2fa accounting firms alabama american bar association arkansas audit biometric data bipa breach notification business-to-business california ccpa client notification colorado congress consent order consumer notification coronavirus covid-19 cpra critical security controls cryptocurrency cryptojacking cybersecurity cyber threat data breach data privacy data security department of treasury digital forensics email employment equifax eu eu-u.s. privacy shield european parliament european union executive order fbi fcra federal trade commission fines fraud gdpr genetic information privacy act hacking healthcare hhsocr hipaa holiday season human resources identity theft illinois information security irs it legislation legislative alert malware managed service providers maryland microsoft office 365 model law modlishka multi-factor authentication multi-factor identification naic nevada new jersey new mexico new york ninth circuit nist security controls office of foreign assets control oregon personal data personal information phishing pipeda protected health information ransomware regulations school social engineering social media south dakota statute students supervisory authorities supreme court tax returns utah vermont video-teleconferencing virginia w2 washington websites workplace policy zoom