Category: Compliance, Risk & Strategy

The Department of Health and Human Services Issues Guidelines on Cybersecurity

On December 28, 2018, the U.S. Department of Health and Human Services (“HHS”) released the “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” publication (the “Cybersecurity Guidelines”), which provides voluntary cybersecurity practices designed to reduce security risks and improve security for various healthcare organizations. Specifically, the Cybersecurity Guidelines […]

“New” Application to an Old Problem: Pennsylvania Supreme Court’s Ruling Likely to Lead to More Cybersecurity Negligence Lawsuits

Pennsylvania’s Supreme Court (“Court”) cleared a path for employees seeking to hold employers responsible for data breaches affecting their information.  The Court found that employers are legally obligated to implement and maintain reasonable security measures to protect employees’ personal data in their possession.  The Court’s logic, however, may extend beyond […]

California Regulates Online Bots

Citing the proliferation of online bots used to deceive consumers and influence voters, the California legislature recently passed the nation’s first law directly regulating online bots.  Enacted on September 28, 2018, SB 1001  prohibits use of online bots in a deceptive or misleading manner for certain commercial or political purposes.  […]

SEC Poised to Ramp up Cybersecurity Enforcement

On October 16, 2018, the Securities and Exchange Commission (SEC) issued an investigative report signaling its intent to use sections 13(b)(2)(B)(i) and (iii) of the Securities Exchange Act of 1934 (the “Exchange Act”) to pursue enforcement actions against public companies that fail to tailor their internal controls to evolving cyber […]

Brazil’s New Data Protection Law: The LGPD

The global data protection landscape continues to evolve, and Brazil is the latest country to enact an omnibus law governing how organizations collect, use, disclose and otherwise process personal data. Beginning on February 15, 2020, Brazil’s data protection law, Lei Geral de Proteção de Dados (LGPD) (unofficial English translation available […]

The Evolution of Mirai Botnet Source Code Presents Increased Risk of Large-Scale DDoS Attacks

Over the past few years, several major distributed denial-of-service (“DDoS”) attacks took place, including a major event affecting the domain name service provider Dyn, which caused outages and slowness for a number of popular sites, including Amazon, Netflix, Reddit, SoundCloud, Spotify, and Twitter. However, since several of these large, highly-publicized attacks occurred in 2016, […]

GDPR and AML – a perfect pair?

The General Data Protection Regulation (GDPR) has been one of the most highly anticipated and talked about changes to the legal sphere in years, affecting the vast majority of businesses and individuals alike. The primary focus to date has been on the implementation deadline of 25 May 2018 and the […]

Ohio Enacts Liability “Safe Harbor” for Entities That Maintain Specified Cybersecurity Programs

On August 3, 2018, Ohio Governor John R. Kasich announced that he signed Substitute Senate Bill 220 (“SB 220” or “Bill”) that, in part, affords a litigation “safe harbor” to covered entities that implement, maintain, and comply with specified cybersecurity programs. Covered entities, e.g., businesses, sued after a data breach […]

FAQs on the California Consumer Privacy Act of 2018 – Part 2a: The CCPA Rights

In our next two FAQ installments on the California Consumer Privacy Act of 2018 (“CaCPA” or “Act”), we will focus on the individual rights established by the CaCPA, including the right to: Know what personal information is being collected about the consumer Know whether the consumer’s personal information is sold […]

FAQs on the California Consumer Privacy Act of 2018 – Part 1: The Basics

On June 28, 2018, the California Legislature passed Assembly Bill 375 and enacted the California Consumer Privacy Act of 2018 (the “CaCPA” or the “Act”). The Legislature rushed the bill through in order to preempt a more stringent privacy initiative from appearing on the November ballot, which if passed would have been […]