Saturday, July 31, 2021

Subscribers Only

Free

Retailer’s Investigative Report of Data Breach Subject to Discovery

A federal judge has ruled that an investigative report of a data security breach is not covered by attorney-client and work product privilege, because it was not prepared for litigation purposes. Following a May 2019 malware attack exposing customer information, convenience store chain Rutter’s hired Kroll Cyber Security to do a forensic investigation to determine […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

California AG Enlists Residents to Send CCPA Noncompliance Letters

On July 19, California’s recently appointed Attorney General, Rob Bonta, launched an interactive tool to aid consumers with drafting notices of noncompliance for businesses who fail to publish the “Do Not Sell My Personal Information” link required by the California Consumer Privacy Act. According to the AG, the consumer notice “may trigger” the 30-day cure […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

California AG Releases Important CCPA Enforcement Information and Announces an Online Consumer Reporting Tool

To note the one year anniversary of the California Consumer Privacy Act enforcement date, California Attorney General Rob Banta held a press conference to share key information about enforcement efforts and announce a new consumer privacy tool. There are two key takeaways from this announcement. First, it is important to note that the AG’s office […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

China Plans Cybersecurity Review for Tech Companies Listing Abroad

On July 10, 2021, the Cyberspace Administration of China, China’s top cyberspace regulator, published for public comment proposed amendments to existing Measures for Cybersecurity Review, which have been in effect since June 1, 2020. In this alert, Ropes & Gray focuses on the proposed changes, which could impact how foreign investors exit from their investments […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

U.S. Congress Introduces Bill That Would Require Mandatory 24-Hour Cyber Breach Notification for Government...

U.S. Senator Mark Warner (D-VA), chair of the Senate Intelligence Committee, and a broad group of bipartisan co-sponsors, introduced legislation that would require government...

Second Security Directive Issued by TSA to Pipeline Operators

The U.S. Transportation Security Administration (TSA) issued its second Security Directive to the pipeline industry on July 20, 2021, following the Colonial Pipeline cybersecurity incident. The first Directive on May 27, 2021, required pipeline owners and operators to notify CISA of cyber incidents, designate a cyber coordinator for the company, and review their cybersecurity program. […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Kaseya Obtains Decryption Tool

Three weeks after falling victim to a ransomware attack, software vendor Kaseya obtained a universal decryption key that can help its clients recover any locked data. It is unclear whether Kaseya paid a ransom for the key, but the ransomware gang had lowered its initial ransom request and then later disappeared from the internet and […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Zero-Trust Can be a Key to CMMC Compliance

Ryan Heidorn of Steel Root’s cybersecurity practice observes that – amid the sudden rise of cloud computing, remote work, and increasing cyberthreats – the zero-trust model of cybersecurity has become a ubiquitous topic. He argues that it offers an important tool, especially to defense contractors preparing for the CMMC. “For [these companies] – many of them […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Contractors Should be Aware of CMMC Myths

John Roman of The Bonadio Group debunks three myths about the DoD’s Cybersecurity Maturity Model Certification: Myth: DoD contractors can get ahead of the curve and be deemed in compliance with CMMC. Fact: There are no “official” certified assessors or assessor instructors at this time. Myth: A company that provides a CMMC gap assessment and […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Bill Would Strengthen Cybersecurity of Water Treatment Systems

In a hearing of the Senate Environment and Public Works Committee, lawmakers discussed the inclusion of cybersecurity considerations in the Surface Transportation Reauthorization Act and the Drinking Water and Wastewater Infrastructure Act, in hopes of informing debate on a bipartisan infrastructure package. Majority Leader Chuck Schumer announced that these bills would – along with a […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.