Page 2 of 44

But Wait, There Really Is More: California AG Releases New Proposed Modifications to the Final CCPA Regulations

Share

Throwing covered businesses a bit of a curveball, the California attorney general issued a third set of proposed changes to the formerly assumed “final” CCPA implementing regulations. Fortunately for those overseeing CCPA compliance, the revisions are largely clarifications of the existing regulations rather than fundamental changes. Interested stakeholders have until 5:00 p.m. Pacific Time on Wednesday, October 28, to submit comments.

For the full alert, visit the Faegre Drinker website.

Community Health Systems Enters Into Five-Million-Dollar, Multi-State Settlement Agreement in Connection with 2014 Data Breach

Share

On October 8, 2020, Community Health Systems, Inc. (Community Health) and its subsidiary CHSPSC, LLC entered into a settlement agreement with 28 states for $5 million to resolve claims related to a 2014 data breach. Community Health owns over 200 hospitals across the United States and is one of the largest hospital networks in the country. The multi-state settlement follows a separate $2.3 million settlement that Community Health reached with the U.S. Department of Health and Human Services Office for Civil Rights (HHS-OCR) in connection with the same data breach.

Continue reading

Ransomware Payments May Violate Sanctions Laws, U.S. Treasury Department Warns

Share

Ransomware attacks are on the rise in the wake of COVID-19, but attack victims — and third parties who assist them — could unknowingly be in violation of federal law. A new advisory from the U.S. Department of the Treasury warns that ransom payments to sanctioned individuals or entities may result in significant criminal or civil liability. Companies should closely review the details of this advisory to minimize the risk of violating the U.S. sanctions laws if they are victimized by a ransomware attack.

For the full alert, visit the Faegre Drinker website.

It’s Finally Final… But Wait, There’s More: Fall 2020 California Privacy Update

Share

Businesses nationwide finally have clarity on their compliance obligations under the California Consumer Privacy Act (CCPA), as the landmark privacy law’s implementing regulations were finalized in August after a few last changes worth noting, and the Governor just signed two important CCPA amendments. With enforcement underway, business leaders should continue to focus on compliance — while also monitoring the progress of the California Privacy Rights and Enforcement Act, a 2020 ballot initiative that could soon become the next sweeping privacy law.

For the full alert, visit the Faegre Drinker website.

Dunkin’ Brands, Inc. Agrees to Pay $650,000 to Settle 2019 Data Breach Lawsuit Brought by the New York Attorney General’s Office

Share

On September 15, 2020, the New York Attorney General’s Office (NYAG) announced a settlement with Dunkin’ Brands, Inc. (Dunkin) in connection with a September 2019 lawsuit brought by the NYAG against Dunkin for alleged failures to adequately respond to cyberattacks that impacted approximately 300,000 customers. The proposed settlement—which still must be approved by the court—requires Dunkin to, among other things, notify customers impacted by the attacks, maintain specific cybersecurity procedures to prevent future cyberattacks, and pay $650,000 in penalties.

Continue reading

Disruption IV: The New Threat Disruptionware Poses to the American Energy Sector

Share

Over the past few months, I have written about the threat first identified by the Institute for Critical Infrastructure Technology (ICIT) called disruptionware. We have previously described what disruptionware is, how it works, and outlined some of the defenses that can be used to defend against a multitude of disruptionware attacks. Many may have thought the immediate notifications of the threat posed by this new concept of disruptionware had been adequately made public and sufficiently identified. Unfortunately, disruptionware continues to impact new sectors.

According to ICIT, disruptionware is an evolving category of malware designed to “suspend operations within the victim organization through the compromise of the availability, integrity and confidentiality of the data, systems, and networks belonging to the target.” Recently, ICIT identified a new threat from disruptionware that will likely have a seriously adverse effect on the American energy sector. ICIT goes so far as to refer to disruptionware in the context of an attack on the U.S. energy grid as a “weapon of mass destruction.”

Continue reading

« Older posts Newer posts »

©2020 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Privacy Policy