On May 21, 2024, Erik Gerding, the director of the Division of Corporation Finance of the Securities and Exchange Commission (SEC), released a statement containing guidance for public companies regarding the disclosure of...more
6/5/2024
/ Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Federal Breach Notification Standard ,
Final Rules ,
Form 8-K ,
New Guidance ,
Popular ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
On October 10, Governor Newsom signed the Delete Act ( SB 362) into law, which amends California's current data broker law to impose extensive additional disclosure and registration requirements on data brokers, and to...more
10/20/2023
/ California ,
California Privacy Protection Agency (CPPA) ,
Consumer Reporting Agencies ,
Cybersecurity ,
Data Brokers ,
Data Collection ,
Data Deletion ,
Data Protection ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
New Legislation ,
Notice of Proposed Rulemaking (NOPR) ,
Personal Data ,
Personal Information ,
Personally Identifiable Information ,
Popular ,
Public Comment ,
Regulatory Reform
Popular file transfer tool MOVEit’s recent data security vulnerability prompted many businesses to communicate, internally and externally, about the impact of the incident on its business.
Originally published in Law360 -...more
10/16/2023
/ Consumer Privacy Rights ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Communications ,
Incident Response Plans ,
Personal Data ,
Personally Identifiable Information ,
Popular
In the burgeoning realm of data incidents, it is a truism that such incidents are not created equal. Indeed, a data incident is not necessarily a data breach.
Originally published in Reuters -August 24, 2023...more
8/25/2023
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
NIST ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Regulatory Oversight
It is 2022, which means you’ve received your fair share of consumer breach notification letters.
Originally published in Law360 on September 30, 2022....more
Please join Consumer Financial Services Partner Chris Willis and his colleagues Privacy + Cyber Associate Sadia Mirza and Privacy + Cyber Partner Kamran Salour as they discuss phishing. Kamran and Sadia break down what...more
According to the Verizon Wireless 2022 Data Breach Investigations Report, there are four prominent paths that threat actors use to gain unauthorized access into an organization’s network...
Originally published in Law360 on...more
In this episode of Unauthorized Access, Kamran and Sadia welcome their firm colleague, Privacy + Cyber Partner and Team Leader Ron Raether, in a discussion on consumer breach notices — specifically from Ron's perspective as a...more
Please find our fourth edition of the Cyber Capsule. As in months past, we continue to see an emphasis on two trends — an emphasis on cybersecurity funding and an emphasis on information sharing. Information sharing, however,...more
Welcome to the second edition of Troutman Pepper’s Cyber Capsule, which recaps last month’s noteworthy developments, including updates to reporting rules and cybercrime sharing, and other tidbits of information relating to...more
On April 28, the Connecticut House passed Senate Bill 6, an act concerning personal data privacy and online monitoring (SB 6 or Connecticut Act). The Senate unanimously passed SB 6 on April 20, and is now currently under...more
On February 18, California lawmakers proposed two bills that further extend the existing employee and business-to-business (B2B) data exemptions included in the California Consumer Privacy Act and the California Privacy...more
On February 3, a New York magistrate judge recommended dismissing a class action against medical management company, Professional Business System d/b/a Practicefirst Medical Management Solutions in Tassmer v. Professional...more
On January 13, Him Das, the acting head of the Financial Crimes Enforcement Network (FinCEN), highlighted ransomware as a chief national security risk. At the Financial Crimes Enforcement Conference, Das suggested that the...more
On January 28, California Attorney General Rob Bonta announced that his office was beginning an “investigative sweep” of businesses operating consumer loyalty programs in California. The California AG’s press release stated...more
EDITOR’S NOTE: There was no respite in privacy and cyber law in December 2021, despite the holidays and COVID-19 case surge. Domestically, U.S. regulators stepped up their efforts, signaling their focus on privacy policies...more
Entities that collect Wisconsin residents’ personal information and are licensed, registered, or authorized (licensee) with the Office of the Commissioner of Insurance (commissioner) will have to abide by a new data security...more
The California Privacy Protection Agency (CPPA) is the first state privacy agency in the nation and was created as part of the California Privacy Rights Act (CPRA). While this agency has already been formed, it will not begin...more
In Gardiner v. Walmart, Inc., a Walmart customer who purchased goods online filed a putative class action alleging that Walmart's cybersecurity procedures led to a purported unauthorized disclosure of his personal identifying...more