The number of states enacting comprehensive privacy laws is growing, adding to the existing patchwork of privacy, security, and data breach notification laws that keep legal and compliance personnel busy. This five-part series will highlight key provisions in a few of the new comprehensive privacy laws and regulations. Each week we will examine laws in a new state and provide recommendations on what steps businesses should consider taking. We begin with the Virginia Consumer Data Protection Act.
Read more »Data Privacy & Cybersecurity
-
Privacy Protection Patchwork, Part I: New Comprehensive State Privacy Laws and How They Could Impact Your Business Posted on: June 06, 2022 In: Data Privacy & Cybersecurity
-
CPPA Issues CPRA Draft Regulations Posted on: June 01, 2022 In: Data Privacy & Cybersecurity
On Friday, May 27, 2022, the California Privacy Protection Agency (CPPA) issued draft proposed regulations ahead of its June 8, 2022 board meeting. While these draft regulations are subject to public comment and may undergo extensive revisions before they are finalized, the draft rules provide some insight into the direction the CPPA is taking with regard to how businesses may collect and use personal information as well as the form and content for notices and disclosures to consumers.
Read more »
-
All Hail the Red Team! The Value of Penetration Testing for a Cybersecurity Culture Posted on: May 17, 2022 In: Data Privacy & Cybersecurity
While many organizations seek to monitor their cybersecurity posture with internal testing, such as table top exercises, simulated phishing attacks, and other proactive measures, the question always remains: is it enough to thwart a sophisticated threat actor? This simple question, with its many complexities and concerns, was a daily inquiry for me as a former FBI executive in charge of the data presentation and storage for operations.
Read more »
-
Can Your Coffee Maker Be Hacked? Cybersecurity Issues and the Growing Internet of Things Posted on: May 09, 2022 In: Data Privacy & Cybersecurity
Internet of Things (IoT) devices have flooded the lives of consumers over the past few years, with the global IoT market valued at $384.7 billion in 2021, according to a March 2022 report from Fortune Business Insights. "Smart" technology has become a standard feature on most consumer products, and with a growing number of devices being connected to the internet, it is increasingly important that the public be sufficiently educated on the risks that accompany IoT devices.
Read more »
-
UPDATE: Strengthening American Cybersecurity Act of 2022 Signed Into Law Posted on: March 28, 2022 In: Data Privacy & Cybersecurity
On March 15, 2022, the Strengthening American Cybersecurity Act, which includes the Cyber Incident Reporting for Critical Infrastructure Act of 2022 was signed into law by President Biden, thereby creating new reporting requirements for critical infrastructure entities. Under the Act, entities considered to be critical infrastructure must notify the Cybersecurity and Infrastructure Security Agency within 72 hours of discovering a covered cyber incident and within 24 hours of a ransomware payment.
Read more »
-
Additional Data Protection Authorities Assess Legality Around Using Google Analytics Posted on: March 22, 2022 In: Data Privacy & Cybersecurity
In response to a 2020 European Court of Justice (ECJ) ruling that the EU-US Privacy Shield data transfer mechanism was not consistent with European data protection laws, the EU and U.S. began working to identify a new arrangement for transferring personal data from the EU to the U.S. However, to date, no substitute data transfer mechanism has been identified.
Read more »
-
Standing Up the Strengthening American Cybersecurity Act of 2022 Posted on: March 16, 2022 In: Data Privacy & Cybersecurity
The U.S. Senate unanimously passed the Strengthening American Cybersecurity Act on March 1, 2022. If signed into law, it would create an affirmative obligation for critical infrastructure entities across 16 federally designated critical infrastructure sectors, including energy and financial services, to report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency.
Read more »
-
FinCEN Alert: Malware/Ransomware Updates & New Perimeter Device Vulnerability Posted on: March 08, 2022 In: Data Privacy & Cybersecurity
There have recently been a number of developments in cybersecurity due to the Russia/Ukraine conflict. The Financial Crimes Enforcement Network (FinCEN) released an alert on March 7 advising all financial institutions to be vigilant against efforts to evade sanctions imposed in connection with the Russian invasion of Ukraine. The primary focus of the alert appears to be eliciting cooperation of financial institutions in identifying hidden Russian and Belarusian assets.
Read more »
-
QR Codes – Consumer Convenience or Fraudulent Contrivance? Posted on: March 07, 2022 In: Data Privacy & Cybersecurity
During the halftime show of this year’s Super Bowl, a floating QR code took a star turn in a prominently placed advertisement from cryptocurrency exchange platform Coinbase. So many people reportedly followed the link from the QR code that the resulting traffic overwhelmed and crashed the Coinbase website landing page. The convenience of the code clearly worked, but while QR codes may be a welcome convenience, they may also be a potential tool for the commission of fraud.
Read more »
-
Russia-Ukraine Conflict: Ransomware Updates & Cybersecurity Consequences Posted on: February 28, 2022 In: Data Privacy & Cybersecurity
With cyberwarfare in the headlines due to the Russia-Ukraine conflict, it is another reminder that we must maintain a sense of urgency about our information security. We need to continuously harden our systems, which includes increasing the speed with which we implement software and operating system updates, deploying heuristic-based endpoint detection and response (EDR) tools, regularly conducting vulnerability scans, enhancing our logging and event management processes, and more.
Read more »
-
Cyber Extortion: Harvesting the Fruits of Business Email Compromises Posted on: February 25, 2022 In: Data Privacy & Cybersecurity
Business email compromises have long been the staple of online criminal activity. As they continue to enhance their ability to monetize unlawful access to email accounts, malicious actors are now accessing and downloading emails and attachments, as well as files stored in OneDrive and SharePoint platforms, and using the sensitive information to extort ransom payments from legitimate email account holders.
Read more »
-
Canada Reforms Its Data Privacy Laws Through Enactment of Quebec Bill 64 Posted on: February 16, 2022 In: Data Privacy & Cybersecurity
In September 2021, Quebec Bill 64, An Act to modernize legislative provisions as regards the protection of personal information, was unanimously adopted by lawmakers in the province. With a three-year phased implementation beginning on September 22, 2022, the new law aims to reform privacy laws in Canada by amending existing privacy laws and adding other requirements concerning public bodies and private enterprises handling personal information focusing on accountability in the use of personal information.
Read more »