On March 15, 2022, President Biden signed into law significant new federal data breach reporting legislation that could vastly expand data breach notice requirements far beyond regulated entities or entities processing personal data. Unceremoniously tucked as Division Y into the H.R. 2471 Consolidated Appropriations Act, 2022, the Cyber Incident Reporting for Critical Infrastructure Act of
Anxiety is running high as a result of Russia’s invasion of Ukraine, particularly in cybersecurity circles. The 2017 NotPetya attack was a Russian cyber-weapon fired at the Ukraine. In 2017, NotPetya spread to FedEx, Maersk, Merck, and several other companies, and it would be naïve not to expect a spillover from the 2022 attack. Indeed, a barrage of similar “wipers” has already been fired in 2022, and reports are circulating that some computers in Lithuania have been impacted.
Many cyber-weapons are delivered through phishing attacks, and companies can take three important steps to help prevent these attacks:
Continue Reading The Ukrainian Cybersecurity Spillover Problem
On December 15, 2021, Australia and the United States signed an agreement that will make it more efficient for law enforcement agencies in both countries to obtain data about criminal suspects, but it leaves technology companies with concerning questions. The new agreement was forged under the Clarifying Lawful Overseas Use of Data (CLOUD) Act, a 2018 statute that enables law enforcement to more easily secure important electronic information about suspected crimes—including terrorism, violent crimes, sexual exploitation of children, and cybercrimes like ransomware or attacks on critical infrastructure—from global technology companies based in the United States. Although the agreement was designed to facilitate law enforcement investigations, it leaves unanswered the encryption privacy questions that have beset preceding agreements.
Continue Reading United States-Australia CLOUD Act Agreement Leaves Encryption Uncertainties
Recognizing the persistent and increasingly sophisticated nature of cyber incidents threatening the safety and security of the U.S., the Biden administration is launching a new bureau focused on cybersecurity and digital policy. On October 27, 2021, Secretary of State Antony Blinken formally announced a plan to establish a Bureau of Cyberspace and Digital Policy, which includes appointing a special envoy to address critical and emerging technologies. The new bureau and special envoy will address issues such as cyber threats, digital freedom, and surveillance risks, and will coordinate with the U.S.’s allies to establish international standards on emerging technologies.
Continue Reading State Department Makes Cybersecurity a Priority
As we stand at the beginning of 2021 and a new presidential administration, we look back on the year behind us. Hindsight is always 2020, and 2020 may be best viewed in hindsight. We saw rapid changes in the privacy space, prompted in part by the global COVID-19 response. Infrastructure and services across multiple sectors continue to rely on data and digital platforms to function. Five prominent developments shaped the data privacy environment in 2020.
Continue Reading Privacy Year in Review: 2020’s Hottest Topics
On October 1, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) published an advisory to alert companies on potential sanctions risks related to ransomware payments (the “Advisory”).[1] While ransomware attacks, by design, create business critical problems requiring swift attention and remediation, the Advisory cautions that victims of ransomware attacks, and ransomware-related services providers, must balance such considerations against the risk of sanctions liability.
Continue Reading Between a Rock and a Hard Place: OFAC Issues Advisory on Ransomware Payments