Data Privacy & Cybersecurity Blog Posts From April 2019

• Blog: Legislative Alert: Arkansas Amends Personal Information Protection Act
  Date: April 29, 2019 Title: Legislative Alert: Arkansas Amends Personal Information Protection Act
  Summary: On April 15, 2019, Arkansas Governor Asa Hutchinson signed House Bill 1943 into law (now referred to as Act 1030), amending the Personal Information Protection Act, Arkansas Code § 4-110-101 et seq. Act 1030 expands the definition of “personal information” as used in the Personal Information Protection Act and also introduces key new requirements that relate to data breach notification. ...
• Blog: Digital Forensic Experts are a Resource for IT Professionals
  Date: April 23, 2019 Title: Digital Forensic Experts are a Resource for IT Professionals
  Summary: One of the best qualities an information technology (IT) professional can possess is the tenacity to fully troubleshoot and resolve system issues as they occur. Unfortunately, that same drive and sense of urgency to gather relevant facts and to restore inoperable systems as quickly as possible can create issues for the necessary digital forensic investigations following a data security incident. ...
• Blog: Utah Requires Warrant for Law Enforcement Access to Certain Types of Data
  Date: April 12, 2019 Title: Utah Requires Warrant for Law Enforcement Access to Certain Types of Data
  Summary: On March 27, 2019, Utah Governor Gary Herbert signed House Bill (HB) 57 – known as the Electronic Information or Data Privacy Act – into law, making Utah the first state to protect information that individuals have shared with certain third parties.  Among its provisions, HB 57 states that, effective May 14, 2019, law enforcement may not generally obtain certain types of “electronic information or data” for use in a criminal investigation or prosecution without first obtaining a search warrant....
• Blog: Virginia & Utah Amend Data Breach Statutes
  Date: April 09, 2019 Title: Virginia & Utah Amend Data Breach Statutes
  Summary: On March 18, 2019, the commonwealth of Virginia enacted House Bill (HB) 2396, amending the commonwealth’s data breach notification statute. Specifically, HB 2396 expanded the commonwealth’s definition of “personal information” sufficient to trigger a notification obligation following a data security incident. Effective July 1, 2019, “personal information” will be defined to include both passport number and military identification number in addition to those data sets that were previously regulated....
• Blog: Improving Your Office365 Security Posture to Stop Phishing at Email’s Shores
  Date: April 03, 2019 Title: Improving Your Office365 Security Posture to Stop Phishing at Email’s Shores
  Summary: Phishing attacks and other email compromise schemes are not just an annoyance in the modern workspace. A successful email compromise can allow malicious actors to intrude into an organization’s enterprise email accounts, expose sensitive data contained in users’ inboxes, and give cyber criminals the ability to successfully impersonate an employee to others within and without the organization by using the employee’s own email account....
• Blog: The Financial Fraud Kill Chain: Combatting Fraudulent Money Transfers
  Date: April 02, 2019 Title: The Financial Fraud Kill Chain: Combatting Fraudulent Money Transfers
  Summary: Businesses are constantly targeted by criminals attempting to gain access to information that will allow them to fraudulently divert wire transfers. This often occurs after the criminal has conducted sufficient reconnaissance to determine who likely has an occupational role to approve or initiate wire transfers. The employee will then be targeted – often a financial executive like a Chief Financial Officer – and their email account will be compromised. But this can be prevented....