The new Department of Justice (DOJ) Data Security Program (DSP) took effect on April 8....more
4/17/2025
/ Corporate Counsel ,
Covered Person ,
Cybersecurity ,
Data Brokers ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Due Diligence ,
New Guidance ,
Penalties ,
Risk Management
Our company experienced a cybersecurity incident. It seemed pretty minor — just a few suspicious emails and an employee’s account being locked. To my dismay, we’re now hearing from our IT team that the issue is more serious....more
2024 was a pivotal year in the regulation of data practices, with increased scrutiny of artificial intelligence (AI), data brokers, and the ecosystem of commercial data, and the continued proliferation of comprehensive United...more
2/13/2025
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
Machine Learning ,
Privacy Laws ,
Regulatory Agenda ,
State Privacy Laws
It is no secret that ransomware dominates headlines, and cybersecurity incidents have become part of our everyday language. However, the criminal “business model” behind ransomware keeps evolving.
Originally published in...more
1/23/2025
/ Business Continuity Plans ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Data Protection ,
Federal Trade Commission (FTC) ,
Forensic Accounting ,
Incident Response Plans ,
Ransomware ,
Risk Management ,
Third-Party Risk ,
Third-Party Service Provider
In late June, the staff of the U.S. Securities and Exchange Commission’s Division of Corporation Finance released five new compliance and disclosure interpretations regarding the disclosure of material cybersecurity incidents...more
12/2/2024
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Insurance ,
Cybersecurity ,
Disclosure Requirements ,
Encryption ,
Form 8-K ,
Information Technology ,
Materiality ,
Ransomware ,
Reporting Requirements ,
Reputational Injury ,
Securities and Exchange Commission (SEC)
I work for a public company that recently experienced a ransomware attack. Fortunately, we were able to restore our business operations quickly by obtaining a decryption key from the threat actor. Given that we managed to get...more
9/11/2024
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Protection ,
Disclosure Requirements ,
Incident Response Plans ,
Publicly-Traded Companies ,
Ransomware ,
Reporting Requirements ,
Reputational Injury ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
“Dear Mary” is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related — data breaches, forensic investigations, how to...more
“Dear Mary” is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related — data breaches, forensic investigations, how to...more
“Dear Mary” is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related — data breaches, forensic investigations, how to...more
Each of the 50 states has its own definition of what constitutes a reportable data breach. For some, it requires “unauthorized access” to personal information. For others, it requires “unauthorized acquisition.” And then,...more
7/25/2024
/ Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Theft ,
Identity Theft ,
Personal Data ,
Personally Identifiable Information ,
Unauthorized Access
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
On March 28, the Federal Trade Commission (FTC) released a Privacy and Data Security Update, highlighting the FTC’s activities in recent years through December 2023. The FTC underscored its work on issues related to...more
4/12/2024
/ Algorithms ,
Artificial Intelligence ,
COPPA ,
Cybersecurity ,
Data Privacy ,
Do Not Call List ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
FTC Act ,
Gramm-Leach-Blilely Act ,
Machine Learning ,
Popular ,
Regulatory Agenda ,
Risk Management
Editor’s Note: In recent regulatory and enforcement developments, the White House announced a new executive order aimed at strengthening cybersecurity at U.S. ports, and another executive order was issued to protect sensitive...more
3/7/2024
/ Artificial Intelligence ,
Biden Administration ,
Consent Order ,
Consumer Financial Products ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Executive Orders ,
Fair Credit Reporting Act (FCRA) ,
FCC ,
Financial Services Industry ,
Personal Data ,
Personally Identifiable Information ,
Robocalling ,
TCPA ,
UDAAP
NIST Publishes Report on the Cybersecurity of Genomic Data. On December 20, 2023, the NIST National Cybersecurity Center of Excellence (NCCoE) published Final NIST IR 8432, Cybersecurity of Genomic Data. Informed by direction...more
2/13/2024
/ Artificial Intelligence ,
Biometric Information ,
Biometric Information Privacy Act ,
Consumer Financial Products ,
Consumer Fraud ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
NIST ,
Personal Information ,
Personally Identifiable Information ,
Popular ,
Putative Class Actions
Troutman Pepper’s 2023 Privacy Year in Review is a comprehensive analysis of the year’s key developments in privacy, security, and artificial intelligence and offers practical advice for companies navigating the bewildering...more
On January 16, New Jersey Governor Phil Murphy signed S332 (the act), making New Jersey the first state in 2024 to enact a comprehensive privacy law. Several other states are currently considering similar comprehensive...more
1/26/2024
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Information Technology ,
New Jersey ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Reform ,
State Data Privacy Laws
Editor’s Note: The FTC continues to crack down on privacy and cybersecurity, including issuing a new warning to tax preparation companies and entering into a consent decree with 1Health.io. VPPA and BIPA litigation continues...more
11/28/2023
/ Artificial Intelligence ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consent Order ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Executive Orders ,
Federal Trade Commission (FTC) ,
Final Rules ,
Financial Institutions ,
Gramm-Leach-Blilely Act ,
Motion to Dismiss ,
NIST ,
Personal Information ,
Popular ,
Privacy Policy ,
Putative Class Actions ,
Safeguards Rule ,
State Attorneys General
On October 30, President Biden issued a sweeping Executive Order calling on Congress to enact privacy laws and directing federal agencies to review existing rules and potentially explore new rulemakings governing the use of...more
11/2/2023
/ Algorithms ,
Artificial Intelligence ,
Bias ,
Biden Administration ,
Consumer Financial Protection Bureau (CFPB) ,
Cybersecurity ,
Data Protection ,
Department of Justice (DOJ) ,
Discrimination ,
Executive Orders ,
Financial Services Industry ,
Machine Learning ,
Popular ,
Risk Assessment ,
Rulemaking Process
On October 10, Governor Newsom signed the Delete Act ( SB 362) into law, which amends California's current data broker law to impose extensive additional disclosure and registration requirements on data brokers, and to...more
10/20/2023
/ California ,
California Privacy Protection Agency (CPPA) ,
Consumer Reporting Agencies ,
Cybersecurity ,
Data Brokers ,
Data Collection ,
Data Deletion ,
Data Protection ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
New Legislation ,
Notice of Proposed Rulemaking (NOPR) ,
Personal Data ,
Personal Information ,
Personally Identifiable Information ,
Popular ,
Public Comment ,
Regulatory Reform