Safeguards Rules

FTC Makes Significant Changes to GLBA Safeguards Rule

The FTC’s final rule released last week amending its Standards for Safeguarding Customer Information (Safeguards Rule) under the Gramm-Leach-Bliley Act (GLBA) will require significant changes in data security policies and procedures to be made by non-bank financial institutions covered by the Safeguards Rule.  Such institutions include finance companies, mortgage companies and brokers, motor vehicle dealers, small-dollar…
Read More
PIPL

China’s Personal Information Protection Law: Key Takeaways

On August 20, 2021, China’s first comprehensive Personal Information Protection Law (“PIPL”) was passed into law. The Cybersecurity Law, the Data Security Law, and the PIPL of China are the three pillars of China’s data protection framework, which govern cybersecurity, data security, and personal information protection respectively. The Cybersecurity Law largely governs cybersecurity requirements for Critical Information Infrastructure operators…
Read More
California

California Passes Suite of New Privacy Laws

California continues to be at the vanguard of privacy protection.  On October 11, 2021, California’s Governor Newsom signed several bills addressing privacy and data security. These new laws go into effect January 1, 2022 and include: AB 335, which adds an exemption to the California Consumer Privacy Act (CCPA) consumer personal information sales opt-out right.…
Read More
Cybersecurity

DOJ Will Use False Claims Act to Target Cybersecurity Fraud

On October 6, Deputy Attorney General Lisa Monaco announced the launch of the US Department of Justice’s (DOJ) Civil Cyber-Fraud Initiative. The DOJ will utilize the False Claims Act (FCA) to pursue cybersecurity related fraud by government contractors and grant recipients.  The False Claims Act was enacted during the Civil War to stamp out fraud…
Read More
Breach

Attorney-Client Privilege in the Age of Cyber Breaches

Investigations and forensic reports relating to a cybersecurity breach may not always be protected by the attorney-client privilege or work product protection.  Companies seeking such reports after a data breach must take caution to protect them from a possible waiver of privilege in the event of subsequent litigation relating to a data breach. The following…
Read More
UK

UK Proposes Reforms to Data Protection Laws

On 10 September 2021, the UK Government’s Department for Digital, Culture, Media, and Sport (DCMS) published its long-awaited proposals for reform of the country’s data protection laws. The consultation paper includes a detailed and comprehensive set of suggested amendments to the UK GDPR, Data Protection Act 2018, and Privacy and Electronic Communications Regulations (PECR), with…
Read More
Data Security

The Impact of Data Security Incident Trends on Commercial Transactions

The 2021 edition of BakerHostetler’s annual Data Security Incident Response Report – a report based on the firm’s experience with data security incident response and litigation over the past year – features a number of important insights previously covered on this blog including trends in global breach notification, healthcare industry risks and ransomware. The Report is a helpful tool for companies…
Read More
Cybersecurity

How Cybersecurity Frameworks Can Protect Your Organization (Even in the Event of a Breach)

It’s certainly no secret how damaging data breaches can be for organizations today. And if lost revenue and a tarnished reputation aren’t enough to make you want to act, your organization could face punitive damages if you fail to protect your customers’ private information. Yes, that’s right—steep fines imposed by regulatory agencies can await those…
Read More
SEC

SEC Doubles Down on Safeguards Rule Enforcement

The Securities and Exchange Commission issued sanctions against three financial services companies last week. The sanctions came in response to a series of email-takeover attacks in which Personally Identifiable Information (PII) was exposed.  In each case, the SEC found that the firms failed to implement proper cybersecurity measures against breaches. Each firm was found responsible…
Read More
Back To Top