Litigation and legal developments concerning data breaches.
From HHS OCR: In recognition of National Cybersecurity Awareness Month, OCR has produced a new video this October for organizations covered under the HIPAA Rules on how the HIPAA Security Rule can help regulated entities defend against cyber-attacks. The video is available in English and Spanish. This presentation is intended to educate the health care […]
GovTech reports: Colorado House Republican leaders on Monday called for an investigation into why Colorado’s higher education agency allegedly failed to timely report a massive data breach this summer. In a two-page letter hand-delivered to Gov. Jared Polis and Attorney General Phil Weiser, five state representatives also urged an inquiry into why thousands potentially affected […]
Eric Geller reports: The Biden administration and dozens of foreign allies will pledge this week never to pay ransoms to hackers who lock up their national governments’ computer systems, hoping to discourage financially motivated cyber criminals from seeing those systems as attractive ransomware targets. The joint promise will occur as part of the third annual […]
October 2023 marks the 20th anniversary of the effective date of the Gramm-Leach-Bliley Safeguards Rule. Its purpose then – and its purpose now – is to protect consumers by requiring entities covered by the Rule to “develop, implement, and maintain reasonable administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer […]
Hunton Andrews Kurth writes: On October 8, 2023 and October 10, 2023, California Governor Gavin Newsom signed A.B. 947, A.B. 1194, S.B. 362 and S.B. 244 into law. A.B. 947 amends the California Consumer Privacy Act of 2018’s (“CCPA”) definition of “sensitive personal information” to include personal information that reveals a consumer’s “citizenship or immigration status,” while A.B. 1194 amends the […]
Don Nokes of NetCenergy, an outsourced IT service provider, explains the emerging threat and provides this example: Once the bad actors learn (possibly from first hacking a firm’s email) that a financial transaction is taking place, they send an AI-generated voice message to confirm where to send the funds. The fund transferer hears the familiar […]
In October 2023, Perkins & Coie published an update to existing federal breach notification laws. They write: Following last year’s passage of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) (rulemaking for which should formally commence in 2024), the major action on the federal front this year came from the SEC, which formalized disclosure […]
In October 2023, Perkins & Coie published an update to state laws for data security requirements: In addition to revisions to breach notification statutes, states are making a variety of changes to substantive data security obligations. Changes applicable to private companies include: For details on the above, see the Perkins & Coie article on their […]
In October 2023, Perkins Coie published an update to existing state breach notification laws. Pennsylvania The first major update to Pennsylvania’s Breach of Personal Information Notification Act was passed earlier this year. The updates include a range of changes consistent with those adopted in other states in the last several years, so these updates are unlikely […]
As seen on Bloomberg Law: A new US notification requirement for victims of malicious hacks could push in-house counsel to disclose cyberattacks when faced with ransomware and other network compromises. Among the first-ever cyber regulations to be enforced by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the top US cyber authority, the […]
