the demand is not expected to diminish. Those in the industry will want to keep in mind some key legal concerns in the coming year, which we outline in this recent...more

Top 5 Legal Issues in Digital Health to Watch for in 2022

The use of digital health to deliver healthcare has seen unprecedented growth over the past few years, with significant acceleration due to the COVID-19 Public Health Emergency (PHE). As patients seek ways to empower...more

FTC 2022 Regulatory Priorities to Include Privacy and Security

As we look to 2022, a question on many companies’ minds is what actions we will see from the FTC. Two recent developments are important on that front. First, the FTC recently signaled its intent to initiate rulemaking on...more

California Publishes Initial Public Comments to CPRA

The California Privacy Protection Agency recently published public comments received in response to its preliminary rulemaking activities for the California Privacy Rights Act (CPRA). The comments were originally solicited in...more

Breach of PHI? California AG Reminds Companies of Potential State Notification Obligations

The California AG recently reminded companies in the healthcare industry of potential data breach notification obligations beyond HIPAA. As ransomware attacks continue to rise, particularly in healthcare, companies should...more

SEC Fine Highlights Importance of Cybersecurity Disclosures

The SEC recently announced a settlement with Pearson plc where the company has agreed to pay $1 million to settle charges that it misled investors about a 2018 cyber incident. According to the order, Pearson made misleading...more

Connecticut Expands Data Breach Notification Law, Changes Effective October 1, 2021

In addition to recently passing a cybersecurity safe harbor law, Connecticut also updated its data breach notification law. Connecticut joins Texas in passing changes to breach notification requirements this year. There are...more

NIST Plans to Update HIPAA Security Guidance – Asks for Comments

Recently, the National Institute of Standards and Technology (NIST) requested comments to its Resource Guide for implementing the HIPAA Security Rule. (i.e., SP 800-66). This Guide, first released in 2008, summarizes the...more

Update on the State of Privacy Law in China

China is continuing to move forward with its first comprehensive privacy law. China recently issued a second version of the draft Personal Information Protection Law (Draft PIPL) which will be open for public comments until...more

Two Other States Adopt Model Data Security Law for Insurance Industry

Maine and North Dakota recently adopted the National Association of Insurance Commissioners (NAIC) data security model law. They join at least 11 others states who have already adopted the model law. The model law applies to...more

Utah Creates Data Breach Safe Harbor

Utah recently amended its breach notice law to provide certain defenses to companies who suffer a data breach. It is now the second state, after Ohio, to include such provisions. Specifically, entities that create and...more

Federal Financial Agencies Seek Comments on Use of Artificial Intelligence

Artificial intelligence continues to remain a focus in 2021, as we predicted at the start of the year. From the FTC, to the EU, to others, regulators of all kinds are paying attention to companies’ use of these tools. In the...more

FDA Appointment Signals Increased Attention on Medical Device Cybersecurity

At the beginning of February, the US Food and Drug Administration (FDA) Center for Devices and Radiological Health (CDRH) appointed Professor Kevin Fu as the first ever Acting Director of Medical Device Cybersecurity. Fu’s...more

Companies Have Until March to Comment on EDPB Data Breach Notification Guidelines

Many supervisory authorities across Europe have reported increasing numbers of data breach notifications since the introduction of GDPR. While most companies are now familiar with the 72-hour reporting obligation for...more

Privacy and Data Protection Enactment and Enforcement Timelines During COVID-19

During COVID-19, in certain areas of the law, we have seen significant flexibility from regulators and government agencies in how they are addressing typical approval processes and/or compliance requirements. In the context...more

29 Results
 / 
View per page
Page: of 2

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide