We get Privacy for work – Episode 6: The Potential Privacy Risks Inherent to Mergers and Acquisitions
Driving Digital Security: The FTC's Safeguards Rule Explained — Moving the Metal: The Auto Finance Podcast
No Password Required: SVP at SpyCloud Labs, Former Army Investigator, and Current Breakfast Champion
No Password Required Podcast: Chief Product Officer at ThreatLocker and Advocate of Buc-ee’s, Mascots, and Buc-ee Mascots
No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
AI Talk With Juliana Neelbauer - Episode Two - Cybersecurity Insurance: The New Frontier of Risk Management
On-Demand Webinar: Bring Predictability to the Spiraling Cost of Cyber Incident Response Data Mining
On-Demand Webinar: Bring Predictability and Reduce the Spiraling Cost of Cyber Incident Response
Unlock Privacy ROI: Why Making Cross-Functional Allies is Key
No Password Required: USF Cybercrime Professor, Former Federal Agent, and Vintage Computer Archivist
Episode 334 -- District Court Dismisses Bulk of SEC Claims Against Solarwinds
Monumental Win in Data Breach Class Action: A Case Study — The Consumer Finance Podcast
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
Work This Way: A Labor & Employment Law Podcast | Episode 14: How Employers Can Navigate Cybersecurity Issues with Brandon Robinson, Maynard Nexsen Attorney
FBI Lockbit Takedown: What Does It Mean for Your Company?
Privacy Officer's Roadmap: Data Breach and Ransomware Defense – Speaking of Litigation Video Podcast
Decoding Cyber Threats: Protecting Critical Infrastructure in a Digital World — Regulatory Oversight Podcast
Life With GDPR: Episode 104 – Solar Winds and Your Mother – Tell The Truth
No Password Required: American University’s Vice Provost for Research and Innovation and a Tracker of (Cyber) Unicorns
In a significant turn of events on July 2, 2025, the SEC, SolarWinds Corp. and its Chief Information Security Officer (CISO), Timothy Brown, announced through a joint letter to the U.S. District Court for the Southern...more
A nation's reputation is crucial, and the UAE has implemented strong legislation to address these issues under the Federal Law No. (34) of 2021 (cybercrimes law). These laws specifically target online activities concerning...more
On June 17, 2025, the Office of the Privacy Commissioner of Canada (OPC) released a summary of its investigation findings regarding a data breach at 23andMe, which affected nearly seven million customers, including...more
Cyber, Privacy, and Technology Report - Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed. State Action: North Dakota Passes Law...more
Health care organizations are under pressure to shore up their cybersecurity response efforts. Much of this pressure is coming from the US Department of Health and Human Services Office for Civil Rights (OCR), which has made...more
xThe cybersecurity community has witnessed a significant development with the recent compromise of LockBit’s operational infrastructure, providing extraordinary visibility into one of the most sophisticated...more
On April 14, 2025, the UK data protection regulator (the Information Commissioner’s Office (“ICO”)) fined DPP Law (“DPP”) £60,000 (approximately $80,000) following a ransomware incident. In its penalty notice, the ICO found...more
Welcome to our fourth issue of 2025 of Decoded - our technology law insights e-newsletter. We hope you enjoy this issue and thank you for reading. Sector by Sector: How Data Breaches are Wrecking Bottom Lines - “Data...more
The New York Attorney General recently entered into an assurance of discontinuance with Root Insurance Company following a 2021 data incident. According to the AG, the threat actors obtained people’s drivers’ license numbers...more
The SEC continues to leave its mark as a federal cybersecurity enforcer and closed out the year by charging another company with making misleading statements about a cybersecurity attack and failing to maintain cyber-related...more
Cyberattacks are affecting every company and sector. Meanwhile, the regulatory landscape is intensifying as the SEC continues to enforce the cyber-risk management disclosure rules. Every day presents a new compliance and...more
New York Attorney General (AG) Letitia James and global movie theater operator National Amusements, Inc. (National) settled a lawsuit stemming from a 2022 data breach reported by National, which affected 82,128 National...more
On October 22, 2024, the SEC charged two current reporting companies, Unisys Corp. and Check Point Software Technologies, and two former public companies, Mimecast Limited and Avaya Holdings Corp., with making materially...more
On October 22, 2024, the SEC announced that it had entered into settlements with four separate companies for making allegedly misleading disclosures about how they were impacted by the SolarWinds data breach in 2019. The...more
Cyber, Privacy, and Technology Report - Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed....more
More than a decade ago, I expressed concern about the Securities and Exchange Commission's predilection for targeting victims of crimes. That concern related to an enforcement action against a company that had been...more
The SEC recently issued an order and settlement against a company from a pair of cyberattacks in which millions of dollars of client funds were stolen. While the company was able to recover a portion of the funds and...more
What do the SolarWinds ruling and other recent developments mean for the future of the SEC’s cyber regulatory program? Will the SEC’s “lack of moderation” result in “violent ends” for its cyber agenda? Or will the current...more
This Holland & Knight blog post is the second installment in a two-part series that examines the challenges to the U.S. Securities and Exchange Commission's (SEC) charges in its landmark case against SolarWinds Corp....more
On July 18, 2024, District Court Judge Engelmayer of the Southern District of New York issued his 107-page opinion and order dismissing most – but not all – of the landmark allegations of the SEC against SolarWinds Corp. and...more
On July 18, a New York federal judge threw out most of the SEC’s claims brought against both SolarWinds Corp. and the company’s chief information security officer (CISO), Timothy Brown....more
On June 18, 2024, the Securities and Exchange Commission (“SEC”) announced a $2.1 million civil penalty settlement of charges against R.R. Donnelley & Sons (“RRD”), a global provider of business communications services and...more
In the ever-evolving compliance landscape, the recent enforcement action by the Securities and Exchange Commission (SEC) against RR Donnelley is a significant case study. This incident underscores the importance of robust...more
In a significant expansion of internal controls enforcement, the SEC announced a $2.1 million settlement with R.R. Donnelley & Sons Co. (“RRD”) for its handling of a 2021 ransomware attack and resulting disclosure failures. ...more
AT&T Inc. announced in a July 12, 2024, SEC filing that hackers stole a cache of six months’ worth of mobile phone customer data, illegally downloading the records from a workspace account at the cloud-service provider...more