As recent events indicate, American companies may be the subject of destructive data “wiper” attacks and potential data theft by Iran-linked hackers. Ongoing tensions in the Middle East underscore the stark and evolving cyberthreat landscape facing companies. These types of cyberattacks blend the regulatory and litigation exposure of a traditional data breach with the extreme business risks associated with near total operational disruption. This alert highlights potential legal implications and outlines practical steps companies should consider to strengthen preparedness.
Continue Reading When Cyberwar Hits the Corporate Home Front
New Executive Order Would Restrict Transfer of Certain Bulk Sensitive Personal Data and United States Government-Related Data to China and Other Countries of Concern
On February 28, 2024, President Biden announced an Executive Order directing the Department of Justice to promulgate regulations that restrict or prohibit transactions involving certain bulk sensitive personal data or United States Government-related data and countries of concern or covered persons. The DOJ’s initially identified countries are China (including Hong Kong and Macau), Russia, Iran
R&G Tech Studio Presents: Litigation & Enforcement Partner Ama Adams
On this episode of the R&G Tech Studio, litigation & enforcement partner Ama Adams, who’s also the managing partner of Ropes & Gray’s Washington, D.C. office, sits down with data, privacy & cybersecurity partner Fran Faircloth to discuss how she helps clients bridge the gap between ongoing national security concerns and the rapidly evolving
UK Data Protection Regulator Updates its Guidance on Data Transfers
Introduction
Ahead of its much-anticipated guidance on the UK International Data Transfer Agreement / Addendum (IDTA) (the United Kingdom’s version of the EU standard contractual clauses (EU SCCs)), the UK data protection regulator, the Information Commissioner’s Office (ICO), has revised its guidance on international transfers of personal data under the UK GDPR (Transfer Guidance).
Continue Reading UK Data Protection Regulator Updates its Guidance on Data TransfersBetween a Rock and a Hard Place: OFAC Issues Advisory on Ransomware Payments
On October 1, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) published an advisory to alert companies on potential sanctions risks related to ransomware payments (the “Advisory”).[1] While ransomware attacks, by design, create business critical problems requiring swift attention and remediation, the Advisory cautions that victims of ransomware attacks, and ransomware-related services providers, must balance such considerations against the risk of sanctions liability.
Continue Reading Between a Rock and a Hard Place: OFAC Issues Advisory on Ransomware Payments