Cyber Incident, Ransom Payment Reporting to DHS Mandatory for Critical Infrastructure Entities

Included within the Consolidated Appropriations Act, 2022, signed by President Joe Biden on March 15, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (Act) creates new data breach reporting requirements. This new mandate furthers the federal government’s efforts to improve the nation’s cybersecurity, spurred at least in part by the Colonial Pipeline cyberattack...
March 18, 2022

Not-For-Profits, Charities Might Attract More Donors with Improved Website Content, Attention to Privacy

According to Giving USA, charitable contributions in 2020 exceeded $470 billion, 70 percent of which came from individuals.  Individuals deciding to donate to a particular organization may be considering factors beyond the organization’s particular mission, however compelling it may be. Misleading GoFundMe campaigns, FTC crackdowns on deceptive charities, and poorly run organizations are some of...
March 14, 2022

Do Employers Need a CISO for ERISA Compliance?

According to a recent survey, about 45% of companies do not have a Chief Information Security Officer (CISO). As West Monroe’s “The Importance of a CISO” observes, it would be terrific for all organizations to have a CISO, but that simply may not be practical for some, particularly smaller organizations. Recent internal audit guidance issued...
March 11, 2022

Trade Associations Weigh In on Claim Accrual Under Illinois Biometric Information Privacy Act

Co-authors: Nadine C. Abrams and Richard Mrizek  In a ruling that may have significant impact on the constant influx of biometric privacy suits under the Biometric Information Privacy Act (BIPA) in Illinois, the Illinois Supreme Court will soon weigh in on whether claims under Sections 15(b) and (d) of the BIPA, 740 ILCS 14/1, et...
March 9, 2022

California State Senator Introduces a BIPA-like Law to Protect Biometric Information

Some members of the California legislature want their state to remain the leader for data privacy and cybersecurity regulation in the U.S. This includes protections for biometric information, similar to those under the Biometric Information Privacy Act in Illinois, 740 ILCS 14 et seq. (BIPA). State Senator Bob Wieckowski introduced SB 1189 on February 17, 2022, which...
February 23, 2022

$600,000 Reasons To Review Your SHIELD Act Compliance Program: NY Attorney General Announces Significant Settlement Stemming From Email Data Breach

On January 24, 2022, New York Attorney General Letitia James announced a $600,000 settlement agreement with EyeMed Vision Care, a vision benefits company, stemming from a 2020 data breach compromising the personal information of approximately 2.1 million individuals across the United States, including nearly 99,000 in New York State (the “Incident”). This settlement was the...
February 16, 2022

Massachusetts Legislature Evaluates Its Own Comprehensive Consumer Privacy Law

The Massachusetts Information Privacy and Security Act (MIPSA) continues to advance through the state legislative process, and is now before the full legislature. While the Act has several hurdles to clear before becoming law, its notable for two reasons. First, the comprehensive nature of the MIPSA exemplifies the direction state data protection laws are heading...
February 15, 2022

Massachusetts Privacy Bill Provides WISP Reminder, Safe Harbor for Punitive Damages

When Massachusetts issued its data security regulations in 2009 (Regulations), it led the way for states on data security. The Regulations became effective 12 years ago, almost to the day, March 1, 2010. The Bay State is now contemplating comprehensive privacy legislation, the Massachusetts Information Privacy and Security Act (MIPSA), similar to what has been...
February 14, 2022

SEC to Advisors and Funds – Adopt and Implement Cybersecurity Policies and Procedures

On February 9, the Securities and Exchange Commission (“SEC”) voted to propose rule 206(4)-9 under the Advisers Act and 38a-2 under the Investment Company Act (collectively, “Proposed Rule”). In general, the Proposed Rule would require all advisers and funds to adopt and implement cybersecurity policies and procedures containing several elements. While acknowledging spending on cybersecurity...
February 11, 2022

Jump in Facial and Voice Recognition Raises Privacy, Cybersecurity, Civil Liberty Concerns

Facial recognition, voiceprint, and other biometric-related technology are booming, and they continue to infiltrate different facets of everyday life. The technology brings countless potential benefits, as well as significant data privacy and cybersecurity risks. Whether it is facial recognition technology being used with COVID-19 screening tools and in law enforcement, continued use of fingerprint-based time...
February 4, 2022

Pages