Cybersecurity

DOJ Will Use False Claims Act to Target Cybersecurity Fraud

On October 6, Deputy Attorney General Lisa Monaco announced the launch of the US Department of Justice’s (DOJ) Civil Cyber-Fraud Initiative. The DOJ will utilize the False Claims Act (FCA) to pursue cybersecurity related fraud by government contractors and grant recipients.  The False Claims Act was enacted during the Civil War to stamp out fraud…
Read More
Privacy

Senate Hearings Call for Creation of New Data Privacy Bureau

On Wednesday, September 29, the Senate Committee on Commerce, Science and Transportation held a hearing on data privacy titled, “Protecting Consumer Privacy.” The issue of data privacy is of particular interest to Sen. Maria Cantwell (D-WA), the Committee Chair, who introduced the Consumer Online Privacy Rights Act (COPRA) in 2019. Much of the testimony revolved…
Read More
DelBene

The Information Transparency and Personal Data Control Act

On March 11, 2021, Rep. Suzan DelBene (D-WA) introduced the House of Representatives’ first major privacy bill in the 117th Congress. Rep. DelBene recently joined an episode of the Association for Data and Cyber Governance’s U.S. National Privacy and Cybersecurity Podcast to discuss The Information Transparency and Personal Data Control Act ( H.R. 1816 ).…
Read More
Minnesota

Minnesota Privacy Act Unveiled

On Monday, September 27, the Minnesota legislators held a preliminary hearing on the Minnesota Consumer Data Privacy Act” (HF1492). With Colorado and Virginia passing their own privacy bills this year and numerous other states considering their own, Rep. Steve Elkins (DFL-Bloomington) says he introduced the bill to, “create a common framework of as many states…
Read More
GDPR

UK Ranks Second Highest in GDPR Fines

A new report from cybersecurity company ESET found that the UK ranks second highest in average GDPR fine value ($10 million), despite issuing the lowest number (five) of GDPR fines in the EU. Spain issued the highest number of fines (273), while Luxembourg issued the highest value fines.  The report found that more than 650…
Read More
NIST

Implementing the NIST Privacy Framework – Govern Function

The National Institute of Standards and Technology (NIST) Privacy Framework is a widely known control set used to assist organizations in identifying privacy risks within their business environment and allocating resources to mitigate these risks. Our team previously published an article outlining the best ways to leverage the NIST Privacy (NIST-P) Framework to assess data privacy posture,…
Read More
NIST

Implementing the NIST Privacy Framework – Identify Function

The National Institute of Standards and Technology (NIST) Privacy Framework, published in January 2020, is quickly becoming the mainstream control set for organizations to align with when assessing their data privacy posture, developing readiness roadmaps, and maturing their privacy program. We have previously written about how the controls in the NIST Privacy can be mapped to…
Read More
Cookies

French Regulator Cracks Down on Cookies

In June, the CNIL–France’s regulatory body for data privacy and protection–issued notices of noncompliance to approximately 40 companies that had failed to align with the CNIL’s guidelines on cookies, which were adopted October 1, 2020. In a followup report issued this week, September 14, the CNIL reported that 80 percent of noncompliant companies have since…
Read More
Data Security

The Impact of Data Security Incident Trends on Commercial Transactions

The 2021 edition of BakerHostetler’s annual Data Security Incident Response Report – a report based on the firm’s experience with data security incident response and litigation over the past year – features a number of important insights previously covered on this blog including trends in global breach notification, healthcare industry risks and ransomware. The Report is a helpful tool for companies…
Read More
Privacy Law

Colorado Privacy Act: Another Piece to the Data Privacy Puzzle

Introduction Privacy laws have entered the compliance world by storm and are quickly changing data privacy practices. The most recent state, Colorado, passed the Colorado Privacy Act (CPA) into law on July 7, 2021. This new act follows California’s Consumer Privacy Act (CCPA) but calls out several additional rights, actions, and policies. The CPA pulls…
Read More
Back To Top