The proposed Massachusetts Information Privacy and Security Act: Will This Be the Year Massachusetts Finally Updates Its Consumer Privacy Laws?

Since Massachusetts becoming a trailblazer among states with the passage of privacy legislation in 2007 and subsequent regulations, Massachusetts’ own privacy laws have been passed by those of other states, most notably California.  The proposed Massachusetts Information Privacy and Security Act (“MIPSA”) would bring Massachusetts back to the forefront of state regulation of privacy and data security.

The 65 page long bill would,… More

U.S. Department of Homeland Security Launches First-Ever Cyber Safety Review Board

Earlier this week, the U.S. Department of Homeland Security (DHS) announced the establishment of the Cyber Safety Review Board (CSRB), as directed in President Biden’s Executive Order 14028 on Improving the Nation’s Cybersecurity. The CSRB is a public-private initiative that will bring together government and industry leaders to elevate U.S. cybersecurity.

The CSRB will review and assess significant cybersecurity events, so that government,… More

Cybersecurity 2022 – The Year in Preview: Continued Threats to Nation’s Energy Supply as Regulators Race to Keep Up

Continued Threats of Ransomware Attacks

As we reported in our 2021 Year in Preview series, we began 2021 anticipating that ransomware would be a serious threat to critical energy infrastructure.  These concerns were realized in May 2021 when the Colonial Pipeline Company’s (“Colonial”) entire 5,500-mile pipeline system carrying liquid fuels was shut down due to a ransomware attack by DarkSide, a hacking group that allegedly has loose ties to the Russian government.… More

Cybersecurity 2022 – The Year in Preview: Privacy Regulations at the FTC

As we think about what 2022 may hold with regard to privacy and data security regulation by the Federal Trade Commission (FTC), we should first look back at some of the developments from last year that set the stage for this year. Just like 2021, it appears that the regulatory culture at the FTC this year will be heavily entangled with the political environment. Recent events suggest that while privacy and data security related reforms previously enjoyed bipartisan support,… More

CISA on Russia, Ukraine and Ransomware

According to the U.S. Cybersecurity and Infrastructure Security Agency (“CISA“), the potential hostilities between Russia and Ukraine are likely to spill over into cyber warfare.  In this month’s CISA Insights:

Every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety. Over the past year, cyber incidents have impacted many companies,… More

NYC Employers Face New Restrictions on Use of Artificial Intelligence in Hiring

As technological advances have given employers artificial intelligence (AI) based tools to assist them in the hiring process, New York City has taken note. Recently, New York City adopted a new measure restricting the use of artificial intelligence (AI) in hiring.

The law, which will go into effect on January 1, 2023, bars the use of AI-based hiring tools unless those tools have been subject to a bias audit.… More

Requiring Robust Security for Financial Institutions, FTC Finalizes Amendments to Safeguards Rules

The Federal Trade Commission has finalized amendments to the Standards for Safeguarding Customer Information (“Safeguards Rule”), specific to defined financial institutions, designed to strengthen security for consumer financial information following a recent uptick in data breaches.

The amendments contain four main modifications to the existing Rule that outline additional protections financial institutions must implement when handling sensitive consumer data.

  • First, the amendments provide financial institutions with additional guidance regarding developing and implementing an information security program,…
  • More

Biden Administration Focus on Cybercrime Continues with Israeli Companies Added to Entity List, New Export Controls, and Cryptocurrency Sanctions

On November 3, 2021, the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) added two Israeli entities to the Entity List due to malicious cyber activities. In its press release, BIS stated that the designation of Israeli companies NSO Group and Candiru was based on evidence that these entities developed and supplied spyware to foreign governments, which was then used for malicious surveillance,… More

OFAC Publishes New Guidance for the Virtual Currency Industry

The U.S Department of the Treasury’s Office of Foreign Assets Control (OFAC) has published guidance to aid members of the virtual currency industry (ranging from tech companies to brokers to users) in complying with OFAC requirements. OFAC defines “virtual currency” to encompass non-sovereign, non-fiat currencies that can be used as a store of value or as a medium of exchange—a category inclusive of most cryptocurrencies, including common tokens such as Bitcoin or Ether.… More

DOJ Announces New Cyber-Fraud Initiative Promoting False Claims Act Enforcement Against Contractors and Grantees Failing to Follow Cybersecurity Standards

As we anticipated last spring, the Department of Justice (DOJ) has signaled that it will utilize civil enforcement of the False Claims Act (FCA) to address new and emerging cybersecurity threats. On October 6, 2021, Deputy Attorney General Lisa Monaco announced the launch of a new cyber-fraud initiative led by the Fraud Section of DOJ’s Commercial Litigation Branch. The new initiative will focus FCA enforcement against federal government contractors or grant recipients who fail to follow required cybersecurity standards.… More