On Oct. 27, 2023, the Federal Trade Commission (FTC) amended its Standards for Safeguarding Customer Information (the Safeguards Rule), promulgated under the Gramm-Leach-Bliley Act (GLBA), to require financial institutions to provide notice to the FTC of data breaches that impact more than 500 consumers (the Amendment). This comes after the FTC’s major update to the
David A. Zetoony, co-chair of global law firm Greenberg Traurig, LLP’s U.S. Data Privacy & Cybersecurity Practice, has been named a top “Legal Influencer” in the field of Technology, Media and Telecommunications (TMT) – Europe by Lexology. TMT includes compliance with European data privacy and security laws, including those that regulate
In a Halloween-eve move sure to send shivers down the spines of every public company’s CISO, on Oct. 30, the SEC filed a securities fraud complaint targeting SolarWinds’ CISO in the wake of their major December 2020 data security incident. The SEC alleges SolarWinds and its CISO committed securities fraud in connection with multiple public
In this episode of Legal Food Talk, host Justin Prochnow welcomes colleague Tyler Thompson from GT’s Data Privacy and Cybersecurity team to discuss the responsibilities of companies to protect data. Tyler breaks down the overall regulation of data collection and the web of different state laws and regulations, making it more difficult for companies to
On Oct. 18, 2023, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued two resources for health care providers and patients regarding the potential risks of using telehealth services. Although HIPAA does not require regulated entities to educate patients about these risks, OCR published these guidance documents to assist
Jena M. Valdetero, co-chair of Greenberg Traurig’s U.S. Data Privacy and Cybersecurity Practice, participated in an Internet Law & Policy Foundry podcast episode titled “Cyberlaw and Incident Response with Jena Valdetero.”
In September 2021, Quebec’s Parliament passed Law 25 (formerly Bill 64), which significantly overhauled the Act Respecting the Protection of Personal Information in the Private Sector. Law 25 imposes several new obligations on enterprises who do business in Quebec, which obligations have periodically gone into effect since the enactment of Law 25.
On July 26, 2023, the Securities and Exchange Commission (SEC) adopted the long-awaited final rule requiring that public companies disclose information about cybersecurity incidents within four business days of determining the incident is material. GT wrote about the proposed rule shortly after it was released in March 2022. For context, Commissioner Caroline Crenshaw noted, in
Greenberg Traurig Expands its Data Privacy & Cybersecurity Practice in the Chicago office with the addition of Reena R. Bajowala as shareholder. Bajowala joins from Ice Miller, where she was a partner and chair of the Data Security & Privacy practice.
Bajowala has deep experience with data security, information technology, and privacy law issues from
On May 10, 2023, the National Institutes of Standards and Technology (NIST) released Revision 3 to its foundational publication, 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. The publication provides guidelines for protecting sensitive unclassified information in contractor systems, and these guidelines establish the baseline cybersecurity requirements for federal defense contractors.