No Password Required: USF Cybercrime Professor, Former Federal Agent, and Vintage Computer Archivist
Episode 334 -- District Court Dismisses Bulk of SEC Claims Against Solarwinds
Monumental Win in Data Breach Class Action: A Case Study — The Consumer Finance Podcast
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
Work This Way: A Labor & Employment Law Podcast | Episode 14: How Employers Can Navigate Cybersecurity Issues with Brandon Robinson, Maynard Nexsen Attorney
FBI Lockbit Takedown: What Does It Mean for Your Company?
Privacy Officer's Roadmap: Data Breach and Ransomware Defense – Speaking of Litigation Video Podcast
Decoding Cyber Threats: Protecting Critical Infrastructure in a Digital World — Regulatory Oversight Podcast
Life With GDPR: Episode 104 – Solar Winds and Your Mother – Tell The Truth
No Password Required: American University’s Vice Provost for Research and Innovation and a Tracker of (Cyber) Unicorns
Snooping Sadia Talks to Former Official Gene Fishel — Unauthorized Access Podcast
Life With GDPR: Critical Perspectives on Big Law Firm Cybersecurity
No Password Required: Chief Adversarial Officer at Secure Yeti, a DEF CON Groups Global Ambassador, and a World-Class Awkward Hugger
2023 DSIR Deeper Dive: How International and Domestic Regulatory Enforcement Spotlights the Information Governance Tensions Between ‘There’ and ‘Here’ and Between ‘Keep’ and ‘Delete’
Marketing Minute with NP Strategy (Video): How to Respond to a Cyber Security Breach
Life With GDPR – Lessons Learned from The Singtel Opus Data Breach
State AG Pulse | CT AG Reacts to Genetic Data Breach
Cybersecurity in Video Games & Esports
2023 DSIR Deeper Dive: State Privacy and Data Collection
Let’s review for a moment. It’s not a HIPAA violation to be a victim of ransomware. It’s not a HIPAA violation to pay a ransom. It’s up to the covered entity (CE) to determine if a security or privacy incident is a...more
We invite you to join us for an insightful webinar on Best Practices in Cyber Preparedness for Government Contractors and Critical Infrastructure Operators on Wednesday, October 23, 2024, from 12:00 p.m. – 1:00 p.m. EDT....more
As we discussed in a recent post, earlier this year the U.S. Department of Housing and Urban Development (“HUD”) issued Mortgagee Letter 2024-10, which imposed a new requirement on all FHA-approved mortgagees to report...more
Carriers have an obligation to protect customer proprietary network information (CPNI) and personally identifiable information (PI). Several recent FCC consent decrees resolving breaches of CPNI and PI show the FCC will hold...more
United Healthcare Group (UHG) CEO Andrew Witty was in a board meeting on Feb. 21 when officials interrupted with the news that Change Healthcare—a clearinghouse UHG subsidiary Optum had purchased for $1.3 billion in October...more
Resolution No. 15, of April 24, 2024, of the Brazilian Data Protection Authority ("ANPD"), approved the Data Breach Notifying Regulation (the “Regulation”). The Regulation establishes procedures for data controllers to notify...more
On February 1, 2024, the Connecticut Office of the Attorney General (the “OAG”) issued a report mandated by the Connecticut Data Privacy Act (the “CTDPA”), Conn. Gen. Stat. § 42-515 et seq. (the “Report”), which Report is...more
The evolving use of artificial intelligence (AI) across different industries has thrust states into a difficult and rapidly developing regulatory arena. State Attorneys General have and will continue to play an essential role...more
The opinion was issued in response to a request by the French Data Protection Authority and provides guidance on the conditions for determining a controller's main establishment where that controller has establishments in...more
As we discussed in part three of this series, “Navigating the Complexities of Regulatory Data Incident Investigations,” when an organization is the subject of regulatory data incident investigations, it must navigate a...more
A privacy breach can have detrimental consequences for startups: A privacy breach may trigger legal consequences and regulatory scrutiny, especially for a startup that operates in areas with stringent data protection laws...more
With a couple of “firsts,” the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is signaling that it is cracking down on healthcare organizations that fail to identify and address cybersecurity...more
When a cyber breach occurs, cooler heads need to prevail. This can be a highly emotional and stressful occurrence. Being prepared and having a clear plan of action will help you stay focused, meet your compliance...more
On October 27, 2023, the Federal Trade Commission (“FTC”) adopted an amendment to the FTC’s Safeguards Rule that will require non-banking financial institutions to notify the FTC within thirty days of discovering a data...more
The recent SEC lawsuit against SolarWinds Corp and its CISO, Tim Brown, following the 2020 data breach, has brought the issue of executive liability in cybersecurity disclosures to the forefront. This case sheds light on the...more
In a first, bold move by the Securities and Exchange Commission (SEC) following its new Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies, issued on July 26, 2023, this...more
The U.S. Securities and Exchange Commission has a message for publicly-traded companies that suffer a data breach: own up. On Monday, the SEC sued Texas-based SolarWinds––and its Chief Information Security Officer...more
Today data breaches are a costly and ever-present danger for businesses in both the public and private sector. Each year, the total number of reported breaches grows 5-10% over the previous year, with over 22 billion records...more
With the first wave of amendments to Québec’s An Act Respecting the Protection of Personal Information in the Private Sector (“PPIPS”) having taken effect just over a month ago, we thought we would share some misconceptions...more
On March 29, 2022, federal banking regulators issued important guidance for how banking organizations can comply with the upcoming requirement to notify regulators within 36 hours of ransomware or other disruptive...more
Indiana has amended its breach notification law to require entities to notify individuals “without unreasonable delay, but not more than forty-five (45) days after the discovery of the breach.” It clarifies that a delay is...more
On March 15, 2022, President Biden signed into law the “Cyber Incident Reporting for Critical Infrastructure Act of 2022” (the Act) as part of the 2022 federal funding bill. Among other things, the Act requires critical...more
On March 9, 2022, the US Securities and Exchange Commission (SEC) voted 3-1 to propose new rules and amendments under the Securities Exchange Act of 1934 that would constitute the SEC’s first attempt to adopt specific rules...more
In Part 2 of this series, we discussed how the Personal Information Protection Law (“PIPL”), the centerpiece of China’s personal information (“PI”) protection law, needs to be read in conjunction with other relevant laws,...more
Following a public consultation on an initial version released last January, the European Data Protection Board (“EDPB”) last month adopted a final version of its Guidelines on Examples regarding Personal Data Breach...more