On Jan. 15, the Federal Trade Commission (FTC) announced a proposed settlement with web hosting giant GoDaddy over alleged violations of Section 5 of the FTC Act. Specifically, the FTC alleged that GoDaddy had violated the...more
The U.S. Department of Homeland Security (DHS) recently published new security requirements for certain restricted transactions covered by the U.S. Department of Justice’s (DOJ) sensitive data export rules. ...more
In recent years, data breaches have escalated from isolated technical issues to significant legal battles. Businesses are witnessing a sharp rise in data breach lawsuits, underscoring the growing legal risks associated with...more
On December 27, 2024, the Department of Health and Human Services (HHS) issued a notice of proposed rulemaking (NPRM) related to the Security Rule under the Health Insurance Portability and Accountability Act (HIPAA). ...more
Compliance and Regulations - Ensure adherence to SEC regulations with appropriate privacy and cybersecurity policies tailored to SEC requirements....more
On October 2, the New York State Department of Health (NYSDOH) issued new cybersecurity regulations (Regulations) for all general hospitals in New York state (“hospitals”), creating a new Section 405.46 in Title 10 (Health)...more
The New York State Department of Financial Services (NYDFS) and the Attorney General’s office have recently imposed significant fines totalling $11.3 million on Geico and Travelers for data breaches that compromised the...more
New York hospitals have less than a year to dust off their Health Insurance Portability and Accountability Act (HIPAA) compliance programs and update them to comply with more stringent and detailed state regulations. Last...more
Americans hear about cybersecurity incidents on a frequent basis. As the adage goes, it is not a matter of “if” a breach or security hack occurs; it is a matter of “when.”...more
President Ronald Reagan famously quipped, "I think you all know that I've always felt that the nine most terrifying words in the English language are: I'm from the Government, and I'm here to help."1 At an Oct. 23-24, 2024,...more
On October 22, 2024, the SEC charged two current reporting companies, Unisys Corp. and Check Point Software Technologies, and two former public companies, Mimecast Limited and Avaya Holdings Corp., with making materially...more
Summary: If you're tackling compliance and security challenges in an AI-driven world, this post is essential. Discover how Microsoft Purview and Copilot for Security streamline processes, enhance security, and boost...more
In response to the rapid growth of AI technology, the White House has launched the AI Data Center Task Force, a strategic initiative aimed at advancing the development of data centers. These facilities are set to play a...more
On August 22, 2024, the United States intervened in a whistleblower suit against the Georgia Institute of Technology, initially filed by current and former members of Georgia Tech’s cybersecurity team, alleging that Georgia...more
Effective information security is no longer just dependent on an organisation’s own internal cybersecurity controls. The UK Information Commissioner’s Office (ICO) highlights that third-party service providers are processing...more
AI tools often drive efficiency and save money, but they have drawbacks. Here’s what to know....more
Cyber incidents have been growing at an exponential rate in recent years. A recent report from the Identity Theft Resource Center found that there were over one billion data breach victims in Q2 of 2024, which is around five...more
Womble Bond Dickinson’s content series—Innovation Interchange: The Power of Cross-Industry Insight—explores emerging challenges from the viewpoint of trendsetting industries. ...more
An unprecedented cyber qui tam action involving Georgia Tech’s alleged failure to comply with certain cybersecurity controls underscores the importance of having advanced cyber requirements for federal contractors. Our...more
Late last week, the U.S. Department of Justice (DOJ) filed its complaint-in-intervention in a qui tam lawsuit against the Georgia Institute of Technology (Georgia Tech), alleging that the university failed to meet certain...more
Cyber incidents have surged in recent years, with attacks more than doubling since 2020 and the number of victims totaling in the hundreds of millions in 2023 alone. These incidents can cost organizations millions or even...more
Website privacy controls—in the form of banners and pop-ups asking visitors to agree to, or reject, a website’s use of cookies, pixels, and similar technologies used to track their behavior—are becoming ubiquitous. In the...more
The SEC has been aggressively pursuing cybersecurity investigations and enforcement actions against public companies and foreign private issuers. In these actions, the SEC often alleges one of two theories: 1) that the...more
The Securities and Exchange Commission entered into a resolution agreement with R.R. Donnelley & Sons (RRD) on June 18, 2024 with RRD agreeing to pay $2.125 million to resolve disclosure and control violations alleged by the...more
Frontier Communications (Frontier) faces three class action lawsuits in relation to a cyber data breach in which the criminal ransomware group, RansomHub, stole personally identifiable information (PII) of over 750,000...more