Blog
Latest "Data Privacy & Cybersecurity" Category Blog Posts
-
Blog: Data Privacy & Cybersecurity
Date: December 06, 2022
Title: Just In Time: Last Minute Compliance Tips for the CPRA and VCDPA
Summary: December is a busy time for businesses and individuals alike and the last thing anyone wants is more on their to-do list. However, we encourage organizations to take stock of their privacy program, and to pay particular attention to the new privacy laws that will become effective on January 1, 2023: the California Privacy Rights Act (CPRA) and the Virginia Consumer Data Protection Act (VCDPA). Businesses with operations in these states should assess whether the new laws apply to them and what to do next....
-
Blog: Data Privacy & Cybersecurity
Date: October 18, 2022
Title: White House Issues Executive Order on EU-U.S. Data Privacy Framework
Summary: On October 7, 2022, President Biden signed the “Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities,” which outlines the actions the United States will take to implement the commitments made under the European Union-U.S. Data Privacy Framework announced in March 2022. This is a welcome change for U.S. companies grappling with compliance requirements under the EU’s far-reaching data privacy law, the General Data Protection Regulation....
-
Blog: Data Privacy & Cybersecurity
Date: September 29, 2022
Title: California Legislature Takes Steps to Regulate Collection and Storage of Children’s Data
Summary: On September 15, 2022, California Governor Newsom signed the California Age-Appropriate Design Code Act (the Act). This Act, scheduled to go into effect July 1, 2024, is the first state law to require heightened standards for businesses’ collection and use of the personal information of California individuals under the age of 18. Currently the federal Children’s Online Privacy Protection Act (COPPA) protects data of minors who are under the age of 13....
-
Blog: Data Privacy & Cybersecurity
Blog: Banking & Finance
Date: September 20, 2022
Title: Wire Transfer Fraud – Can Funds Be Recovered?
Summary: Businesses are constantly targeted by criminals attempting to gain access to information that will allow them to fraudulently divert wire transfers. This fraud often occurs after the criminal has compromised the email account of someone in the company who can approve such transfers, taking over communications with customers and vendors. This exploit has become a multibillion-dollar criminal business model. But can those funds be recovered? And how can you protect yourself from such attacks?...
-
Blog: Data Privacy & Cybersecurity
Blog: Banking & Finance
Date: September 07, 2022
Title: The “September 6th Rule”: OFAC Consolidates Seven-Year Patchwork of Laws, Reissues Cyber-Related Sanctions Regulations
Summary: On September 6, 2022, without notice or opportunity for public comment, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) published a Rule – which took immediate effect – consolidating a seven-year patchwork of “Cyber-Related Sanctions Regulations.” The Rule did not revise any laws; it merely restated the U.S. government’s opposition to the provision of material support for malicious cyber-enabled activity originating outside the United States....
-
Blog: Data Privacy & Cybersecurity
Date: July 27, 2022
Title: SEC Proposes Rules to Increase Reporting About Cybersecurity Incidents
Summary: As outlined by the Securities and Exchange Commission (SEC) in its proposed changes to rules regarding disclosure of cybersecurity incidents, there has been a steady increase in cyberattacks, some of which have had devasting effects on businesses, consumers, and investors. The SEC proposal is premised on the belief that investors would benefit from more timely and consistent disclosure about material cybersecurity incidents and greater availability and comparability of disclosure by public companies....
-
Blog: Data Privacy & Cybersecurity
Date: July 07, 2022
Title: Privacy Protection Patchwork, Part V: How the California Privacy Rights Act Could Impact Your Business
Summary: The number of states enacting comprehensive privacy laws is growing, adding to the existing patchwork of privacy, security, and data breach notification laws that keep legal and compliance personnel busy. This five-part series will highlight key provisions in a few of the new comprehensive privacy laws and regulations. Each week we will examine laws in a new state and provide recommendations on what steps businesses should consider taking. In Part V, we discuss the California Privacy Rights Act....
-
Blog: Data Privacy & Cybersecurity
Date: June 28, 2022
Title: Privacy Protection Patchwork, Part IV: How the Connecticut Data Privacy Act Could Impact Your Business
Summary: The number of states enacting comprehensive privacy laws is growing, adding to the existing patchwork of privacy, security, and data breach notification laws that keep legal and compliance personnel busy. This five-part series will highlight key provisions in a few of the new comprehensive privacy laws and regulations. Each week we will examine laws in a new state and provide recommendations on what steps businesses should consider taking. In Part IV, we discuss the Connecticut Data Privacy Act....
-
Blog: Data Privacy & Cybersecurity
Date: June 27, 2022
Title: The “Follina” Vulnerability: Microsoft Support Diagnostic Tool Alert for Zero Day Exploit CVE-2022-30190
Summary: On May 30, 2022, Microsoft issued an alert regarding a vulnerability in its Microsoft Support Diagnostic Tool that can be exploited using Microsoft Office documents and results in the unauthorized installation of programs or access to data.The vulnerability evades common protections associated with Microsoft Office documents, requires minimal user interaction, and can be used by a remote attacker to execute arbitrary code, escalate privileges to fully take over a machine, or deploy additional malware....
-
Blog: Data Privacy & Cybersecurity
Date: June 24, 2022
Title: North Carolina Prohibits Ransom Payments by State and Local Government Agencies
Summary: North Carolina made national headlines recently as the first state to prohibit state agencies and local government entities from paying a ransom following an attack. But N.C. Gen. Stat. § 143-800 goes one step further, prohibiting those entities from even communicating with a threat actor following an attack....