Data Privacy & Cybersecurity

In a Halloween-eve move sure to send shivers down the spines of every public company’s CISO, on Oct. 30, the SEC filed a securities fraud complaint targeting SolarWinds’ CISO in the wake of their major December 2020 data security incident. The SEC alleges SolarWinds and its CISO committed securities fraud in connection with multiple public

In this episode of Legal Food Talk, host Justin Prochnow welcomes colleague Tyler Thompson from GT’s Data Privacy and Cybersecurity team to discuss the responsibilities of companies to protect data. Tyler breaks down the overall regulation of data collection and the web of different state laws and regulations, making it more difficult for companies to

On Oct. 18, 2023, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued two resources for health care providers and patients regarding the potential risks of using telehealth services. Although HIPAA does not require regulated entities to educate patients about these risks, OCR published these guidance documents to assist

In September 2021, Quebec’s Parliament passed Law 25 (formerly Bill 64), which significantly overhauled the Act Respecting the Protection of Personal Information in the Private Sector. Law 25 imposes several new obligations on enterprises who do business in Quebec, which obligations have periodically gone into effect since the enactment of Law 25.

Click here for

On July 26, 2023, the Securities and Exchange Commission (SEC) adopted the long-awaited final rule requiring that public companies disclose information about cybersecurity incidents within four business days of determining the incident is material. GT wrote about the proposed rule shortly after it was released in March 2022. For context, Commissioner Caroline Crenshaw noted, in

Greenberg Traurig Expands its Data Privacy & Cybersecurity Practice in the Chicago office with the addition of Reena R. Bajowala as shareholder. Bajowala joins from Ice Miller, where she was a partner and chair of the Data Security & Privacy practice.

Bajowala has deep experience with data security, information technology, and privacy law issues from

On May 10, 2023, the National Institutes of Standards and Technology (NIST) released Revision 3 to its foundational publication, 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. The publication provides guidelines for protecting sensitive unclassified information in contractor systems, and these guidelines establish the baseline cybersecurity requirements for federal defense contractors. 

Brazil’s Data Protection Agency clarifies what sanctions look like for violations of the country’s General Data Protection Law.[1]

On Feb. 27, 2023, Brazil’s Data Protection Agency (ANPD) issued the Regulation of Dosimetry and Application of Administrative Sanction (Regulation), which details fines and other sanctions for violations of Brazil’s General Data Protection Law (LGPD) by

  1. An Increase in Extortion-Only Cyber Attacks – While ransomware attacks have been on the rise since 2020, a recent trend has emerged where threat actors are bypassing ransomware malware and encryption tactics and going straight to data theft. If a victim company does not pay the extortion demand, the threat actors engage in increasingly aggressive