Data Privacy & Cybersecurity PracticeOn September 15, 2022, California Governor Newsom signed the California Age-Appropriate Design Code Act (the Act). This Act, scheduled to go into effect July 1, 2024, is the first state law to require heightened standards for businesses’ collection and use of the personal information of California individuals under the age of 18. Currently the federal Children’s Online Privacy Protection Act (COPPA) protects data of minors who are under the age of 13.
Read more »Data Privacy & Cybersecurity
-
California Legislature Takes Steps to Regulate Collection and Storage of Children’s Data Posted on: September 29, 2022 In: Data Privacy & Cybersecurity
-
Wire Transfer Fraud – Can Funds Be Recovered? Posted on: September 20, 2022 In: Data Privacy & CybersecurityBusinesses are constantly targeted by criminals attempting to gain access to information that will allow them to fraudulently divert wire transfers. This fraud often occurs after the criminal has compromised the email account of someone in the company who can approve such transfers, taking over communications with customers and vendors. This exploit has become a multibillion-dollar criminal business model. But can those funds be recovered? And how can you protect yourself from such attacks?
Read more »
-
The “September 6th Rule”: OFAC Consolidates Seven-Year Patchwork of Laws, Reissues Cyber-Related Sanctions Regulations Posted on: September 07, 2022 In: Data Privacy & CybersecurityOn September 6, 2022, without notice or opportunity for public comment, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) published a Rule – which took immediate effect – consolidating a seven-year patchwork of “Cyber-Related Sanctions Regulations.” The Rule did not revise any laws; it merely restated the U.S. government’s opposition to the provision of material support for malicious cyber-enabled activity originating outside the United States.
Read more »
-
SEC Proposes Rules to Increase Reporting About Cybersecurity Incidents Posted on: July 27, 2022 In: Data Privacy & CybersecurityAs outlined by the Securities and Exchange Commission (SEC) in its proposed changes to rules regarding disclosure of cybersecurity incidents, there has been a steady increase in cyberattacks, some of which have had devasting effects on businesses, consumers, and investors. The SEC proposal is premised on the belief that investors would benefit from more timely and consistent disclosure about material cybersecurity incidents and greater availability and comparability of disclosure by public companies.
Read more »
-
Privacy Protection Patchwork, Part V: How the California Privacy Rights Act Could Impact Your Business Posted on: July 07, 2022 In: Data Privacy & CybersecurityThe number of states enacting comprehensive privacy laws is growing, adding to the existing patchwork of privacy, security, and data breach notification laws that keep legal and compliance personnel busy. This five-part series will highlight key provisions in a few of the new comprehensive privacy laws and regulations. Each week we will examine laws in a new state and provide recommendations on what steps businesses should consider taking. In Part V, we discuss the California Privacy Rights Act.
Read more »
-
Privacy Protection Patchwork, Part IV: How the Connecticut Data Privacy Act Could Impact Your Business Posted on: June 28, 2022 In: Data Privacy & CybersecurityThe number of states enacting comprehensive privacy laws is growing, adding to the existing patchwork of privacy, security, and data breach notification laws that keep legal and compliance personnel busy. This five-part series will highlight key provisions in a few of the new comprehensive privacy laws and regulations. Each week we will examine laws in a new state and provide recommendations on what steps businesses should consider taking. In Part IV, we discuss the Connecticut Data Privacy Act.
Read more »
-
The “Follina” Vulnerability: Microsoft Support Diagnostic Tool Alert for Zero Day Exploit CVE-2022-30190 Posted on: June 27, 2022 In: Data Privacy & CybersecurityOn May 30, 2022, Microsoft issued an alert regarding a vulnerability in its Microsoft Support Diagnostic Tool that can be exploited using Microsoft Office documents and results in the unauthorized installation of programs or access to data.The vulnerability evades common protections associated with Microsoft Office documents, requires minimal user interaction, and can be used by a remote attacker to execute arbitrary code, escalate privileges to fully take over a machine, or deploy additional malware.
Read more »
-
North Carolina Prohibits Ransom Payments by State and Local Government Agencies Posted on: June 24, 2022 In: Data Privacy & CybersecurityNorth Carolina made national headlines recently as the first state to prohibit state agencies and local government entities from paying a ransom following an attack. But N.C. Gen. Stat. § 143-800 goes one step further, prohibiting those entities from even communicating with a threat actor following an attack.
Read more »
-
Privacy Protection Patchwork, Part III: What Your Business Should Know About Utah’s Consumer Privacy Act Posted on: June 20, 2022 In: Data Privacy & CybersecurityThe number of states enacting comprehensive privacy laws is growing, adding to the existing patchwork of privacy, security, and data breach notification laws that keep legal and compliance personnel busy. This five-part series will highlight key provisions in a few of the new comprehensive privacy laws and regulations. Each week we will examine laws in a new state and provide recommendations on what steps businesses should consider taking. In Part III, we discuss the Utah Consumer Privacy Act.
Read more »
-
Privacy Protection Patchwork, Part II: How the Colorado Privacy Act Could Impact Your Business Posted on: June 13, 2022 In: Data Privacy & CybersecurityThe number of states enacting comprehensive privacy laws is growing, adding to the existing patchwork of privacy, security, and data breach notification laws that keep legal and compliance personnel busy. This five-part series will highlight key provisions in a few of the new comprehensive privacy laws and regulations. Each week we will examine laws in a new state and provide recommendations on what steps businesses should consider taking. In Part II, we explore the Colorado Privacy Act.
Read more »
-
Privacy Protection Patchwork, Part I: New Comprehensive State Privacy Laws and How They Could Impact Your Business Posted on: June 06, 2022 In: Data Privacy & CybersecurityThe number of states enacting comprehensive privacy laws is growing, adding to the existing patchwork of privacy, security, and data breach notification laws that keep legal and compliance personnel busy. This five-part series will highlight key provisions in a few of the new comprehensive privacy laws and regulations. Each week we will examine laws in a new state and provide recommendations on what steps businesses should consider taking. We begin with the Virginia Consumer Data Protection Act.
Read more »
-
CPPA Issues CPRA Draft Regulations Posted on: June 01, 2022 In: Data Privacy & CybersecurityOn Friday, May 27, 2022, the California Privacy Protection Agency (CPPA) issued draft proposed regulations ahead of its June 8, 2022 board meeting. While these draft regulations are subject to public comment and may undergo extensive revisions before they are finalized, the draft rules provide some insight into the direction the CPPA is taking with regard to how businesses may collect and use personal information as well as the form and content for notices and disclosures to consumers.
Read more »
Blog Search
Featured Posts
Blog Tags
alabama
arkansas
audit
bank secrecy act
biometric data
blockchain
breach notification
california
canada
ccpa
cisa
client notification
colorado
congress
connecticut
consumer data
consumer notification
consumer rights
coronavirus
covid-19
cppa
cpra
cryptocurrency
cyberattack
cyber insurance
cybersecurity
cyber threat
cyberwarfare
data breach
data privacy
data protection
data security
delaware
email
employment
equifax
eu
eu-u.s. privacy shield
european union
executive order
fbi
fcra
federal trade commission
financial fraud kill chain
fincen
fraud
gdpr
hacking
healthcare
hhsocr
hipaa
holiday season
human resources
identity theft
illinois
incident response
information security
irs
legislation
legislative alert
malware
maryland
massachusetts
microsoft
microsoft exchange servers
multi-factor authentication
multi-factor identification
new jersey
new york
ninth circuit
nist
nist security controls
ofac
office for civil rights
opt out
personal data
personal information
phishing
privacy law
privacy protection patchwork
protected health information
ransomware
regulations
reporting requirements
russia ukraine conflict
sec
social engineering
social media
statute
supreme court
tax returns
treasury department
utah
virginia
w2
washington
websites
wire transfers
workplace policy
zoom