On August 17, 2022, New York announced an amendment to the Continuing Legal Education (CLE) Program Rules, which adds a requirement for attorneys to complete at least one CLE credit hour in Cybersecurity, Privacy, and Data...more
Organizations attacked with ransomware have a bevy of decisions to make, very quickly! One of those decisions is whether to pay the ransom. Earlier this year, I had the honor of contributing to a two-part series, entitled...more
States continue to tinker with their breach notification laws. The latest modification to the Indiana statute relates to the timing of notification. On March 18, 2022, Indiana Governor Eric Holcomb, signed HB 1351 which...more
No industry is immune to privacy and cybersecurity risks, and the construction industry is no exception. Those in the construction industry can protect against a potential cyberattack by understanding the risks and...more
3/31/2022
/ Construction Industry ,
Cyber Crimes ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Employee Training ,
Hackers ,
Incident Response Plans ,
Popular ,
Third-Party
Included within the Consolidated Appropriations Act, 2022, signed by President Joe Biden on March 15, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (Act) creates new data breach reporting requirements....more
3/18/2022
/ Consolidated Appropriations Act (CAA) ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Homeland Security (DHS) ,
Popular ,
Ransomware ,
Reporting Requirements ,
SolarWinds
According to a recent survey, about 45% of companies do not have a Chief Information Security Officer (CISO). As West Monroe’s “The Importance of a CISO” observes, it would be terrific for all organizations to have a CISO,...more
When Massachusetts issued its data security regulations in 2009 (Regulations), it led the way for states on data security. The Regulations became effective 12 years ago, almost to the day, March 1, 2010. The Bay State is now...more
On February 9, the Securities and Exchange Commission (“SEC”) voted to propose rule 206(4)-9 under the Advisers Act and 38a-2 under the Investment Company Act (collectively, “Proposed Rule”). In general, the Proposed Rule...more
2/11/2022
/ Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Financial Services Industry ,
Investment Adviser ,
Investment Management ,
Investors ,
Policies and Procedures ,
Popular ,
Proposed Rules ,
Recordkeeping Requirements ,
Retirement Plan ,
Risk Assessment ,
Securities and Exchange Commission (SEC)
In honor of Data Privacy Day, we provide the following “Top 10 for 2022.” While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2022...more
1/28/2022
/ Americans with Disabilities Act (ADA) ,
Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Coronavirus/COVID-19 ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Privacy ,
EU ,
General Data Protection Regulation (GDPR) ,
National Security ,
Popular ,
Ransomware ,
Standard Contractual Clauses ,
State Privacy Laws ,
TCPA
Efforts to secure systems and data from a cyberattack often focus on measures such as multifactor authentication (MFA), endpoint monitoring solutions, antivirus protections, and role-based access management controls, and for...more
1/13/2022
/ Biometric Information Privacy Act ,
Breach Notification Rule ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Retention ,
Data Security ,
Data Storage ,
General Data Protection Regulation (GDPR) ,
Incident Response Plans ,
Multi-Factor Authentication ,
Third-Party
Over the past several years, if your organization experienced a cyberattack, such as ransomware or a diversion of funds due to a business email compromise (BEC), and you had cyber insurance, you likely were very thankful....more
1/3/2022
/ Business Interruption ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Defense Costs ,
Incident Response Plans ,
Multi-Factor Authentication ,
Popular ,
Ransomware ,
SHIELD Act ,
Training
According to reports, Kronos, the cloud-based, HR management service provider, suffered a data incident involving ransomware affecting its information systems. Kronos communicated that it discovered the incident late on...more
Last week, the Department of Justice (“DOJ”) announced the launch of its Civil Cyber-Fraud Initiative (“the Initiative”) aimed at combating “new and emerging cyber threats to the security of sensitive information and critical...more
10/18/2021
/ Criminal Prosecution ,
Critical Infrastructure Sectors ,
Cryptocurrency ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Department of Justice (DOJ) ,
Enforcement ,
Enforcement Actions ,
False Claims Act (FCA) ,
Federal Contractors ,
Government Investigations ,
Popular ,
Ransomware
Watch out! A spike in ransomware attacks may be headed our way over Labor Day weekend. Yesterday, the FBI jointly with the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning to be on high alert for...more
9/3/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
FBI ,
Holidays ,
Multi-Factor Authentication ,
Passwords ,
Popular ,
Ransomware ,
Remote Desktop Protocols
Facial recognition technology has become increasingly popular in recent years in the employment and consumer space (e.g. employee access, passport check-in systems, payments on smartphones), and in particular during the...more
In April, we posted about the U.S. Department of Labor’s (DOL) Employee Benefits Security Administration (EBSA) issuing cybersecurity guidance for employee retirement plans. That is, April 14, 2021. Shortly thereafter, the...more
Effective October 1, 2021, Connecticut becomes the third state with a data breach litigation “safe harbor” law (Public Act No. 21-119), joining Utah and Ohio. In short, the Connecticut law prohibits courts in the state from...more
Individuals who serve as a fiduciaries to their company’s retirement plan often feel they may not be sufficiently informed or qualified to make prudent decisions for the plan. They might ask themselves: “How do I know which...more
In April, we posted about the U.S. Department of Labor’s (DOL) Employee Benefits Security Administration (EBSA) issuing cybersecurity guidance for employee retirement plans. That is, April 14, 2021. Shortly thereafter, the...more
Thousands of devices connecting to the internet make up the Internet of Things (IoT). While helping to streamline operations and improve productivity, the advantages of IoT are not without risks. Recent federal and state laws...more
By now, plan fiduciaries and their service providers likely have heard about the DOL’s cybersecurity guidance. The Department of Labor’s stepping into cybersecurity in this way – a posting of best practices on the agency’s...more
The Texas Legislature, which meets every other year, pushed a change to its data breach notification law at the end of the session in late May, and yesterday Governor Greg Abbott signed the bill into law...more
6/15/2021
/ Corporate Counsel ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Governor Abbott ,
Notification Requirements ,
State Attorneys General ,
State Data Breach Notification Statutes
The Biden Administration has issued the much-anticipated “Improving the Nation’s Cybersecurity” Executive Order (EO), setting certain standards and requirements to prevent cyberattacks for government agencies, federal...more
5/18/2021
/ Biden Administration ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Executive Orders ,
Federal Acquisition Regulations (FAR) ,
National Security ,
Oil & Gas ,
Pipelines ,
Popular ,
Ransomware ,
SolarWinds
On May 12, 2021, the Biden Administration issued an Executive Order on “Improving the Nation’s Cybersecurity” (EO). The EO was in the works prior to the Colonial Pipeline cyberattack, reportedly a ransomware incident that...more
5/17/2021
/ Biden Administration ,
Cyber Attacks ,
Cybersecurity ,
Executive Orders ,
Hackers ,
Information Management ,
Information Technology ,
Oil & Gas ,
Pipelines ,
Popular ,
Software ,
Supply Chain
In a recent post, we highlighted the need for a privacy and cybersecurity training program, one not solely focused on spotting phishing attempts (although that is quite important as well). A primary reason, quite simply, is...more
4/28/2021
/ Coronavirus/COVID-19 ,
Cybersecurity ,
Data Security ,
Employee Training ,
GitHub ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personally Identifiable Information ,
Popular ,
Remote Working ,
Security Breach ,
State Health Departments