2fa aba alabama arkansas audit banks bank secrecy act biometric biometric data breach notification california canada ccpa client notification colorado congress consumer notification consumer rights coronavirus covid-19 cpra cryptocurrency cyber insurance cybersecurity cyber threat data breach data privacy dataprivacy data security delaware department of financial services email employment encryption attack equifax eu eu-u.s. privacy shield european union executive order fbi fcra federal trade commission fincen forensic investigation fraud gdpr hacking healthcare hhsocr hipaa holiday season human resources identity theft illinois incident response information security irs it professionals legislation legislative alert m&a malware managed service providers maryland microsoft exchange servers microsoft office 365 multi-factor authentication multi-factor identification new jersey new mexico new york ninth circuit nist security controls office of foreign assets control opt out penalties personal data personal information phishing privacy privacy notification protected health information ransomware regulations scareware social engineering social media south dakota statute supreme court tax returns utah video-teleconferencing virginia w2 washington websites wire transfers workplace policy zoom