U.S. Commerce Department Proposes Expansion of Information and Communications Technology and Services Review Process
On November 26, 2021, the U.S. Department of Commerce (Commerce) issued a notice of proposed rulemaking (Proposed Rule) implementing Executive Order 14034 on Protecting Americans’ Sensitive Data from Foreign Adversaries (EO 14034). The Proposed Rule would bring “connected software applications” into the scope of Commerce’s authority to review certain transactions … Read More
A Software Primer For Attorneys After Cyber Executive Order
When President Joe Biden issued his major cybersecurity executive order on May 12, a White House press briefing said the order would invoke:
“the power of federal procurement to say, “If you’re doing business with us, we need you to practice really good — really good cybersecurity. And, most importantly, … Read More
The U.S. Federal Government Continues Its Focus on Ransomware Attacks: CISA, FBI, and NSA Publish Technical Advisory on the Conti Group
On September 22, 2021, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) published a cybersecurity advisory (the “Advisory”) outlining the Conti ransomware group’s tactics, techniques, and procedures (“TTPs”) to help companies protect against their attacks. This Advisory is especially … Read More
Federal Government Interest in Cyber Continues: Congressional Hearings on the Colonial Pipeline Cyberattack
On May 7, 2021, Colonial Pipeline experienced a ransomware cyberattack on its corporate network. This attack, attributed to the DarkSide hacking group, led the company to temporarily halt the operation of its pipeline network—causing fuel shortages throughout the East Coast. Although highly publicized, the Colonial Pipeline cyberattack is not unique. … Read More
In Landmark Case, Illinois Supreme Court Sets Low Bar For Claims Under Illinois’ Biometric Information Privacy Act
On January 25, 2019, the Illinois Supreme Court unanimously held that a plaintiff does not need to allege any actual injury or damages to successfully state a claim under the Illinois Biometric Information Privacy Act (BIPA). Rosenbach v. Six Flags Entertainment Corp., 2019 IL 123186 (Jan. 25, 2019) (a … Read More
EDPB Issues Long-Awaited Guidance on Territorial Scope of the GDPR
On November 23, 2018, the European Data Protection Board (“EDPB”) published draft guidelines seeking to clarify the territorial scope of the GDPR (“Guidelines”). The Guidelines have been eagerly awaited, particularly by controllers and processors outside of the EU looking for confirmation as to whether or not the EU data protection … Read More
Senate Hearing on Federal Privacy Law: Question is Not Whether But What Form
On September 26, the Senate Commerce Committee invited tech and telecom companies to the Hill to discuss safeguards for consumer data privacy. “The question,” noted Chairman John Thune, “is no longer whether we need a federal law to protect consumers’ privacy. The question is what shape that law should take.” … Read More
Movement Towards a Comprehensive U.S. Federal Privacy Law: Witnesses Prepare to Testify in Senate Hearing
The last six months have been busy ones for privacy watchers, with the entry into force of the GDPR and the enactment and amendment of the California Consumer Privacy Act.
An increasing number of eyes are now turning to the U.S. Congress to see how it will react to these … Read More
South Carolina Becomes the First State to Enact the National Association of Insurance Commissioners (NAIC) Insurance Data Security Model Law
In October 2017, the National Association of Insurance Commissioners (NAIC) adopted an Insurance Data Security Model Law. According to NAIC’s news release announcing this development, the Model Law was meant to build on the organization’s cybersecurity progress and create a “platform that enhances our mission of protecting consumers.” (For more … Read More
SEC Issues New Guidance on Cybersecurity Disclosure Requirements
On February 21, 2018, the U.S. Securities and Exchange Commission issued interpretive guidance (the Guidance) to assist public companies in drafting their cybersecuritydisclosures in SEC filings. See 83 FR 8166 (Feb. 26, 2018). In his public statement accompanying the issuance of this guidance, SEC Chairman Jay Clayton said he believed … Read More