Selected U.S. Privacy and Cyber Updates - California Privacy Protection Agency Issues Notice of Modifications to Proposed CPRA Regulations - On November 3, 2022, the California Privacy Protection Agency (CPPA) issued a notice...more
On October 24, 2022, the Federal Trade Commission (“FTC”) announced a proposed consent order against both Drizly LLC, an online marketplace for alcohol delivery, and its CEO over the company’s alleged security failures that...more
On October 4, 2022, the White House Office of Science and Technology released the Blueprint for an AI Bill of Rights (the Bill) to guide the development and use of artificial intelligence (AI) in the United States. The White...more
Enhancing data security programs to protect personal information is a critical area companies cannot ignore. Our Privacy, Cyber & Data Strategy and Financial Services & Products groups unpack the latest moves by the Consumer...more
The Indian Computer Emergency Response Team (“CERT-In”) issued Directions on April 28, 2022 “to strengthen the cybersecurity in the country” and that has significant implications for the cybersecurity landscape. Effective...more
Maryland recently passed House Bill 962, amending Maryland’s Personal Information Protection Act (PIPA) (Md. Code Ann. Comm. Law 14-3504). As summarized below, House Bill 962 amends certain aspects of PIPA relating to breach...more
Selected Developments in U.S. Law - U.S. Department of Commerce Announces the Establishment of a Global CBPR Forum On April 21, 2022, Canada, Japan, South Korea, the Philippines, Singapore, Taiwan, and the United States...more
5/11/2022
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Assets ,
Fraud ,
Personal Information ,
Popular ,
Privacy Laws ,
Ransomware
The Strengthening American Cybersecurity Act of 2022, a bill that narrowly failed to become law last year, was passed in the Senate on Tuesday, March 1 as a package of cybersecurity measures that would require operators of...more
3/4/2022
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Breach Plans ,
Data Privacy ,
Data Protection ,
Data Security ,
Popular ,
Reporting Requirements
At the heels of a recent Civil Cyber-Fraud Initiative related to cybersecurity practices and the False Claims Act (FCA), a cybersecurity-related FCA case has survived a motion for summary judgment, teeing up a trial to...more
2/7/2022
/ Compliance ,
Cyber Crimes ,
Cybersecurity ,
Data Protection ,
Data Security ,
Department of Defense (DOD) ,
Disclosure Requirements ,
False Claims Act (FCA) ,
Federal Contractors ,
Fraud ,
NASA ,
Popular
As companies scramble to address the newly exploited, ubiquitous Log4j vulnerability, companies’ actions are now the potential source for government scrutiny. Our Privacy, Cyber & Data Security Team summarizes what the Log4j...more
The New York Department of Financial Services (NYDFS) continues to refine its position regarding the importance of and requirements regarding Multi-Factor Authentication (MFA), as evidenced most recently with the release of...more
Our Privacy, Cyber & Data Strategy and White Collar, Government & Internal Investigations teams answer the questions government contractors will have about how to evaluate the False Claims Act risks signaled by the Department...more
On October 6, 2021, Deputy Attorney General Lisa O. Monaco announced the launch of the Department of Justice’s Civil Cyber-Fraud Initiative. The Department plans to use civil enforcement tools to “pursue…those who are...more
Selected Developments in U.S. Law - Colorado Privacy Act Becomes Third Comprehensive State Privacy Act in the United States - Our Privacy, Cyber & Data Strategy Team highlights some of the similarities and differences between...more
On June 10, 2021, almost exactly three years after the passing of its Cybersecurity Law (CSL), the National People’s Congress of China passed a new Data Security Law (DSL) (click here for an unofficial English translation of...more
The New York Department of Financial Services (NYDFS) issued new guidance this week intended to assist organizations in thwarting ransomware attacks. The guidance clarifies the NYDFS’ expectation that NYDFS-regulated...more
Cybersecurity incidents—including second wave attacks—are on the rise. Our Privacy, Cyber & Data Strategy Team outlines seven tips for managing a cybersecurity incident—and recovering with strength....more
Selected Developments in U.S. Law - Alston & Bird Analyzes New California Privacy Rights Act - California voters approved a ballot initiative containing the California Privacy Rights Act of 2020. ...more
11/20/2020
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Justice (DOJ) ,
FinCEN ,
Hackers ,
International Data Transfers ,
Malware ,
Personal Information ,
Ransomware ,
Schrems I & Schrems II
On October 13, 2020, state financial regulators in partnership with the Bankers Electronic Crimes Taskforce and the U.S. Secret Service, released the Ransomware Self-Assessment Tool (R-SAT) to help financial institutions...more
Selected Developments in U.S. Law - SEC Creates Event and Emerging Risk Examination Team - Following the Office of Compliance Inspections and Examinations’ (OCIE) recent and detailed risk alert on the threat of ransomware,...more
8/14/2020
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Protection ,
Data Transfers ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
OCIE ,
Popular ,
Ransomware ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
UK
Businesses are facing long-term cybersecurity challenges as COVID-19 cases spike and remote work environments need to remain operational, scalable, and capable of flexing with cycles of coronavirus resurgence. Our...more
On Tuesday, July 21, 2020, the New York Department of Financial Services (the “NYDFS”) brought its first enforcement action under its Cybersecurity Regulation (the “Regulation”) against a large title insurer (the “Company”)...more
The UK National Cyber Security Centre and Canada’s Communications Security Establishment released an advisory linking APT29 (also known as, ‘the Dukes’ or ‘Cozy Bear’) to attacks against COVID-19 vaccine development in...more
Selected Developments in U.S. Law - Japan’s Personal Information Protection Committee Releases Guidance on Contact Tracing Mobile Apps to Combat COVID-19 - On May 1, the Personal Information Protection Committee in Japan...more
Businesses large and small are encouraging (or requiring) employees to work remotely or cancel work travel as part of the response to COVID-19. ...more