On July 8, the CPPA officially began the formal rulemaking process for new privacy regulations—many of which operationalize new CPRA requirements. With the publication of the Notice of Proposed Rulemaking, the 45-day initial...more
The U.S. Department of Justice will decline to prosecute cyber intrusions based solely on exceeding contractual authorization or which occur pursuant to "good-faith security research."
On May 19, 2022, the Department of...more
On May 10, 2022, Connecticut, following Utah, California, Virginia, and Colorado, became the fifth state to adopt a comprehensive consumer data privacy law.
On May 10, 2022, Connecticut Governor Ned Lamot signed "An Act...more
On March 24, 2022, Utah followed California, Virginia, and Colorado in adopting a comprehensive consumer data privacy law.
On March 24, 2022, Utah Governor Spencer Cox signed the Consumer Privacy Act ("Act"), making Utah...more
4/7/2022
/ Cybersecurity ,
Data Breach ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Security ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Reform ,
State Data Privacy Laws
On March 15, 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the "Act"), creating new requirements for organizations operating in critical infrastructure sectors to...more
3/18/2022
/ Biden Administration ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Data Protection ,
Data Security ,
New Legislation ,
Popular ,
Regulatory Reform ,
Reporting Requirements
As part of the SEC's broader rulemaking initiative, on March 9, 2022, the SEC proposed amendments to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by...more
3/14/2022
/ Corporate Governance ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Foreign Private Issuers ,
Form 10-K ,
Form 10-Q ,
Form 8-K ,
Proposed Amendments ,
Publicly-Traded Companies ,
Regulation S-K ,
Regulatory Agenda ,
Regulatory Reform ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
Regulations will mandate more robust customer identity verification procedures and special measures to combat malicious cyber activities.
On September 24, 2021, the Department of Commerce ("Commerce") published an Advance...more
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
President Biden Issues Cybersecurity Executive Order -
On May 12, 2021, President Biden issued an executive order that placed new standards on the...more
8/10/2021
/ Article III ,
Biden Administration ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Executive Orders ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Technology ,
Mobile Apps ,
Personal Data ,
Popular ,
Ransomware ,
SCOTUS ,
Standing ,
TransUnion LLC v Ramirez
Connecticut has become the third state to enact a cybersecurity safe harbor statute.
On June 16 and July 6, 2021, Connecticut Governor Ned Lamont signed two new cybersecurity laws that continue the national trend of...more
7/12/2021
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
New Legislation ,
Notice Requirements ,
Popular ,
Regulatory Reform ,
Safe Harbors ,
State and Local Government ,
State Data Breach Notification Statutes
Introduction Colorado has joined California and Virginia as the third state with a comprehensive data privacy law. On July 7, 2021, Colorado Governor Polis signed the Act into law, following the Colorado Senate's passage of...more
7/8/2021
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Controller ,
Data Management ,
Data Privacy ,
Data Processors ,
Data Protection ,
Information Governance ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Standards ,
State and Local Government
On June 30, 2021, the New York Department of Financial Services ("NYDFS") identified key cybersecurity measures to prevent and prepare for ransomware attacks. ...more
7/8/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Multi-Factor Authentication ,
New Guidance ,
NYDFS ,
Phishing Scams ,
Ransomware ,
Risk Mitigation
More than a year ago the world fell victim to a global pandemic that would change life in ways that could never have been predicted. In the early stages of the pandemic, we published a White Paper directed at financial...more
The evolution of autonomous vehicle technology and its forthcoming widespread use have the potential for many societal benefits, including safer roads, greater economic productivity, and better fuel economy. Along with the...more
The General Services Administration ("GSA") is including language regarding cybersecurity requirements in requests for proposals relating to certain IT governmentwide acquisition contracts ("GWACs"). Certain requirements will...more
The Situation: As we advised in our recent Commentary, federal banking regulators have proposed rules requiring a banking organization to provide its primary federal regulator with prompt notification of any...more
United States -
Regulatory—Policy, Best Practices, and Standard -
NIST Unveils Draft Guidance to Protect Critical Infrastructure -
On October 22, 2020, the National Institute of Standards and Technology ("NIST")...more
1/8/2021
/ CNIL ,
Consumer Privacy Rights ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
NIST ,
Personal Data ,
Popular ,
Risk Management
The Situation: On December 18, 2020, the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, and the Board of Governors of the Federal Reserve System (the "Federal Banking Agencies") jointly...more
The Situation: Although the deadline keeps getting extended, e-commerce merchants and payment processors across the European Union are racing to implement the strong customer authentication ("SCA") requirements of the Revised...more
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
NIST Releases Revision to Security Standard -
On September 23, the National Institute of Standards and Technology ("NIST") released Revision 5 to...more
The Situation: Less than one year after the California Consumer Privacy Act ("CCPA") became effective, California voters approved the California Privacy Rights Act ("CPRA"), a consumer privacy ballot initiative that amends...more
11/6/2020
/ Advertising ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Popular
On October 12, 2020, the California Attorney General released a third set of proposed modifications to the California Consumer Privacy Act ("CCPA") regulations.
On October 12, 2020, the California Attorney General issued...more
The Attorney General requested expedited review by the Office of Administrative Law and asked that the regulations become effective upon filing with the Secretary of State.
On June 1, 2020, the Office of the California...more
The coronavirus (COVID-19) pandemic presents the world of higher education with an unprecedented set of challenges that will likely persist for years to come. During the pandemic and beyond, colleges and universities will be...more
5/15/2020
/ CARES Act ,
Colleges ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Department of Education ,
Distance Learning ,
Educational Institutions ,
Employer Liability Issues ,
Infectious Diseases ,
Relief Measures ,
Students ,
Universities
The Situation: The global spread of the novel coronavirus (COVID-19) has prompted the workforce to migrate from the office to remote-working environments and businesses to adopt new data collection, use, and disclosure...more
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
Cybersecurity Standards Issued for Government Contractors -
On January 31, the Office of the Under Secretary of Defense for Acquisition and...more
4/1/2020
/ 5G Network ,
Artificial Intelligence ,
Canada ,
China ,
CNIL ,
Computer Fraud and Abuse Act (CFAA) ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
Department of Defense (DOD) ,
EU ,
European Commission ,
Executive Orders ,
Federal Trade Commission (FTC) ,
FERC ,
GAO ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Commissioner's Office (ICO) ,
Japan ,
Latin America ,
National Security ,
NIST ,
OCIE ,
OCR ,
Online Safety for Children ,
People's Bank of China ,
Public Health Emergency ,
Securities and Exchange Commission (SEC) ,
Social Media ,
State Attorneys General ,
Telehealth ,
Trump Administration ,
Unmanned Aircraft Systems