As we previewed in our prior Legal Update, the Federal Trade Commission (“FTC”) warned businesses of its stance on the use and collection of biometric information in a May 2023 policy statement. Now, an enforcement action filed earlier this week offers insight into the potential consequences for businesses that do not comply with the
Enforcement
Blackbaud Inc. to Pay $3 Million to SEC for Alleged Misleading Disclosures in 2020 Ransomware Attack
On March 9, 2023, the Securities and Exchange Commission (“SEC”) announced that Blackbaud Inc. (“Blackbaud”) agreed to pay $3 million to settle charges for alleged misleading disclosures about its 2020 ransomware attack and for alleged disclosure control failures.1
Blackbaud, a South Carolina-based company that provides data management software to colleges, universities, and non-profit organizations,…
US Securities and Exchange Commission Increases Focus on Cybersecurity
This past summer’s string of cyber enforcement actions signals that cybersecurity has become a top priority for the US Securities and Exchange Commission (“SEC”). These enforcement actions highlight the SEC’s scrutiny of written documentation and disclosures following incidents. In this National Cybersecurity Awareness Month Legal Update, we discuss the SEC’s recent cyber enforcement actions, as…
US DOJ Describes Approach and Target Areas for the Civil Cyber-Fraud Initiative Directed at Federal Contractors and Grantees
In remarks on October 13, 2021, at the Cybersecurity and Infrastructure Security Agency (“CISA”) National Cybersecurity Summit, Acting Assistant Attorney General Brian Boynton fleshed out the Department of Justice’s (“DOJ”) thinking regarding the nature of the cybersecurity failures that are likely targets for potential False Claims Act (“FCA”)1 enforcement under the Civil Cyber-Fraud Initiative…
Cyber Attack Victims Face One-Two Punch as SEC Ramps Up Enforcement Actions
Heightened Cyber False Claims Risk: New DOJ Approach to US Government Contractor and Federal Grantee Cybersecurity Enforcement
On October 6, 2021, the US Department of Justice (DOJ) announced a new initiative to address cyber-fraud and that focuses on government contractors. Specifically, DOJ has launched a “Civil Cyber-Fraud Initiative” (Initiative), which will combine DOJ’s “expertise in civil fraud enforcement, government procurement and cybersecurity to combat new and emerging cyber threats to the security…
US Enforcement and Cybersecurity Outlook for Oil and Gas Companies
Oil and gas companies should anticipate a more vigorous enforcement environment during President Biden’s term, with anti-corruption and sanctions enforcement expected among some of the key areas of focus. In addition, companies should expect close scrutiny of the industry’s management of cyber risks, along with increased regulatory and litigation risk.
To help you navigate the…
UK ICO to Begin Formal Enforcement Action Against the Adtech Industry
In June 2019, the UK Information Commissioner’s Office (“ICO“) produced a report on the advertising industry’s use of adtech and real time bidding (“RTB“) and whether UK data protection and e-marketing legislation was being complied with. The report criticised parts of the sector for not doing enough to safeguard personal data,…
SEC Brings First Enforcement Action Under the Identity Theft Red Flags Rule
On September 26, 2018, the US Securities and Exchange Commission (“SEC”) brought and settled charges against a registered broker-dealer/investment adviser (the “Registrant”) for allegedly violating the Gramm-Leach-Bliley Act Safeguards Rule (Regulation S-P) and the Identity Theft Red Flags Rule (Regulation S-ID).1 The Registrant allegedly violated the SEC’s rules by failing to implement appropriately designed…
11th Circuit Sides with LabMD in Challenge to FTC Data Security Enforcement Action
On June 6, 2018, the US Court of Appeals for the Eleventh Circuit ruled in favor of LabMD in the medical testing company’s closely watched challenge to the Federal Trade Commission’s (“FTC”) data security enforcement action. While assuming that the FTC was correct that LabMD’s allegedly unreasonable security practices constituted an unfair act or practice…