In early March, the New York Department of Financial Services (NYDFS) announced a settlement involving a $1.5M penalty and mandatory remediation in response to a mortgage lender’s alleged failure to report a cyber breach, and other alleged cybersecurity failures. This enforcement action marks the second public enforcement action under 23 NYCRR Part 500 (the “Cybersecurity […]
Regulation
President Biden Issues Executive Order on America’s Supply Chains
On February 24, 2021, President Biden announced a new Executive Order on America’s Supply Chains. The Order provides for two key initiatives, including a 100-day review of the supply chains for certain vital products and a long-term review of supply chains in six different sectors of the U.S. economy, including the information and communications technology […]
European Commission Adopts Draft UK Adequacy Decision
On February 19, 2021, the European Commission adopted a draft ‘adequacy decision’ in favor of the UK. The adoption of the draft adequacy decision marks the first step in ensuring the continued free flow of personal data from EEA countries to the UK under the EU GDPR. Once (and if) the final adequacy decision is […]
Fifth Circuit Decision Raises Cyber Enforcement Complications for the U.S. Department of Health and Human Services
As the Biden administration begins detailing its regulatory and enforcement priorities, it faces a new challenge on the health data privacy and security front. In University of Texas M.D. Anderson Cancer Center v. United States Department of Health and Human Services, No. 19-60226 (5th Cir. 2021), the Fifth Circuit vacated a $4.3 million penalty against […]
California AG Proposes Regulatory Changes to CCPA
Today, the California Attorney General’s office provided “Notice of Fourth Set of Modifications” to regulations under the California Consumer Privacy Act. The new proposed regulatory text would modify the current regulations which took effect in August. The latest proposal responds to comments on a prior draft and primarily addresses the presentation of the right to […]