Before we jump into February developments — trigger warning if you are a Russian hacker — for those keeping track of breach notification requirements, the National Credit Union Administration (NCUA) Board approved a final...more
3/8/2023
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
FCC ,
Hackers ,
Malware ,
National Security Agency (NSA) ,
NCUA ,
Ransomware ,
Spyware ,
Telecommunications
When a business experiences a data security incident, there is invariably one principal question that the affected business wants answered: Who do we tell?
Originally published in Law360 on December 2, 2022....more
A thesis statement for this month's Cyber Capsule might be "You're Doing It Wrong." Whether it's easily guessable passwords, manipulated URLs, or waiting longer than prudent to report a data breach, most of our items look at...more
Please find our eighth edition of the Cyber Capsule. In this edition, we discuss a brazen botnet, steps to shield the online availability of federal judges' personal information, the price of cybersecurity, and a warning...more
In this episode of Unauthorized Access, Kamran and Sadia are joined by Redpoint Cybersecurity VP of Client Engagement Violet Sullivan. The three cyber experts discuss board level buy-in and how to make sure the board is...more
It is 2022, which means you’ve received your fair share of consumer breach notification letters.
Originally published in Law360 on September 30, 2022....more
Please join Consumer Financial Services Partner Chris Willis and his colleagues Privacy + Cyber Associate Sadia Mirza and Privacy + Cyber Partner Kamran Salour as they discuss phishing. Kamran and Sadia break down what...more
According to the Verizon Wireless 2022 Data Breach Investigations Report, there are four prominent paths that threat actors use to gain unauthorized access into an organization’s network...
Originally published in Law360 on...more
In this episode of Unauthorized Access, Kamran and Sadia welcome their firm colleague, Privacy + Cyber Partner and Team Leader Ron Raether, in a discussion on consumer breach notices — specifically from Ron's perspective as a...more
Welcome to the sixth edition of the Cyber Capsule. This edition focuses on protecting judges’ personal information; an uptick in phishing; a regulatory decision and a judicial opinion, each of which may impact how companies...more
For nearly 20 years, October has served as Cybersecurity Awareness Month. To highlight the importance of being cyber ready, we will release weekly tricks and treats as part of this four-part series to make your business more...more
The holiday season is around the corner. For most of us, it is a time of joy, cheer, excitement, and hopefully some relaxation. For cyber criminals, however, this is the busy season (same goes for Santa and his elves).
...more
Can cyber investigations be canned? Find out what Sadia, Kamran, and this month’s guest, Shawn Tuma of Spencer Fane, have to say. The gloves come off as these three breach coaches duke it out for the final word on this topic....more
In this episode of Unauthorized Access, Kamran and Sadia welcome Tony Kirtley of Secureworks. Tony discusses the emotional response to a ransomware attack, particularly how the emotional response mirrors the Kübler-Ross five...more
Editor’s Note: This past month featured increased activity in privacy and data protection. U.S. Legislation and Regulation. Connecticut’s governor signed a comprehensive privacy bill, and President Biden has before him a bill...more
The California Privacy Rights Action (CPRA) will significantly impact how entities process personal information requiring covered businesses to review and update their existing vendor agreements. The CPRA also includes...more
Editor’s Note: Connecticut became the fifth state in the nation to successfully pass a comprehensive privacy bill (now awaiting its governor’s signature), following California, Colorado, Utah, and Virginia. Meanwhile,...more
5/13/2022
/ Advisory Committee ,
Artificial Intelligence ,
Biometric Information Privacy Act ,
Class Action ,
Connecticut ,
Data Privacy ,
Digital Services ,
Electronically Stored Information ,
Employee Tracking ,
EU ,
False Claims Act (FCA) ,
GINA ,
Personal Data ,
State Privacy Laws ,
Stored Communications Act ,
U.S. Commerce Department
Most privacy laws derive from the same core foundational principles, namely the Fair Information Practice Principles (FIPPs). This includes the California Consumer Privacy Act of 2018 (CCPA), California Privacy Rights Act of...more
In July 2021, the Uniform Law Commission (ULC) approved the final version of the Uniform Personal Data Protection Act (UPDPA). The ULC took a novel approach when drafting this model act, which it claims has “elements that...more
Editor’s Note: Utah became the fourth state in the nation to successfully pass a comprehensive privacy bill, following California, Colorado, and Virginia. Meanwhile, seven other states failed at their own attempts, including...more
Editor’s Note: It may be the shortest month of the year, but February 2022 saw a flurry of privacy — especially biometric — legislation move closer to enactment. Kentucky, California, Maryland, and New York state introduced...more
On February 3, a New York magistrate judge recommended dismissing a class action against medical management company, Professional Business System d/b/a Practicefirst Medical Management Solutions in Tassmer v. Professional...more
Editor’s Note: Organizations continue calling for a comprehensive federal privacy law, and U.S. states continue trying to fill the void by proposing their own such laws. The latest states to do so include Mississippi and...more