The FTC recently reported that over $650 mm worth of cryptocurrency was stolen by hackers last year. Thus far, over $320 mm in cryptocurrency has been stolen by hackers this year. Not surprisingly, this surge in crypto breaches has led to litigation. In our monthly webcast series, Ballard partners Phil Yannella, Greg Szewczyk and
Unpacking the FTC’s Recent Blog Post Regarding Breach Notification
The Federal Trade Commission (FTC) recently issued a blog post stating that a failure to disclose a data breach may be a violation of Section 5 of the FTC Act. The May 20 blog post, titled Security Beyond Prevention: The Importance of Effective Breach Disclosures, explained that in some instances, the FTC Act
Cyber Incident Reporting for Critical Infrastructure Act Becomes Law
On March 15, 2022, President Joe Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), which increased funding for the federal Cybersecurity and Critical Infrastructure Agency (CISA) and outlined new rules and requirements for companies and organizations to follow.
Notably, CIRCIA requires owners and operators of critical infrastructure to report cyber
Predictions for Privacy & Data Security in 2022
2021 proved to be a momentous year for privacy and data security law. The scourge of ransomware continued last year, leading to record-setting ransomware payments, a muscular response from the federal government, a hardening insurance market, and significant corporate anxiety. Two more U.S. states passed comprehensive data privacy laws in 2021. The FTC was very active, issuing new guidance for artificial intelligence (AI), publishing revisions to the GLBA Safeguards Rule, and bringing new enforcement actions. The U.S. Supreme Court issued a number of opinions that had the effect of narrowing the scope of key privacy statutes while biometric litigation in Illinois exploded. The European Commission promulgated new rules for cross-border transfers, and U.S. state regulatory enforcement activities ramped up.
Continue Reading Predictions for Privacy & Data Security in 2022
Federal Financial Regulators Tighten Timelines for Reporting Ransomware Attacks
As anticipated, the Department of the Treasury’s Office of the Comptroller of the Currency (“OCC”), the Board of Governors of the Federal Reserve System (“Federal Reserve”), and the Federal Deposit Insurance Corporation (“FDIC”) recently approved and released the Final Rule Requiring Computer-Security Incident Notification (“Final Rule”). This Final Rule is designed to promote early awareness and stop computer security incidents before they become systemic. It places new reporting requirements on both U.S. banking organizations, as well as bank service providers.
Continue Reading Federal Financial Regulators Tighten Timelines for Reporting Ransomware Attacks
FTC Guidance Affirms Breach Notification Obligations for Health Apps and Connected Devices
On September 15, 2021, the Federal Trade Commission (“FTC”) issued a policy statement affirming the applicability of its Health Breach Notification Rule (the “Rule”), 16 CFR Part 318, to health apps and connected devices that are not subject to the Health Insurance Portability and Accountability Act (“HIPAA”) but are capable of drawing information from multiple sources.
Continue Reading FTC Guidance Affirms Breach Notification Obligations for Health Apps and Connected Devices
Another Federal Court Orders Production of Data Breach Forensic Report
Following in the footsteps of the Eastern District of Virginia’s Capital One decision last year and the District of D.C.’s Clark Hill decision earlier this year, the Eastern District of Pennsylvania has just ordered the production of a data breach forensic report and related communications. In re Rutter’s Data Sec. Breach Litig., No. 1:20-CV-382,
Ballard Spahr Partner, Phil Yannella, Authors Book on Data Breach and Privacy Litigation
Phil Yannella, Ballard Spahr litigation partner and Practice Leader of Ballard’s Privacy & Data Security Group, recently authored a treatise on data breach and privacy litigation. The book, Cyber Litigation: Data Brach, Data Privacy & Digital Rights, is published by Thomson Reuters and is available now for purchase.
Continue Reading Ballard Spahr Partner, Phil Yannella, Authors Book on Data Breach and Privacy Litigation
President Biden’s Cybersecurity Executive Order Has Implications for the Private Sector
On May 12, 2021, President Joe Biden issued an Executive Order to implement new policies aimed at strengthening the nation’s cybersecurity. The Executive Order was issued in response to the recent SolarWinds, Microsoft Exchange, and Colonial Pipeline cybersecurity incidents, which were, according to the White House, “a sobering reminder that U.S. public and private sector entities increasingly face sophisticated malicious cyber activity from both nation-state actors and cyber criminals.”
Continue Reading President Biden’s Cybersecurity Executive Order Has Implications for the Private Sector
Second Circuit Ruling Clarifies When Data Breach Plaintiffs Have Adequately Plead Article III Standing
In a thoughtful opinion that diverges from how other circuit courts have addressed the issue, the Second Circuit recently issued a ruling clarifying the circumstances when data breach plaintiffs can rely on fear of identity theft to establish Article III standing.
Continue Reading Second Circuit Ruling Clarifies When Data Breach Plaintiffs Have Adequately Plead Article III Standing