On July 31, 2021, Zoom Video Communications, Inc. agreed to pay $85 million to settle a class action suit that alleged the Company violated users’ privacy rights. The proposed settlement must be approved by U.S. District Judge Lucy Koh.
Continue Reading Zoom Agrees to Pay $85M to Settle Class Action
Cybersecurity
U.S. Department of Homeland Security Announces Additional Pipeline Cybersecurity Directive
Posted on
In July 2021, the U.S. Department of Homeland Security’s Transportation Security Administration announced a new Security Directive requiring owners and operators of certain critical pipelines transporting hazardous liquids and natural gas to implement specific cybersecurity measures.…
Continue Reading U.S. Department of Homeland Security Announces Additional Pipeline Cybersecurity Directive
Senators Introduce Cyber Incident Notification Act
Posted on
Posted in Cybersecurity, U.S. Federal Law
A bipartisan group of Senators recently introduced the Cyber Incident Notification Act of 2021. The Act would require federal government agencies, federal contractors and operators of critical infrastructure to notify the federal government in the event of a cybersecurity incident.…
Continue Reading Senators Introduce Cyber Incident Notification Act
New Connecticut Breach Notification Requirements and Cybersecurity Safe Harbor Effective October 2021
Posted on
Connecticut recently passed two cybersecurity laws that will become effective on October 1, 2021. The newly passed laws modify Connecticut’s existing breach notification requirements and establish a safe harbor for businesses that create and maintain a written cybersecurity program that complies with applicable state or federal law or industry-recognized security frameworks.…
Continue Reading New Connecticut Breach Notification Requirements and Cybersecurity Safe Harbor Effective October 2021
White House Issues Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems
Posted on
Posted in Cybersecurity, Information Security
On July 28, 2021, President Biden signed a National Security Memorandum that formally establishes an Industrial Control Systems Cybersecurity Initiative and directs the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the Department of Commerce’s National Institute of Standards and Technology, in collaboration with other agencies, to develop and issue cybersecurity performance goals for critical infrastructure.…
Continue Reading White House Issues Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems
First National Cyber Director Formally Sworn In
Posted on
Posted in Cybersecurity, U.S. Federal Law
On July 12, 2021, Chris Inglis was formally sworn in as the first White House National Cyber Director.…
Continue Reading First National Cyber Director Formally Sworn In
Federal Banking Regulators Request Comment on Proposed Guidance for Third-Party Risk Management
Posted on
On July 13, 2021, federal bank regulators (the Board of Governors of the Federal Reserve System, the FDIC and the Office of the Comptroller of the Currency) requested public comment on proposed joint guidance regarding banking organizations’ management of risks related to relationships with third-party support and service providers. This blog entry provides highlights on the guidance.…
Continue Reading Federal Banking Regulators Request Comment on Proposed Guidance for Third-Party Risk Management
NYDFS Issues Ransomware Guidance Outlining Expected Security Controls
Posted on
On June 30, 2021, the New York State Department of Financial Services issued guidance to all New York regulated entities on ransomware, identifying controls it expects regulated companies to implement whenever possible.…
Continue Reading NYDFS Issues Ransomware Guidance Outlining Expected Security Controls
China Issues Data Security Law
Posted on
After two rounds of public comments, the Data Security Law of the People’s Republic of China was formally issued on June 10, 2021, and will become effective on September 1, 2021. This blog entry provides highlights of the new law.…
Continue Reading China Issues Data Security Law
SEC Settles Charges Against Real Estate Services Company Over Control Failures Related to Cybersecurity Disclosure
Posted on
On June 15, 2021, the SEC announced it settled charges against real estate services company First American Financial Corporation (“First American”) for alleged violation of Rule 13a-15(a) of the Exchange Act. The SEC charged First American with failure to maintain disclosure controls and procedures designed to ensure that all available, relevant information concerning a software vulnerability that led to a cybersecurity incident was filed with the Commission.
…
Continue Reading SEC Settles Charges Against Real Estate Services Company Over Control Failures Related to Cybersecurity Disclosure