On March 9, 2023, the Securities and Exchange Commission (“SEC”) announced that Blackbaud Inc. (“Blackbaud”) agreed to pay $3 million to settle charges for alleged misleading disclosures about its 2020 ransomware attack and for alleged disclosure control failures.1
Blackbaud, a South Carolina-based company that provides data management software to colleges, universities, and non-profit organizations,
The Biden administration released its National Cybersecurity Strategy (“Strategy”) on March 2, 2023.1 The Strategy builds on previous policy actions by the Biden administration that sought to strengthen cybersecurity in critical infrastructure and protect personal data, including through regulatory action, government procurement requirements, and an emphasis on software security. The Strategy calls for (1)
On 13 December 2022, the European Commission published its draft adequacy decision for EU-U.S. data transfers. The draft decision follows the EU-U.S. announcement of an agreement on a new EU-U.S. Data Privacy Framework (“DPF”) in March 2022 as well as the Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities (“Executive Order”) signed
On October 7, 2022, President Biden signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities,1 which is intended to implement U.S. commitments under the Trans-Atlantic Data Privacy Framework (DPF) announced in March 2022. With the new executive order, the Biden administration aims to strengthen the legal foundation for trans-Atlantic
On September 15, 2022, President Biden issued an executive order (the “Order”) to provide further detail and expand on the factors that the Committee on Foreign Investment in the United States (“CFIUS”) uses to evaluate whether a foreign investment provides a risk to US national security. The Order1 is the first executive order to
On August 11, 2022, the Federal Trade Commission (FTC) voted 3-2 on partisan lines to file an Advance Notice of Proposed Rulemaking (ANPR) that would regulate the protection of consumers’ privacy and data security in a rulemaking titled “Trade Regulation Rule on Commercial Surveillance and Data Security.”
The release of this ANPR—in the midst of
In this episode of our Ukraine Crisis video series, Amy Jacks (Restructuring partner, London) asks Rajesh De (Global Head of Cybersecurity & Data Privacy, and member of the firm’s global Management Committee) ten key questions on cybersecurity.
Raj discusses how recent hostilities in Ukraine have contributed to the increase in the scope, scale and severity
On May 26, 2022, the US Department of Commerce’s Bureau of Industry and Security (“BIS”) published a final rule revising the restrictions on the export, reexport and transfer (in-country) of certain “cybersecurity items” used for malicious cyber activities (“final rule”). Effective immediately upon publication, the final rule amends the October 21, 2021, interim final rule
On May 6, 2022, the US Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) designated crypto mixer Blender.io as a Specially Designated National (“SDN”), marking the first time a virtual currency mixer has been sanctioned. The move is the latest in a series of sanctions designations and enforcement actions in the virtual currency
Strengthening the nation’s cybersecurity has been a top priority for the Biden administration, as reflected in its collaboration with industry, regulatory actions, and the legislation it has supported in Congress, including the Cyber Incident Reporting for Critical Infrastructure Act of 2022. Executive action has been a key tool in the Biden administration’s cyber policymaking toolkit.