Alston & Bird Privacy, Cyber & Data Strategy Blog

Cybersecurity

OFAC Ransomware Advisory Warns Companies of Potential Civil Liability

By and

Yesterday, October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued its “Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments.” The advisory begins with the observation that “ransomware attacks have become more focused, sophisticated, costly, and numerous,” citing certain FBI statistics, before making clear what was already well […]

SEC Focused on Protecting Customer Accounts from Credential Stuffing Attacks

By

OCIE has released a risk alert regarding credential stuffing in the context of compliance with Regulation S-P and Regulation S-ID, and is encouraging firms to both (i) review and update their policies and procedures to address the risks associated with credential stuffing and (ii) consider proactive outreach to customers regarding measures taken to safeguard their […]

California Mandates COVID Exposure and Outbreak Reporting to Employees, Government Agencies

By and

On Thursday, September 17, 2020, California Governor Gavin Newsom signed Assembly Bill 685 (“AB685”) into law.  AB685 amends a number of portions of California’s Labor Code to address the COVID-19 pandemic.  In addition to provisions that regulate reopening activities at California worksites, AB685 introduces two new COVID-related notification obligations for California employers: (1) a requirement […]

Brazil’s General Data Protection Law: A Comparison Between Brazil’s Newly Effective Law and the GDPR

By

Brazil’s General Data Protection Law (the “LGPD”), a law similar to the European Union’s General Data Protection Regulation (the “GDPR”) is now effective.  On April 29 of this year, Brazil’s President issued Provisional Measure 959 that, amongst other things, postponed the effective date of the LGPD, which was originally set to be effective August 2020, […]