On September 27, 2023, The U.S. National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Japanese National Police Agency (NPA), and the Japanese National … [Read more] about CISA Releases Advisory Concerning Chinese-Backed Threat Actor
New York Attorney General Letitia James recently announced two agreements related to data breaches with entities that operate in the education industry. In both instances the entities paid the ransom and received evidence of deletion of the stolen … [Read more] about New York Continues to Focus on Companies’ Data Security Practices
On August 28, 2023, the California Privacy Protection Agency (the “Agency”) released two sets of draft regulations under the California Consumer Privacy Act (the “CCPA”), one for risk assessments and another for cybersecurity audits, as part of the … [Read more] about California Privacy Protection Agency Releases Draft Regulations on Risk Assessments
On September 1, 2023, the U.S. District Court for the Eastern District of Pennsylvania unsealed a qui tam False Claims Act (“FCA”) lawsuit (originally filed on October 5, 2022) alleging Penn State University failed to provide “adequate security” for … [Read more] about Penn State University Hit With False Claims Act Suit for Alleged Cyber Security Deficiencies
On 21 September 2023, the UK Government adopted the Data Protection (Adequacy) Regulations 2023, also referred to as the “UK-U.S. Data Bridge”. The UK-U.S. Data Bridge will allow companies to legitimately transfer personal data from the UK to the … [Read more] about UK Government Makes a Bridge to The EU-U.S. Data Privacy Framework