December is a busy time for businesses and individuals alike and the last thing anyone wants is more on their to-do list. However, we encourage organizations to take stock of their privacy program, and to pay particular attention to the new privacy laws that will become effective on January 1, 2023: the California Privacy Rights Act (CPRA) and the Virginia Consumer Data Protection Act (VCDPA). Businesses with operations in these states should assess whether the new laws apply to them and what to do next.
Read more »Data Privacy & Cybersecurity
-
Just In Time: Last Minute Compliance Tips for the CPRA and VCDPA Posted on: December 06, 2022 In: Data Privacy & Cybersecurity
-
White House Issues Executive Order on EU-U.S. Data Privacy Framework Posted on: October 18, 2022 In: Data Privacy & Cybersecurity
On October 7, 2022, President Biden signed the “Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities,” which outlines the actions the United States will take to implement the commitments made under the European Union-U.S. Data Privacy Framework announced in March 2022. This is a welcome change for U.S. companies grappling with compliance requirements under the EU’s far-reaching data privacy law, the General Data Protection Regulation.
Read more »
-
California Legislature Takes Steps to Regulate Collection and Storage of Children’s Data Posted on: September 29, 2022 In: Data Privacy & Cybersecurity
On September 15, 2022, California Governor Newsom signed the California Age-Appropriate Design Code Act (the Act). This Act, scheduled to go into effect July 1, 2024, is the first state law to require heightened standards for businesses’ collection and use of the personal information of California individuals under the age of 18. Currently the federal Children’s Online Privacy Protection Act (COPPA) protects data of minors who are under the age of 13.
Read more »
-
Wire Transfer Fraud – Can Funds Be Recovered? Posted on: September 20, 2022 In: Data Privacy & Cybersecurity
Businesses are constantly targeted by criminals attempting to gain access to information that will allow them to fraudulently divert wire transfers. This fraud often occurs after the criminal has compromised the email account of someone in the company who can approve such transfers, taking over communications with customers and vendors. This exploit has become a multibillion-dollar criminal business model. But can those funds be recovered? And how can you protect yourself from such attacks?
Read more »
-
The “September 6th Rule”: OFAC Consolidates Seven-Year Patchwork of Laws, Reissues Cyber-Related Sanctions Regulations Posted on: September 07, 2022 In: Data Privacy & Cybersecurity
On September 6, 2022, without notice or opportunity for public comment, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) published a Rule – which took immediate effect – consolidating a seven-year patchwork of “Cyber-Related Sanctions Regulations.” The Rule did not revise any laws; it merely restated the U.S. government’s opposition to the provision of material support for malicious cyber-enabled activity originating outside the United States.
Read more »
-
SEC Proposes Rules to Increase Reporting About Cybersecurity Incidents Posted on: July 27, 2022 In: Data Privacy & Cybersecurity
As outlined by the Securities and Exchange Commission (SEC) in its proposed changes to rules regarding disclosure of cybersecurity incidents, there has been a steady increase in cyberattacks, some of which have had devasting effects on businesses, consumers, and investors. The SEC proposal is premised on the belief that investors would benefit from more timely and consistent disclosure about material cybersecurity incidents and greater availability and comparability of disclosure by public companies.
Read more »
-
Privacy Protection Patchwork, Part V: How the California Privacy Rights Act Could Impact Your Business Posted on: July 07, 2022 In: Data Privacy & Cybersecurity
The number of states enacting comprehensive privacy laws is growing, adding to the existing patchwork of privacy, security, and data breach notification laws that keep legal and compliance personnel busy. This five-part series will highlight key provisions in a few of the new comprehensive privacy laws and regulations. Each week we will examine laws in a new state and provide recommendations on what steps businesses should consider taking. In Part V, we discuss the California Privacy Rights Act.
Read more »
-
Privacy Protection Patchwork, Part IV: How the Connecticut Data Privacy Act Could Impact Your Business Posted on: June 28, 2022 In: Data Privacy & Cybersecurity
The number of states enacting comprehensive privacy laws is growing, adding to the existing patchwork of privacy, security, and data breach notification laws that keep legal and compliance personnel busy. This five-part series will highlight key provisions in a few of the new comprehensive privacy laws and regulations. Each week we will examine laws in a new state and provide recommendations on what steps businesses should consider taking. In Part IV, we discuss the Connecticut Data Privacy Act.
Read more »
-
The “Follina” Vulnerability: Microsoft Support Diagnostic Tool Alert for Zero Day Exploit CVE-2022-30190 Posted on: June 27, 2022 In: Data Privacy & Cybersecurity
On May 30, 2022, Microsoft issued an alert regarding a vulnerability in its Microsoft Support Diagnostic Tool that can be exploited using Microsoft Office documents and results in the unauthorized installation of programs or access to data.The vulnerability evades common protections associated with Microsoft Office documents, requires minimal user interaction, and can be used by a remote attacker to execute arbitrary code, escalate privileges to fully take over a machine, or deploy additional malware.
Read more »
-
North Carolina Prohibits Ransom Payments by State and Local Government Agencies Posted on: June 24, 2022 In: Data Privacy & Cybersecurity
North Carolina made national headlines recently as the first state to prohibit state agencies and local government entities from paying a ransom following an attack. But N.C. Gen. Stat. § 143-800 goes one step further, prohibiting those entities from even communicating with a threat actor following an attack.
Read more »
-
Privacy Protection Patchwork, Part III: What Your Business Should Know About Utah’s Consumer Privacy Act Posted on: June 20, 2022 In: Data Privacy & Cybersecurity
The number of states enacting comprehensive privacy laws is growing, adding to the existing patchwork of privacy, security, and data breach notification laws that keep legal and compliance personnel busy. This five-part series will highlight key provisions in a few of the new comprehensive privacy laws and regulations. Each week we will examine laws in a new state and provide recommendations on what steps businesses should consider taking. In Part III, we discuss the Utah Consumer Privacy Act.
Read more »
-
Privacy Protection Patchwork, Part II: How the Colorado Privacy Act Could Impact Your Business Posted on: June 13, 2022 In: Data Privacy & Cybersecurity
The number of states enacting comprehensive privacy laws is growing, adding to the existing patchwork of privacy, security, and data breach notification laws that keep legal and compliance personnel busy. This five-part series will highlight key provisions in a few of the new comprehensive privacy laws and regulations. Each week we will examine laws in a new state and provide recommendations on what steps businesses should consider taking. In Part II, we explore the Colorado Privacy Act.
Read more »