Cyber

Recently, negligence claims in a putative class action brought against a cloud software provider survived a motion to dismiss in the U.S. District Court for the District of South Carolina because the judge held that the consumers pled they were owed a duty of protection. The Plaintiffs asserted claims for a putative class of third […]

On Monday, November 8, 2021, the Bureau of Industry and Security (BIS) of the US Department of Commerce announced its first enforcement case against a company,...

In the wake of the Colonial Pipeline attack, developers of energy projects which rely on pipelines to deliver products (from traditional oil to renewable natural gas) find themselves exposed to the new risk of ransomware attacks – a risk which security technology is still struggling to address. In the meantime, energy project stakeholders (from financing […]

CMMC 2.0 follows an interim Defense Federal Acquisition Regulation Supplement (DFARS) rule released on 29 September 2020, which planned for all defense contracts to incorporate the robust requirements of CMMC 1.0 by FY 2026 (see our summary of the previous CMMC 1.0 framework here). After reviewing comments on the interim rule from industry and other stakeholders, […]

CMMC 2.0 significantly reduces assessment costs for all companies at Level 1 and a subset of companies at Level 2. While costs have reduced, the risk of noncompliance is still the same – loss of government contracts or worse, a False Claims Act penalty. The updated framework also allows companies to receive contract awards with […]

The Department of Defense recently announced several changes to its Cybersecurity Maturity Model Certification program. The program applies to those who serve as contractors and suppliers to the DOD. As described in our sister blog, the new version of the program – “CMMC 2.0” – has several important differences from the original program. CMMC 2.0 is anticipated to […]

In a recent article, Faegre Drinker summarizes the judgment handed down in Lloyd v Google LLC [2021] UKSC 50 by the Supreme Court on November 10, 2021. This case is  potentially one of the most significant and anticipated data privacy judgments to date. Key Takeaways A representative action may be brought for claims of breach […]

On November 14, 2021, the U.S. Department of the Treasury announced a bilateral cybersecurity partnership with the Israeli Ministry of Finance “to protect critical financial infrastructure and emerging technologies” and combat the use of ransomware. The initiative includes the launch of a U.S.-Israeli Task Force on Fintech Innovation and Cybersecurity (the “Task Force”), which seeks to advance […]

On November 25, 2021, the Council of the European Union reached an agreement on the draft Digital Services Act (“DSA”) (see here and here) and the Digital Markets Act (“DMA”) (see here) bringing them one step closer to adoption.  The European Parliament will discuss the drafts on December 9 and plans to announce its first […]

On November 18, 2021, the US federal banking regulators Office of the Comptroller of the Currency, Federal Reserve Board, and Federal Deposit Insurance Corporation...