Data Security

Financial Regulatory Agencies Announce Proposed Rule Requiring Notice of Computer Security Incidents

January 12, 2021 By Kim Peretti

On December 18, 2020, federal financial regulatory agencies jointly announced a proposed rule that would impose new and expanded reporting requirements on supervised banking organizations that experience a “computer-security incident,” requiring notice within 36 hours of any computer-security incident that rises to the level of a “notification incident.” In a significant departure from current reporting […]

SolarWinds Hack: Unparalleled Supply Chain Attack Results in Potential Compromise of Private and Public Sector Organizations

December 17, 2020 By Kim Peretti and Privacy, Cyber & Data Strategy Team

On Sunday, December 13, 2020, SolarWinds announced that it had learned of a “highly sophisticated, manual supply chain attack” by a nation state affecting its Orion Platform, which is used by a wide variety of public and private sector organizations for IT infrastructure monitoring and management. In this attack, adversaries were able to compromise the […]

Alston & Bird Analyzes New California Privacy Rights Act in Client Alert

November 4, 2020 By Privacy, Cyber & Data Strategy Team

Yesterday, California voters approved a ballot initiative containing the California Privacy Rights Act of 2020. The ballot initiative significantly revises the existing California Consumer Privacy Act to create arguably the most comprehensive state privacy law in the United States. Alston & Bird has now issued a client alert explaining key impacts of this law. The […]

State Financial Regulators Issue Ransomware Mitigation Tool

October 16, 2020 By Kim Peretti and Alysa Austin

On October 13, 2020, state financial regulators in partnership with the Bankers Electronic Crimes Taskforce and the U.S. Secret Service, released the Ransomware Self-Assessment Tool (R-SAT) to help financial institutions mitigate the risks of ransomware. The R-SAT is a detailed questionnaire designed to evaluate the effectiveness of an institution’s general security controls as well as […]

FinCEN Alerts Financial Institutions on Role in Facilitating Ransomware Attacks

October 2, 2020 By Alysa Austin and Privacy, Cyber & Data Strategy Team

With an increase in the frequency, sophistication, and cost of ransomware attacks, the Financial Crimes Enforcement Network (FinCEN) issued an advisory on October 1, 2020 alerting financial institutions to ransomware trends and typologies, and related financial red flags, that may result in a regulatory obligation to report and share information related to ransomware attacks. Based […]