Publications
-
02.07.2024FTC Brings First Standalone Section 5 Unfairness Claims for Unreasonable Data Retention and Inaccurate Breach NoticeUpdatesOn February 1, 2024, the Federal Trade Commission announced a complaint and proposed consent order against Blackbaud, Inc. concerning a 2020 data security incident that included a ransomware demand and payment.
-
10.09.20232023 Breach Notification Law Update: Changes to Notification and Security Requirements Continue at State and Federal LevelsUpdatesA flurry of legislative activity over the past year has brought meaningful changes to a variety of privacy and security provisions in state and federal law. At the state level, as in 2022, we have seen a handful of changes to generally applicable breach notification statutes, along with action on both narrower security provisions and broader omnibus privacy laws.
-
09.26.2023A Potential Look Into the Future: California Issues First Draft of Cybersecurity Audit and Risk Assessment RegulationsUpdatesThe Board of the California Privacy Protection Agency held its first meeting since July on Friday, September 8, 2023, and discussed the first public draft of cybersecurity audit regulations and risk assessment regulations. While the CPPA Board expressly announced that the drafts were for board meeting discussion purposes and has not started the formal rulemaking procedures yet, the first public drafts of the regulations provide a roadmap for where the CPPA Board may likely go, and the draft regulations would impose new and detailed compliance requirements.
-
03.23.2023Sector-Based Cybersecurity Requirements for Critical Infrastructure, From Our Water Systems to the SkiesUpdatesCritical infrastructure companies should expect substantial new federal cybersecurity requirements based on the National Cybersecurity Strategy that President Biden announced on March 2, 2023. After the Administration announced the Strategy, the EPA released a memorandum addressing cybersecurity in public water systems and TSA released an aviation cybersecurity amendment.
-
02.10.2023New TSA Rail Cybersecurity Rule Shows Trend Toward Prescriptive MandatesUpdatesthe Transportation Security Administration issued a new security directive to enhance cybersecurity preparedness and resilience for designated passenger and freight railroads.
-
02.07.2023Almost There and Starting Again: CPPA Votes To Finalize Regulations and Launches Round TwoBlogsThe Board of the California Privacy Protection Agency (CPPA) approved a rulemaking package covering Sections 7000–7304 of their draft regulations on February 3, 2023.