On June 18, 2024, the Securities and Exchange Commission (“SEC”) announced a $2.1 million civil penalty settlement of charges against R.R. Donnelley & Sons (“RRD”), a global provider of business communications services and...more
A spate of recent ransomware attacks illustrates the increasingly difficult calculations that businesses face following the theft or encryption of their data....more
On December 18, 2023, prior to the trading session, VF Corp. (NYSE:VFC) issued a press release disclosing that the company was investigating unauthorized activity on its computer systems – and that the intrusion had encrypted...more
Last month, as the New York State Department of Financial Services (“DFS”) began phasing in amended cybersecurity regulations and continued enforcement actions against noncompliant entities, a wave of ransomware attacks...more
State regulators across the country continue to increase their focus on cyber security and data privacy compliance and enforcement. For years, cloud company Blackbaud, a service provider to thousands of nonprofit enterprises,...more
12/8/2023
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Incident Response Plans ,
Personally Identifiable Information ,
Popular ,
Ransomware ,
Settlement
On November 1, 2023, the New York State Department of Financial Services (“DFS”) amended its cybersecurity regulations to institute additional standards and controls aimed at securing sensitive data among the financial...more
11/14/2023
/ Chief Information Security Officer (CISO) ,
Compliance ,
Corporate Governance ,
Cybersecurity ,
Data Security ,
Financial Institutions ,
Financial Services Industry ,
NYDFS ,
Popular ,
Risk Management ,
Sensitive Personal Information
On March 15, 2023, the Securities and Exchange Commission (“SEC”) proposed a new rule concerning cybersecurity risk management as well as updates to Regulations S-P and SCI (Systems Compliance Integrity).[1] With these...more
The White House recently issued a Memorandum designed to strengthen the cyber defenses of “National Security Systems” – information systems operated by the federal government that are used for intelligence or military...more
2/4/2022
/ Biden Administration ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Executive Orders ,
Government Agencies ,
National Security ,
Risk Mitigation
As the national landscape of data privacy laws evolves, New York may be poised to follow California in passing legislation that creates new data rights for New York consumers. New York is no stranger to this field. The New...more
A federal court recently added additional wrinkles to one of the most important aspects of responding to a data breach: a forensic investigative report. The court ordered a law firm to turn over a report produced by a...more
As remote learning continues to play a critical role in the world’s pandemic response, cybercriminals see another opportunity for exploitation. The Federal Bureau of Investigation, the Cybersecurity and Infrastructure...more
On December 13, the software and service provider SolarWinds announced that its Orion software platform had been the target of a sophisticated cyber-attack that may have resulted in malicious code being pushed to as many as...more
As we previously reported, companies across the globe increasingly have been targeted by cyber criminals during the COVID-19 pandemic. Just last month, a major U.S. healthcare provider, United Health Services (“UHS”),...more
The Cybersecurity and Infrastructure Security Agency (CISA) teamed up with the Federal Bureau of Investigation (FBI) to issue a joint warning of cyber-attacks emanating from Iran and targeting U.S. federal agencies and...more
9/21/2020
/ Corporate Governance ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Protection ,
FBI ,
Hackers ,
NCSC ,
Risk Mitigation ,
Workplace Privacy
In recent weeks, we have seen growing threats to cybersecurity and privacy by malicious actors seeking to exploit the COVID-19 pandemic. As companies transition their employees to remote working and focus their efforts on...more
Businesses, consumers, and regulators continue to grapple with balancing privacy, cybersecurity, and the response to the COVID-19 pandemic. Last week, this blog explored the increased cyber risks that the pandemic poses to...more
In recent years, cyber-attacks have continued to increase in number and scope, with businesses facing ever-growing threats from ransomware, distributed denial-of-service attacks, and phishing schemes....more
The California Consumer Privacy Act (“CCPA”) becomes operative on January 1, 2020. See Cal Civ. Code § 1798.100 et al. To date, the CCPA is the most sweeping consumer privacy law in the United States, covering most for-profit...more
10/3/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Privacy Laws ,
Private Right of Action
Earlier this month, YouTube and its parent company, Google, entered into a record $170 million proposed settlement to resolve allegations brought by the Federal Trade Commission (FTC) and the New York Attorney General (NYAG)...more
The California Consumer Privacy Act (CCPA) has significantly altered the potential consequences of a data breach under California law by permitting California consumers to bring civil suits for statutory damages, Cal. Civ....more
8/24/2019
/ Cal Code of Civil Procedure ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Declaratory Relief ,
Injunctive Relief ,
Popular ,
Privacy Laws ,
Private Right of Action ,
Statutory Damages
Last Thursday, Governor Cuomo signed New York’s latest data security bill – the Stop Hacks and Improve Electronic Data Security, or “SHIELD” Act. The Act, which we have followed on this blog since November 2017, imposes new...more
The U.S. Office of Personnel Management (“OPM”) made headlines when several hacks of confidential data came to light in 2015, intrusions that compromised the personal data of over 20 million individuals. On July 21, 2019, in...more
7/16/2019
/ Article III ,
Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Identity Theft ,
Office of Personnel Management (OPM) ,
Personally Identifiable Information ,
Popular ,
Standing
The New York State Senate recently passed The Stop Hacks and Improve Electronic Data Security Act, or SHIELD Act, leaving only the Governor’s signature as the final step to the SHIELD Act becoming the country’s newest—and one...more
As we’ve written about in the past, the SAFETY Act has the potential to help companies mitigate their risk from cyber-terrorism. As previously noted, the statute has never been fully tested in courts, so the full contours of...more
As we’ve discussed in previous posts, the SAFETY Act has the potential to serve as a valuable tool for companies looking to mitigate risk from cyber-terrorism. ...more