Both houses of Virginia’s legislature recently passed the Virginia Consumer Data Protection Act (S.B. 1392; H.B. 2307) (the “VCDPA”). If approved by the state governor, the VCDPA would become the United States’ second comprehensive state privacy law behind the California Consumer Privacy Act (CCPA). The VCDPA is similar to the CCPA and the European Union’s […]
Enforcement
U.S. Takes Part in Multinational Efforts to Disrupt Netwalker Ransomware and Emotet Malware
On January 27 and 28, 2021, the U.S. Department of Justice (DOJ) announced two successful operations to disrupt two different strains of malware, Netwalker ransomware and a banking Trojan known as Emotet, which have affected victims around the globe and caused millions of dollars in damage in recent years. The law enforcement actions against Netwalker and […]
New Law Requires HHS to Consider Recognized Security Practices as Mitigating Factor When Determining Penalties
On January 5, 2021, the president signed into law H.R. 7898, an Act that amends the Health Information Technology for Economic and Clinical Health (HITECH) Act to require the Secretary of Health and Human Services (HHS) to consider specific recognized security practices of covered entities and business associates when making certain determinations regarding fines, penalties, […]
Financial Regulatory Agencies Announce Proposed Rule Requiring Notice of Computer Security Incidents
On December 18, 2020, federal financial regulatory agencies jointly announced a proposed rule that would impose new and expanded reporting requirements on supervised banking organizations that experience a “computer-security incident,” requiring notice within 36 hours of any computer-security incident that rises to the level of a “notification incident.” In a significant departure from current reporting […]
California AG Proposes Regulatory Changes to CCPA
Today, the California Attorney General’s office provided “Notice of Fourth Set of Modifications” to regulations under the California Consumer Privacy Act. The new proposed regulatory text would modify the current regulations which took effect in August. The latest proposal responds to comments on a prior draft and primarily addresses the presentation of the right to […]