The end of March and beginning of April was another busy week with developments in Washington, Florida, Oklahoma, Alaska, Nevada, and Rhode Island: Washington – The House Committee on Appropriations passed the Washington Privacy Act out of committee. Oklahoma – The author of the Oklahoma Computer Data Privacy Act reported that the bill has been […]
The New York Department of Financial Services has announced its second regulatory enforcement action against a regulated entity (a New York licensed mortgage banker and loan servicer) for violating NYDFS’s Cybersecurity Regulations. The action involved the mortgage banker’s failure to report a data breach – a breach caused by an employee overriding the company’s multi-factor […]
Florida has joined the wave of states considering new comprehensive data privacy legislation. On February 15, 2021, Representative Fiona McFarland introduced HB 969, modeled after the California Consumer Privacy Act. The bill is supported by Governor Ron DeSantis and the speaker of the Florida House. As introduced, HB 969 would apply to for-profit businesses that […]
On March 11, 2021, Utah governor Spencer Cox signed the Cybersecurity Affirmative Defense Act, which creates affirmative defenses to certain causes of action arising out of a breach of system security. The Act provides three affirmative defenses: If a “person” (broadly defined to include individuals and most business organizations but not government agencies or departments) […]
Department of Commerce Convenes Virtual Forum on Supply Chain Risks in Semiconductor Manufacturing and...
The U.S. Department of Commerce’s Bureau of Industry and Security Office of Technology Evaluation will hold a virtual forum on April 8, 2021, to...
Crowell & Moring’s “Byte-Sized Q&A” podcast takes the complex world of government contracts cybersecurity and breaks it down into byte-sized pieces. In this episode, host Kate Growley talks about what government contractors need to know about controlled technical information or CTI. More at Crowell & Moring
On February 24, 2021, President Biden signed Executive Order 14017, “Executive Order on America’s Supply Chains,” requiring a review of global supply chains that support key U.S. industries in an attempt to improve supply chain security for the U.S. government and U.S. companies. The new Executive Order appears to be an initial step focused on […]
Senate Version of Florida Privacy Law Moves Forward; House Version Makes Class-Action Lawsuits Even...
The Florida Senate’s version of a new comprehensive privacy law (a.k.a. the “Florida Privacy Protection Act” (FPPA)) passed unscathed out of the Senate’s Committee on Commerce and Tourism yesterday. The bill’s sponsor fought off two proposed amendments: one that would have eliminated the private right of action and a second that would have required more […]
In enacting the Cybersecurity Affirmative Defense Act, HB80, (Act) on March 11, 2021, Utah became the second state in the U.S. to create affirmative defenses for “persons” to certain causes of action arising out of a breach of system security. “Persons” is defined to include individuals, associations, corporations, partnerships, and other business entities. The Act […]
In Gardiner v. Walmart, Inc., a Walmart customer who purchased goods online filed a putative class action alleging that Walmart’s cybersecurity procedures led to a purported unauthorized disclosure of his personal identifying information (PII). This purported “data breach” class action is unique in that the plaintiff cannot identify when and how the data breach occurred. Instead, the […]