Category: Security



FTC Settlement with Zoom Concerning Alleged Data-Security Lapses

Share

On November 9, 2020, the United States Federal Trade Commission (FTC) announced that it had entered into a consent agreement, subject to final approval, with videoconferencing company Zoom Video Communications, Inc. (Zoom). The consent agreement settles allegations that Zoom engaged in a series of deceptive and unfair practices that undermined the security of its users. The Commission voted 3–2 to accept the settlement, with Commissioners Chopra and Slaughter voting no and issuing dissenting statements asserting that the FTC’s action did not go far enough.

While the FTC generally does not identify what triggers a law enforcement action, there have been many news articles and a number of class actions filed in connection with Zoom’s data-security practices over the past six months that likely led to this action.

Continue reading

European Data Protection Board Issues New Recommendations for International Data Transfers: Essential Guarantees, Supplemental Measures, and False Warrant Canaries

Share

A pair of highly anticipated guidance documents outline the European Data Protection Board’s (EDPB) expectations for organizations transferring data out of the EU. While the detailed process for evaluating data transfers brings welcomed guidance and clarity, some aspects of the EDPB’s framework present significant obstacles for those working with non-EU service providers or moving data for routine business purposes.

For the full alert, visit the Faegre Drinker website.

Marriott Cyberattack Fine Reduced as ICO Shifts Penalty Policy

Share

More than two years after receiving a massive initial fine, hotel chain Marriott International, Inc. reduces a cyberattack penalty by more than 80%. A shift in the United Kingdom’s Information Commissioner’s Office (ICO) calculation policy, along with other mitigating factors, led to the significant decrease. While the ICO reinforces the importance of responsibilities of data controllers in managing sophisticated cyberattacks, this latest development marks a continued shift away from turnover-centric penalty policies.

For the full alert, visit Faegre Drinker’s website.

Multiple Federal Agencies Jointly Warn of Increased and Imminent Cybercrime Threat to U.S. Hospitals and Healthcare Providers

Share

On October 28, 2020, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) issued a Joint Cybersecurity Advisory warning of “an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” The agencies collectively warned that “malicious cyber actors are targeting the Healthcare and Public Health (HPH) Sector with Trickbot malware, often leading to ransomware attacks, data theft, and the disruption of healthcare services.”

Continue reading

Community Health Systems Enters Into Five-Million-Dollar, Multi-State Settlement Agreement in Connection with 2014 Data Breach

Share

On October 8, 2020, Community Health Systems, Inc. (Community Health) and its subsidiary CHSPSC, LLC entered into a settlement agreement with 28 states for $5 million to resolve claims related to a 2014 data breach. Community Health owns over 200 hospitals across the United States and is one of the largest hospital networks in the country. The multi-state settlement follows a separate $2.3 million settlement that Community Health reached with the U.S. Department of Health and Human Services Office for Civil Rights (HHS-OCR) in connection with the same data breach.

Continue reading

Ransomware Payments May Violate Sanctions Laws, U.S. Treasury Department Warns

Share

Ransomware attacks are on the rise in the wake of COVID-19, but attack victims — and third parties who assist them — could unknowingly be in violation of federal law. A new advisory from the U.S. Department of the Treasury warns that ransom payments to sanctioned individuals or entities may result in significant criminal or civil liability. Companies should closely review the details of this advisory to minimize the risk of violating the U.S. sanctions laws if they are victimized by a ransomware attack.

For the full alert, visit the Faegre Drinker website.

« Older posts

©2020 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Privacy Policy