On October 25, 2023, the Cybersecurity and Infrastructure Security Agency (“CISA”) and the Department of Health and Human Services (“HHS”) released a cybersecurity toolkit containing resources and information that organizations in the healthcare and public health (HPH) sector can utilize to reduce their cyber risk.
Oregon Passes Privacy Law With Narrow Financial Institution Exemption
Oregon has joined 10 other states in enacting a comprehensive data privacy law.1 On July 18, 2023, Governor Tina Kotek signed the Oregon Consumer Privacy Act (the “Oregon Privacy Law”) into law. The law imposes a range of new data privacy requirements on non-exempt controllers and processors of Oregon consumer personal data. The Oregon
White House Releases National Cybersecurity Strategy
The Biden administration released its National Cybersecurity Strategy (“Strategy”) on March 2, 2023.1 The Strategy builds on previous policy actions by the Biden administration that sought to strengthen cybersecurity in critical infrastructure and protect personal data, including through regulatory action, government procurement requirements, and an emphasis on software security. The Strategy calls for (1)
UK Cybersecurity and Incident Response – The Outlook for 2023
Following on from our alert in relation to technology, data privacy, cybersecurity and IP legal developments to look out for in 2023, this update outlines some of the potential developments and trends in the UK cyber incident response landscape for 2023.
Increased litigation risk for cyber breach victims – the Information Commissioner’s Office begins naming
State Privacy Law Roundup: Recent Developments in California and Colorado
There has been a whirlwind of activity over the past year as states enact and implement comprehensive consumer privacy laws. Starting with the passage of the California Consumer Privacy Act (CCPA) in 2018, which became effective in 2020, the US state privacy legal landscape has continued to develop rapidly. New comprehensive privacy frameworks are set
Webinar: Cyber Spotlight: Ransomware 3.0 War Stories – Triple Extortion, Sanctions Risks, and Best Practices from the Trenches
Ransomware attacks continue to cause serious disruption to organizations and show no signs of slow-down. What starts as a security failure quickly becomes a serious business risk, requiring decision-making at the board level. Our speakers will touch on various legal and technical factors impacting a company’s response to a ransomware attack and provide practical advice
President Biden Signs Executive Order on U.S. Intelligence Activities to Implement EU-U.S. Data Privacy Framework
On October 7, 2022, President Biden signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities,1 which is intended to implement U.S. commitments under the Trans-Atlantic Data Privacy Framework (DPF) announced in March 2022. With the new executive order, the Biden administration aims to strengthen the legal foundation for trans-Atlantic
HIPAA Privacy Concerns Post-Dobbs
The United States Supreme Court recently issued its decision in Dobbs v. Jackson Women’s Health Org., ––– U.S. –––, 2022 WL 2276808 (2022), overturning Roe v. Wade, 410 U.S. 113 (1973), and Planned Parenthood of Southeastern Pennsylvania v. Casey, 505 U.S. 833 (1992). In holding that the U.S. Constitution does not protect
Happy EOnniversary: One Year of Action Since President Biden’s Cybersecurity Executive Order
Strengthening the nation’s cybersecurity has been a top priority for the Biden administration, as reflected in its collaboration with industry, regulatory actions, and the legislation it has supported in Congress, including the Cyber Incident Reporting for Critical Infrastructure Act of 2022. Executive action has been a key tool in the Biden administration’s cyber policymaking toolkit.
Filing Instructions Released for New US Bank Incident Reporting Requirement
On March 29, 2022, the US federal banking regulators released instructions on how financial institutions should comply with recently adopted computer-security incident notification requirements.1 These instructions will assist financial institutions in satisfying their obligations under the new requirements once compliance is required on May 1, 2022.