Data Privacy & Cybersecurity PracticeAs detailed in our ongoing series, the passage of the California Privacy Rights Act (CPRA) promises to drastically change the privacy landscape in the Golden State, and affect the privacy compliance efforts of many businesses that service customers in California.
Read more »Data Privacy & Cybersecurity
-
CCPA 2.0 and the Changing Privacy Landscape, Part VI: CPRA’s Impact On Service Providers, Contractors, and Third Parties Posted on: April 05, 2021 In: Data Privacy & Cybersecurity
-
ALERT: Microsoft Exchange Vulnerabilities Used to Deploy Ransomware Posted on: March 15, 2021 In: Data Privacy & CybersecurityOn March 11, 2021, Microsoft acknowledged that the recently disclosed Microsoft Exchange vulnerabilities were being used to facilitate ransomware attacks. The four vulnerabilities – known as vulnerabilities CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065 – have been exploited by attackers to compromise systems beyond the Exchange server.
Read more »
-
You’ve Experienced a Ransomware Attack - Now What? 5 Practical Steps to Take In Response to a Ransomware Attack Posted on: March 11, 2021 In: Data Privacy & CybersecurityBy now, most of you know that due to the COVID-19 pandemic and the shift to remote work, data security incidents increased both in number and severity in 2020 and show no signs of slowing down in 2021. What you may not know, however, is what to do when your business experiences a ransomware attack. This post details five steps your organization should take immediately to reduce the impact of the attack.
Read more »
-
Breach Notification Requirements Proposed for Banks Posted on: March 09, 2021 In: Data Privacy & CybersecurityOn January 12, 2021, the Office of Comptroller of the Currency, the Federal Reserve Board, the Federal Deposit Insurance Company, and the Office of Thrift Supervision published a proposed rule that would substantially enhance banking organizations’ notification obligations in response to data security incidents. It would require a banking organization to provide its primary federal regulator with prompt notification of any “computer-security incident” that rises to the level of a “notification incident.”
Read more »
-
ALERT: Zero-Day Vulnerabilities Being Exploited to Attack On-Premises Microsoft Exchange Servers Posted on: March 04, 2021 In: Data Privacy & CybersecurityOn March 2, 2021, Microsoft released a new patch to address four zero-day exploits being used to attack on-premises Microsoft Exchange Servers. The United States Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) has urged vulnerable businesses to read Microsoft’s update and apply patches to their systems as necessary.
Read more »
-
Virginia’s Consumer Data Protection Act: Not Quite The CCPA Posted on: March 02, 2021 In: Data Privacy & CybersecurityThough it seems Virginia is following California’s lead by becoming the second state with its own comprehensive data privacy legislation, Virginia’s Consumer Data Protection Act (CDPA) diverges from the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) in that it is far more business-friendly and does not have the “teeth” that the CCPA does.
Read more »
-
Canada Introduces Legislation to Revamp Federal Privacy Landscape Posted on: February 16, 2021 In: Data Privacy & CybersecurityThe Canadian House of Commons introduced draft legislation that, if enacted, would align federal Canadian privacy law with the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). The draft legislation, titled the Consumer Privacy Protection Act (CPPA), proposes significant advancements to the current legal regime governing personal data.
Read more »
-
Top Five Cybersecurity Suggestions for 2021 Posted on: February 12, 2021 In: Data Privacy & CybersecurityAs hard as it is to believe, we are already more than a month into 2021 – and our Data Privacy & Cybersecurity Team is well on its way to managing over 2,000 data security incidents this year. It serves as an important reminder that a few cybersecurity suggestions can have a big impact as we embrace the months to come. The following are our top five suggestions to enhance the security of your network, detect intruders more quickly, and reduce the scope and expense of data security events this year.
Read more »
-
Don’t Forget the HIPAA Small Breach Notification Deadline of March 1, 2021. It’s Right Around the Corner! Posted on: February 10, 2021 In: Data Privacy & CybersecurityDespite all that made 2020 an unusual year, data security incidents did not slow down. For organizations that are covered by the Health Insurance Portability and Accountability Act (HIPAA), the deadline to report small incidents is fast approaching. Organizations that experienced a data security incident in 2020, which affected the protected health information (PHI) of less than 500 individuals, have until March 1, 2021 to submit their notification to the U.S. Dept. of Health & Human Services.
Read more »
-
CCPA 2.0 and the Changing Privacy Landscape, Part V: New & Expanded Consumer Rights Posted on: February 08, 2021 In: Data Privacy & CybersecurityThe newly-passed California Privacy Rights Act (CPRA) includes additional and expanded consumer rights not currently existing under the California Consumer Privacy Act (CCPA). This fifth installment in our series about the changes to the CCPA brought by the CPRA focuses on consumers’ new rights of correction and access to certain personal information and revisions to certain existing consumer rights in the CCPA, including rights to know (and access), deletion, non-discrimination, and rights for minors.
Read more »
-
CCPA 2.0 and the Changing Privacy Landscape, Part IV: Data Minimization & Retention Posted on: January 26, 2021 In: Data Privacy & CybersecurityThe fourth installment in our ongoing series about changes to the California Consumer Privacy Act (CCPA) focuses on the new data minimization and data retention requirements for subject businesses created by the passage of the California Privacy Rights Act (CPRA) on November 3, 2020. These provisions also obligate subject entities to implement business-wide internal policy changes to accommodate the possible need to change their data collection and retention policies before the CPRA is fully operative.
Read more »
-
Office of Foreign Assets Control Guidance on Ransomware Payments Posted on: January 21, 2021 In: Data Privacy & CybersecurityThe United States Department of Treasury’s Office of Foreign Assets Control (OFAC) is broadly tasked with administering and enforcing economic trade sanctions based on United States foreign policy and national security goals. On October 1, 2020, OFAC issued an “Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments” to companies providing services to victims of ransomware attacks.
Read more »
Blog Search
Featured Posts
Blog Tags
aba
alabama
arkansas
audit
bank secrecy act
biometric data
breach notification
california
canada
ccpa
client notification
colorado
congress
connecticut
consumer notification
consumer rights
coronavirus
covid-19
cpra
cryptocurrency
cyber insurance
cybersecurity
cyber threat
data breach
data privacy
data security
delaware
email
employment
encryption attack
equifax
eu
eu-u.s. data privacy shield
eu-u.s. privacy shield
european union
executive order
fbi
fcra
federal trade commission
fincen
fraud
ftc
gdpr
hacking
healthcare
hhsocr
hipaa
holiday season
hssocr
human resources
identity theft
illinois
incident response
information security
investigations
irs
legislation
legislative alert
malware
managed service providers
maryland
massachusetts
maze
microsoft exchange servers
microsoft office 365
multi-factor authentication
multi-factor identification
new jersey
new mexico
new york
ninth circuit
nist security controls
opt out
personal data
personal information
phishing
privacy act
protected health information
ransomware
regulations
ryuk
social engineering
social media
spear-phishing
spokeo
state-sponsored
statute
subpoenas
supreme court
tax returns
utah
video-teleconferencing
virginia
w2
washington
websites
wire transfers
workplace policy
zero-day
zoom