2021 proved to be a momentous year for privacy and data security law.  The scourge of ransomware continued last year, leading to record-setting ransomware payments, a muscular response from the federal government, a hardening insurance market, and significant corporate anxiety.  Two more U.S. states passed comprehensive data privacy laws in 2021.  The FTC was very active, issuing new guidance for artificial intelligence (AI), publishing revisions to the GLBA Safeguards Rule, and bringing new enforcement actions.  The U.S. Supreme Court issued a number of opinions that had the effect of narrowing the scope of key privacy statutes while biometric litigation in Illinois exploded.  The European Commission promulgated new rules for cross-border transfers, and U.S. state regulatory enforcement activities ramped up.
Continue Reading Predictions for Privacy & Data Security in 2022

As anticipated, the Department of the Treasury’s Office of the Comptroller of the Currency (“OCC”), the Board of Governors of the Federal Reserve System (“Federal Reserve”), and the Federal Deposit Insurance Corporation (“FDIC”) recently approved and released the Final Rule Requiring Computer-Security Incident Notification (“Final Rule”). This Final Rule is designed to promote early awareness and stop computer security incidents before they become systemic.  It places new reporting requirements on both U.S. banking organizations, as well as bank service providers.    
Continue Reading Federal Financial Regulators Tighten Timelines for Reporting Ransomware Attacks

The Administrative Office of the U.S. Courts (the “AO”) recently disclosed that it has initiated an investigation into an apparent compromise in security of the Judiciary’s Case Management/Electronic Case Files System (“CM/ECF”) as a result of vulnerabilities associated with SolarWinds Orion products.  The AO noted that it is currently working with the Department of Homeland

On December 14, 2020, the Federal Trade Commission (FTC) announced in a press release that it is issuing orders under the FTC’s authority in Section 6(b) of the FTC Act to the following nine social media and video streaming companies: Amazon.com, Inc., ByteDance Ltd. (which operates the short video service TikTok), Discord Inc., Facebook, Inc.,

On December 18, 2020, the Office of the Comptroller of the Current (OCC), Federal Reserve Board (FRB), and Federal Deposit Insurance Corporation (FDIC) announced an interagency notice of proposed rulemaking that would require supervised banking organizations to provide notification of significant computer security incidents to their primary federal regulator.  Under the proposed rule, for incidents

On November 17, 2020, H.R. 1668, the “Internet of Things Cybersecurity Improvement Act of 2020”, was unanimously passed by the Senate. The bill is now on its way to President Trump for signature or veto.

The bill would require the National Institute of Standards and Technology (“NIST”) and the Office of Management and Budget

The Cybersecurity Infrastructure Security Agency, Federal Bureau of Investigation, and Department of Health and Human Services have jointly posted an advisory to warn hospitals and other health care providers about the threat of malicious attacks on their information systems.  At least six hospitals across the United States were recently victimized by attacks using Trickbot malware

With the rise of the digital world, many estate planning clients have accumulated large collections of “digital assets” that are stored online. In its simplest form, a “digital asset” is a non-physical asset that exists online in electronic format. Most clients preserve digital assets either for their sentimental value or their financial value. Examples of