Cybersecurity

Consumer Data Privacy Laws: What’s Happened and What Comes Next

By Michael Guggenheim on August 9, 2023

Increasing oversight of tech companies, particularly in the realm of consumer privacy, has been a rare example of bipartisan agreement. Despite data privacy being a growing concern for consumers, however, there has been relatively little federal policymaking. To counteract this lack of action, some states have stepped in to fill…

SEC Revisits Regulation S-P After Twenty Years of Innovation to Information Technology

By Nolan Goldberg, Ryan P. Blaney, Robert E. Plaze, Robert Pommer, Robert Sutton & Mark S. Audet on April 4, 2023

On March 15, 2023, the U.S. Securities and Exchange Commission (“SEC”) released its proposal to amend Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information (the “Proposed Amendments”), while simultaneously issuing two additional cybersecurity-related rule proposals and re-opening the comment period for its previously proposed cybersecurity risk management…

2022 Trends in Privacy and Data Security Law

By Jonathan Mollod & Jeffrey Neuburger on March 16, 2023

As the National Security Agency (NSA) noted in its 2022 cybersecurity yearly review, “[c]yberspace is dangerous.”

Reports of sophisticated cyberattacks and ransomware threats were prevalent in the past year. The government, manufacturers, and others further developed standards for securing digital infrastructure like 5G, cloud services, cryptography, internet protocols, and…

Shining a Light on the Corporate Transparency Act: FinCEN’s Rules for Beneficial Ownership Reporting

By Andrew Bettwy, Ryan P. Blaney, Stephanie Heilborn, Jeffrey A. Horwitz, Seetha Ramachandran, Yuval Tal, Elanit Snow, Amy Gordon & Portia Proctor on January 18, 2023

On January 1, 2021, Congress enacted the Corporate Transparency Act as part of the Anti-Money Laundering Act of 2020 to “better enable critical national security, intelligence, and law enforcement efforts to counter money laundering, the financing of terrorism, and other illicit activity.” FinCEN issued the final rule on Beneficial Ownership…

Travelling outside the EU: French Data Protection Authority Publishes a Checklist to Secure Phones and Laptops

By Mathilde Pépin on December 16, 2022

Amid fresh fears about data protection, on November 14th, France’s data protection authority, the Commission Nationale de l’Informatique et des Libertes (CNIL) published a checklist of recommended actions travellers should take to secure phones, computers and tablets when travelling outside the European Union.

Read the full article on International Employment

Paying the Ransom in Response to a Ransomware Attack can Sometimes Backfire

By Nolan Goldberg & Margaret Ukwu on December 2, 2022

One of the key decisions that needs to be made in the aftermath of a successful ransomware attack is whether or not the victim organization can or should pay the ransom. Of course, there are many considerations that go into such a decision – for example, whether the payment is…

SolarWinds: A Lesson on How Companies Victimized by Data Breaches Can Quickly Become the Target of Litigation and Regulatory Investigations

By Margaret A. Dale, Nolan Goldberg & Michelle M. Ovanesian on November 16, 2022

In 2020, SolarWinds Corp., a company that provided information technology software to private and government entities, was the victim of a cybersecurity breach. Russian hackers are believed to have slipped malicious code into a SolarWinds software product called Orion, which was then used to infect, and in certain cases, compromise…

Held to Ransom: How Cyberattacks Can Become a Legal and Regulatory Odyssey for a Private Investment Fund

By Ryan P. Blaney, Margaret A. Dale, Dorothy Murray, Todd J. Ohlms & Jonathan M. Weiss on September 22, 2022

Where business-critical information or platforms are at stake, many commercial parties will seriously consider immediately paying the ransom hoping to regain control of operations, secure client data and avoid continued business disruption and negative publicity. However, businesses may wish to pause. Cyberattacks, by their very nature, know no borders and…

Proskauer on Privacy