On July 26, 2023, the Securities and Exchange Commission (the “SEC”) adopted new rules requiring public companies to disclose within four business days material cybersecurity incidents they experience and to disclose annually...more
8/2/2023
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Disclosure Requirements ,
Publicly-Traded Companies ,
Regulatory Reform ,
Required Forms ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
In May 2021, Colonial Pipeline, a privately held oil pipeline responsible for nearly half of the oil supply for the U.S. East Coast, was crippled by a DarkSide ransomware attack. DarkSide is widely believed to be a...more
3/7/2023
/ Biden Administration ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Data Breach ,
Data Management ,
Data Protection ,
Data Security ,
Information Technology ,
New Legislation ,
Popular ,
Ransomware ,
Regulatory Reform ,
Reporting Requirements
Over the last several months, a minority of states amended their data breach notification statutes or enacted sector-specific breach notification requirements. ...more
10/19/2021
/ Amended Regulation ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Information Technology ,
NAIC ,
Personally Identifiable Information ,
State and Local Government ,
State Data Breach Notification Statutes
On September 21, 2021, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) released its Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments (the “Updated Advisory”)....more
Over a strong dissent from Justice Thomas, the Supreme Court in TransUnion LLC v. Ramirez on June 25, 2021 dramatically reorganized and narrowed the Article III landscape for constitutionally cognizable damage suits in...more
6/30/2021
/ Article III ,
Class Action ,
Class Members ,
Credit Reporting Agencies ,
Credit Reports ,
Fair Credit Reporting Act (FCRA) ,
Injury-in-Fact ,
SCOTUS ,
Standing ,
TransUnion ,
TransUnion LLC v Ramirez
On March 1, 2017, the New York State Department of Financial Services (“NYDFS”) Cybersecurity Requirements for Financial Services Companies (the “Cybersecurity Regulation”) became effective. Fast forward four years, where...more
As we bid farewell to 2020 and look toward the uncharted territory of 2021, it is hard not to take inventory of all that has changed in such a short period. No one at the beginning of 2020 would have predicted what transpired...more
1/26/2021
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Communications Decency Act ,
Contact Tracing ,
COPPA ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
DMCA ,
Employee Monitoring ,
FERPA ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Personally Identifiable Information ,
Ransomware ,
Van Buren v United States
The CISA, FBI and HHS have issued an alert (https://us-cert.cisa.gov/ncas/alerts/aa20-302a) regarding an imminent threat to hospitals and health care providers. Federal agencies have credible information to suggest that a...more
10/30/2020
/ Cyber Attacks ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
FBI ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
Malware ,
Risk Management ,
Vulnerability Assessments
Polsinelli is pleased to share The Privacy Survival Guide. This newsletter is a designated source of news, information and guidance on the constantly evolving health care privacy industry.
...more
Since 2010, Massachusetts has required organizations that collect personal data about Massachusetts residents to implement a comprehensive written information security program (“WISP”) designed to avoid and respond to data...more