On July 21, 2022, the National Institute of Standards and Technology released an updated draft of its HIPAA Security Rule guidance.
Continue Reading NIST Publishes New Draft Guidance on HIPAA Security Rule
Cybersecurity
T-Mobile to Pay $500 Million to Settle Claims Related to 2021 Breach
On July 22, 2022, T-Mobile entered into an agreement to settle a class action lawsuit stemming from its 2021 data breach. …
Continue Reading T-Mobile to Pay $500 Million to Settle Claims Related to 2021 Breach
Arizona Adds Breach Notification Obligation
On July 22, 2022, companies are required to notify the Arizona Department of Homeland Security when they experience a data breach impacting more than 1,000 Arizona residents. …
Continue Reading Arizona Adds Breach Notification Obligation
Florida Enacts Law Prohibiting State Agencies from Paying Cyber Ransoms
On July 1, 2022, amendments to Florida’s State Cybersecurity Act took effect, imposing certain ransomware reporting obligations on state agencies, counties and municipalities and prohibiting those entities from paying cyber ransoms. …
Continue Reading Florida Enacts Law Prohibiting State Agencies from Paying Cyber Ransoms
Wegmans Agrees to Pay $400,000 Penalty After Cloud Security Lapse
On June 30, 2022, the New York Office of the Attorney General announced a $400,000 agreement with Wegmans Food Markets, Inc. in connection with a cloud storage security issue. …
Continue Reading Wegmans Agrees to Pay $400,000 Penalty After Cloud Security Lapse
President Biden Signs Two Bills Aimed at Enhancing Government Cybersecurity
On June 21, 2022, President Biden signed into law, the State and Local Government Cybersecurity Act of 2021 and the Federal Rotational Cyber Workforce Program Act, two bipartisan bills aimed at enhancing the cybersecurity postures of the federal, state and local governments.
Continue Reading President Biden Signs Two Bills Aimed at Enhancing Government Cybersecurity
NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches
On June 24, 2022, the New York State Department of Financial Services announced it had entered into a $5 million settlement with Carnival Corp., the world’s largest cruise-ship operator, for violations of the Cybersecurity Regulation in connection with four cybersecurity events between 2019 and 2021, including two ransomware events. …
Continue Reading NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches
China Issues Draft Guidelines on Certification of Personal Information Cross-Border Transfer Activities
The National Information Security Standardization Technical Committee of China recently issued a draft version of the Cybersecurity Standard Practice Guidelines – Technical Specification on Certification of Personal Information Cross-border Transfer Activities. This blog entry provides a summary of the Guidelines.
Continue Reading China Issues Draft Guidelines on Certification of Personal Information Cross-Border Transfer Activities
Vermont Enacts Insurance Data Security Law
On May 27, 2022, Vermont Governor Phil Scott signed H.515, making Vermont the twenty-first state to enact legislation based on the National Association of Insurance Commissioners Insurance Data Security Model Law. This blog entry provides a summary of the legislation.
Continue Reading Vermont Enacts Insurance Data Security Law
U.S. Issues Guidance to Companies Warning of Cybersecurity and Sanctions Risks Posed by IT Workers Directed by North Korea
On May 16, 2022, the U.S. Department of State, U.S. Department of Treasury, and the Federal Bureau of Investigation issued combined guidance on efforts by North Korean nationals to secure freelance engagements as remote information technology workers by posing as non-North Korea nationals.
Continue Reading U.S. Issues Guidance to Companies Warning of Cybersecurity and Sanctions Risks Posed by IT Workers Directed by North Korea