On November 16, 2023, the Federal Trade Commission released a proposed order in connection with a complaint filed in August of 2020 against Global Tel*Link Corp. and its subsidiaries, Telmate and TouchPay, which offers communication and payment services for incarcerated individuals.
Continue Reading In an FTC First, Proposed Order Requires Global Tel*Link Corp. to Notify Users and Facilities of Future Breaches

Patrick Gunning from King & Wood Mallesons reports that, on November 2, 2023, the Australian Information Commissioner filed proceedings in the Federal Court of Australia against Australian Clinical Labs Limited seeking a civil penalty in connection with the company’s response to a data breach that occurred in February 2022.
Continue Reading Australian Privacy Regulator Sues in Data Breach Case

On October 31, 2023, the Department of Health and Human Services announced the issuance of a settlement agreement with Doctors’ Management Services, a Massachusetts-based medical management company, related to alleged violations of the Health Insurance Portability and Accountability Act’s Privacy and Security Rules.
Continue Reading HHS Announces First HIPAA Settlement Agreement Involving Ransomware Attack

On October 12, 2023, the French Data Protection Authority announced a €600,000 fine for mass media company Groupe Canal+ for failing to comply with its commercial prospecting obligations applicable under the French Post and Electronic Communications Code and several obligations of the EU General Data Protection Regulation.
Continue Reading CNIL Fines Groupe Canal+ 600,000 Euros For Direct Marketing and GDPR Infringements

On October 27, 2023, the Federal Trade Commission announced that it has approved an amendment to the Safeguards Rule that would require non-banking institutions to report certain data breaches to the FTC.
Continue Reading FTC Amends Safeguards Rule to Require Certain Financial Institutions to Report Data Security Breaches

Hunton recently published a client alert discussing the importance of cyber and directors and officers liability insurance for companies and their executives to guard against cyber-related exposures. This blog entry provides a link to download the client alert.
Continue Reading Reducing Risks from Cyber Incidents with Cyber and D&O Insurance

On July 26, 2023, the U.S. Securities and Exchange Commission adopted long-anticipated disclosure rules for public companies by a 3-2 party-line vote. The final rules apply both to U.S. domestic public companies, as well as any offshore company that qualifies as a “foreign private issuer” under SEC rules due to a strong nexus to the U.S. capital markets. The new rules are effective as soon as December 18, 2023, and we provide further details in this blog post.
Continue Reading SEC Adopts Final Public Company Cybersecurity Disclosure Rules