The New York State Department of Financial Services (“DFS”) has entered its voice regarding the use of artificial intelligence (“AI”) by insurers by issuing for public comment a proposed circular letter addressing the use of...more
On October 30, 2023, the White House issued an Executive Order to address the growing innovations—and attendant concerns—regarding artificial intelligence (“AI”). The Executive Order is the first federal attempt to broadly...more
11/9/2023
/ Artificial Intelligence ,
Biden Administration ,
Competition ,
Cybersecurity ,
Data Privacy ,
Executive Orders ,
Innovative Technology ,
National Security ,
NIST ,
Popular ,
Risk Management ,
Technology Sector
In late September, two subcommittees of the U.S. House of Representatives held a joint hearing on responding to ransomware attacks. The hearing—held by the Subcommittee on Cybersecurity, Information Technology, and Government...more
On July 26, 2023, the Securities and Exchange Commission (the “SEC”) adopted rules requiring public companies to promptly disclose material cybersecurity breaches on Form 8-K and detailed information regarding their...more
On June 30, 2023, the California Superior Court issued a decision blocking the California Privacy Protection Agency (“CPPA” or the “Agency”) from enforcing new regulations governing the collection and use of consumer data...more
As we previously wrote on the blog, the Department of Justice has recently expanded its enforcement of the False Claims Act, 31 U.S.C. § 3730, into the arena of data security requirements in contracts with the federal...more
The final countdown has begun to July 1, when Colorado’s Data Privacy Act (the “CPA”) takes effect. The CPA joins a fast-growing number of state comprehensive privacy statutes. We have previously written on the laws from...more
By press release on May 25, 2023, The New York Department of Financial Services (“DFS”) announced a Consent Order with OneMain Financial Group LLC (“OneMain”) for failing to comply with the DFS’s Cybersecurity Regulation (23...more
On June 1, 2023, the United States Supreme Court decided two consolidated cases, United States ex rel. Schutte v. SuperValu Inc. and United States ex rel. Proctor v. Safeway, 589 U.S. ___ (2023), holding that a defendant’s...more
On March 15, 2023, the Securities and Exchange Commission (“SEC”) proposed a new rule concerning cybersecurity risk management as well as updates to Regulations S-P and SCI (Systems Compliance Integrity).[1] With these...more
Last month, the Federal Trade Commission (“FTC”) announced its first-ever enforcement action under the Health Breach Notification Rule (“HBNR” or “the Rule”). In a complaint filed in February, the agency alleged that GoodRx...more
Background - The Illinois Supreme Court recently issued a decision that could have wide-ranging implications for defendants and plaintiffs alike under the Illinois Biometric Information Privacy Act (BIPA). In response to a...more
On January 26, 2023, the Department of Justice announced its successful “months-long disruption campaign” against a ransomware group known as Hive, signaling the United States’ increased efforts to combat ransomware attacks...more
The Supreme Court has declined, for now, to decide when attorney-client privilege will apply to communications viewed by courts as made for both legal and other purposes. In October 2022, the Court granted certiorari in In...more
The fallout from one of Australia’s worst data breaches continues to unfold. As we previously reported, in October 2022, Russian hackers stole approximately 9.7 million customers’ sensitive data from Medibank, Australia’s...more
Medibank, one of Australia’s largest private health insurers, detected a ransomware attack in October 2022. The attackers, believed to be part of a criminal organization based in Russia, exfiltrated approximately 9.7 million...more
On Wednesday, November 9, 2022, the New York Department of Financial Services (“DFS”) announced proposed revisions to New York State’s landmark Cybersecurity Regulation, 23 NYCRR Part 500. The proposed amended regulation...more
On September 15, 2022, Deputy Attorney General (“DAG”) Lisa Monaco announced a series of changes to the United States Department of Justice’s (the “Department” or “DOJ”) corporate enforcement policies. This follows a prior...more
On June 24, 2022, the New York Department of Financial Services (“DFS”) announced a cybersecurity settlement with Carnival Corporation d/b/a Carnival Cruise Line, Princess Cruise Lines, Holland America Line, Seabourn Cruise...more
Nothing is certain in life except death, taxes, and now, data breaches. Data breaches are almost an unavoidable cost of doing business in a globally connected world. As if being victimized by cybercriminals wasn’t enough,...more
In a sign that it may be stepping up enforcement of New York’s Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”), the New York Attorney General’s Office (“NYAG”) announced on June 30, 2022 that it had reached...more
In a significant development in anti-hacking criminal enforcement, the Department of Justice last week released new guidance for charging violations of the Computer Fraud and Abuse Act (“CFAA”), the nation’s premier computer...more
Ransomware attacks have become headline news in the mainstream media, and a hot topic not only on this blog but in government circles. And with good reason as the United States suffered a staggering 421.5 million ransomware...more
4/5/2022
/ Corporate Counsel ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Security ,
Information Reports ,
Popular ,
Ransomware ,
Risk Management
Throughout the COVID-19 crisis, we have focused on the significant uptick in ransomware attacks. Government agencies such as OFAC, CISA, and New York’s DFS have updated their guidance on how to prepare for and respond to...more
On October 22, 2021, the New York State Department of Financial Services (“DFS”) issued new Guidance regarding a Covered Entity’s compliance with New York’s Cybersecurity Regulation where the Covered Entity relies on the...more