Both houses of Virginia’s legislature recently passed the Virginia Consumer Data Protection Act (S.B. 1392; H.B. 2307) (the “VCDPA”). If approved by the state governor, the VCDPA would become the United States’ second comprehensive state privacy law behind the California Consumer Privacy Act (CCPA). The VCDPA is similar to the CCPA and the European Union’s […]
Data Security
New Law Requires HHS to Consider Recognized Security Practices as Mitigating Factor When Determining Penalties
On January 5, 2021, the president signed into law H.R. 7898, an Act that amends the Health Information Technology for Economic and Clinical Health (HITECH) Act to require the Secretary of Health and Human Services (HHS) to consider specific recognized security practices of covered entities and business associates when making certain determinations regarding fines, penalties, […]
Financial Regulatory Agencies Announce Proposed Rule Requiring Notice of Computer Security Incidents
On December 18, 2020, federal financial regulatory agencies jointly announced a proposed rule that would impose new and expanded reporting requirements on supervised banking organizations that experience a “computer-security incident,” requiring notice within 36 hours of any computer-security incident that rises to the level of a “notification incident.” In a significant departure from current reporting […]
SolarWinds Hack: Unparalleled Supply Chain Attack Results in Potential Compromise of Private and Public Sector Organizations
On Sunday, December 13, 2020, SolarWinds announced that it had learned of a “highly sophisticated, manual supply chain attack” by a nation state affecting its Orion Platform, which is used by a wide variety of public and private sector organizations for IT infrastructure monitoring and management. In this attack, adversaries were able to compromise the […]
Alston & Bird Analyzes New California Privacy Rights Act in Client Alert
Yesterday, California voters approved a ballot initiative containing the California Privacy Rights Act of 2020. The ballot initiative significantly revises the existing California Consumer Privacy Act to create arguably the most comprehensive state privacy law in the United States. Alston & Bird has now issued a client alert explaining key impacts of this law. The […]