In this article, we discuss today’s most prevalent types of ransomware attacks, considerations for whether to make the ransom payment, the Financial Crimes Enforcement Network (FinCEN) and Treasury’s Office of Foreign Asset Control’s (OFAC) ransomware guidance, and the U.S. government’s efforts in connection with these attacks.
On May 19, 2022, the Department of Justice announced it would not charge good-faith hackers who expose weaknesses in computer systems with violating the Computer Fraud and Abuse Act (CFAA or Act), 18 U.S.C. § 1030. Congress enacted the CFAA in 1986 to promote computer privacy and cybersecurity and amended the Act several times, most
As part of a larger spending bill signed by President Biden on March 15, 2022, Congress passed the Cyber Incident Reporting for Critical Infrastructure Act (CIRA) to increase funding for the federal Cybersecurity and Critical Infrastructure Agency (CISA). CIRA requires companies considered to be in a “critical infrastructure” sector to notify CISA within 72 hours
Continuing its focus on cybersecurity, on March 9, 2022, in a party-line vote, the SEC proposed rules and amendments governing cybersecurity reporting requirements for public companies subject to the Securities Exchange Act of 1934.
The California Consumer Privacy Act (CCPA) provides plaintiffs with a private right of action to pursue statutory damages following data security breaches that impact certain sensitive categories of personal information and are caused by a business’s failure to institute reasonable and appropriate security. Although the CCPA does not permit private suits with respect to alleged
On Feb. 25, 2022, one of the top 10 ransomware threat actor groups, Conti, issued a statement announcing its “full support” of the Russian government and threatening “to use all our possible resources to strike back at critical infrastructures of an enemy” who “organize[s] a cyberattack or any war activities” against Russia. Conti followed up
The long-awaited UK data transfer mechanism has been published by the Information Commissioner’s Office (ICO), resolving the question of how international transfers of personal data from the UK will be handled post-Brexit. As a refresher, the European Commission published four new versions of the EU standard contractual clauses (SCCs) in June 2021. However, these new
On Feb. 9, 2022, the SEC released its long-awaited proposed cybersecurity rule, and there’s a lot to unpack. As GT reported previously, the SEC increased enforcement of cybersecurity compliance in 2021. As recently as Jan. 24, 2022, Chair Gary Gensler made cybersecurity the focus of his speech at Northwestern Law School’s Securities Regulation
It depends on the purpose for which a TIA is created. It is unlikely that the attorney-client privilege would apply to a TIA that is created, and used, to satisfy the requirements of the Standard Contractual Clauses (SCCs).
The attorney-client privilege in the United States refers to a judicially recognized ability for a client to
The California attorney general (AG) celebrated data privacy day by doing an “investigative sweep” of the loyalty programs of retailers, supermarkets, home improvement stores, travel companies, and food service companies, and sending out notices of non-compliance to businesses that the AG’s office believes might not be fully compliant with the CCPA. As the