On April 24, President Biden signed a sweeping foreign aid bill into law, which included a critical provision covering privacy and data transfers known as the Protecting Americans’ Data from Foreign Adversaries Act (“PADFA”). This Act is separate from the TikTok divestment portion of the legislation, which has received far greater attention in the press.
National Security
New Executive Order Would Restrict Transfer of Certain Bulk Sensitive Personal Data and United States Government-Related Data to China and Other Countries of Concern
On February 28, 2024, President Biden announced an Executive Order directing the Department of Justice to promulgate regulations that restrict or prohibit transactions involving certain bulk sensitive personal data or United States Government-related data and countries of concern or covered persons. The DOJ’s initially identified countries are China (including Hong Kong and Macau), Russia, Iran…
R&G Tech Studio Presents: Litigation & Enforcement Partner Ama Adams
On this episode of the R&G Tech Studio, litigation & enforcement partner Ama Adams, who’s also the managing partner of Ropes & Gray’s Washington, D.C. office, sits down with data, privacy & cybersecurity partner Fran Faircloth to discuss how she helps clients bridge the gap between ongoing national security concerns and the rapidly evolving…
Expansive Federal Breach Reporting Requirement Becomes Law
On March 15, 2022, President Biden signed into law significant new federal data breach reporting legislation that could vastly expand data breach notice requirements far beyond regulated entities or entities processing personal data. Unceremoniously tucked as Division Y into the H.R. 2471 Consolidated Appropriations Act, 2022, the Cyber Incident Reporting for Critical Infrastructure Act of…
The Ukrainian Cybersecurity Spillover Problem
Anxiety is running high as a result of Russia’s invasion of Ukraine, particularly in cybersecurity circles. The 2017 NotPetya attack was a Russian cyber-weapon fired at the Ukraine. In 2017, NotPetya spread to FedEx, Maersk, Merck, and several other companies, and it would be naïve not to expect a spillover from the 2022 attack. Indeed, a barrage of similar “wipers” has already been fired in 2022, and reports are circulating that some computers in Lithuania have been impacted.
Many cyber-weapons are delivered through phishing attacks, and companies can take three important steps to help prevent these attacks:
- Send out a training reminder to all employees about spotting and avoiding phish email that may carry the malware into your environment.
- Recognize that training will not be enough; increase filtering for malicious messages.
- Push for multi-factor authentication for remote access to email.
Continue Reading The Ukrainian Cybersecurity Spillover Problem
United States-Australia CLOUD Act Agreement Leaves Encryption Uncertainties
On December 15, 2021, Australia and the United States signed an agreement that will make it more efficient for law enforcement agencies in both countries to obtain data about criminal suspects, but it leaves technology companies with concerning questions. The new agreement was forged under the Clarifying Lawful Overseas Use of Data (CLOUD) Act, a 2018 statute that enables law enforcement to more easily secure important electronic information about suspected crimes—including terrorism, violent crimes, sexual exploitation of children, and cybercrimes like ransomware or attacks on critical infrastructure—from global technology companies based in the United States. Although the agreement was designed to facilitate law enforcement investigations, it leaves unanswered the encryption privacy questions that have beset preceding agreements.
Continue Reading United States-Australia CLOUD Act Agreement Leaves Encryption Uncertainties
State Department Makes Cybersecurity a Priority
Recognizing the persistent and increasingly sophisticated nature of cyber incidents threatening the safety and security of the U.S., the Biden administration is launching a new bureau focused on cybersecurity and digital policy. On October 27, 2021, Secretary of State Antony Blinken formally announced a plan to establish a Bureau of Cyberspace and Digital Policy, which includes appointing a special envoy to address critical and emerging technologies. The new bureau and special envoy will address issues such as cyber threats, digital freedom, and surveillance risks, and will coordinate with the U.S.’s allies to establish international standards on emerging technologies.
Continue Reading State Department Makes Cybersecurity a Priority
Privacy Year in Review: 2020’s Hottest Topics
As we stand at the beginning of 2021 and a new presidential administration, we look back on the year behind us. Hindsight is always 2020, and 2020 may be best viewed in hindsight. We saw rapid changes in the privacy space, prompted in part by the global COVID-19 response. Infrastructure and services across multiple sectors continue to rely on data and digital platforms to function. Five prominent developments shaped the data privacy environment in 2020.
Continue Reading Privacy Year in Review: 2020’s Hottest Topics
Between a Rock and a Hard Place: OFAC Issues Advisory on Ransomware Payments
On October 1, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) published an advisory to alert companies on potential sanctions risks related to ransomware payments (the “Advisory”).[1] While ransomware attacks, by design, create business critical problems requiring swift attention and remediation, the Advisory cautions that victims of ransomware attacks, and ransomware-related services providers, must balance such considerations against the risk of sanctions liability.
Continue Reading Between a Rock and a Hard Place: OFAC Issues Advisory on Ransomware Payments