A federal judge has ruled that an investigative report of a data security breach is not covered by attorney-client and work product privilege, because it was not prepared for litigation purposes. Following a May 2019 malware attack exposing customer information, convenience store chain Rutter’s hired Kroll Cyber Security to do a forensic investigation to determine […]
On July 19, California’s recently appointed Attorney General, Rob Bonta, launched an interactive tool to aid consumers with drafting notices of noncompliance for businesses who fail to publish the “Do Not Sell My Personal Information” link required by the California Consumer Privacy Act. According to the AG, the consumer notice “may trigger” the 30-day cure […]
California AG Releases Important CCPA Enforcement Information and Announces an Online Consumer Reporting Tool
To note the one year anniversary of the California Consumer Privacy Act enforcement date, California Attorney General Rob Banta held a press conference to share key information about enforcement efforts and announce a new consumer privacy tool. There are two key takeaways from this announcement. First, it is important to note that the AG’s office […]
On July 10, 2021, the Cyberspace Administration of China, China’s top cyberspace regulator, published for public comment proposed amendments to existing Measures for Cybersecurity Review, which have been in effect since June 1, 2020. In this alert, Ropes & Gray focuses on the proposed changes, which could impact how foreign investors exit from their investments […]
U.S. Congress Introduces Bill That Would Require Mandatory 24-Hour Cyber Breach Notification for Government...
U.S. Senator Mark Warner (D-VA), chair of the Senate Intelligence Committee, and a broad group of bipartisan co-sponsors, introduced legislation that would require government...
The U.S. Transportation Security Administration (TSA) issued its second Security Directive to the pipeline industry on July 20, 2021, following the Colonial Pipeline cybersecurity incident. The first Directive on May 27, 2021, required pipeline owners and operators to notify CISA of cyber incidents, designate a cyber coordinator for the company, and review their cybersecurity program. […]
Three weeks after falling victim to a ransomware attack, software vendor Kaseya obtained a universal decryption key that can help its clients recover any locked data. It is unclear whether Kaseya paid a ransom for the key, but the ransomware gang had lowered its initial ransom request and then later disappeared from the internet and […]
Ryan Heidorn of Steel Root’s cybersecurity practice observes that – amid the sudden rise of cloud computing, remote work, and increasing cyberthreats – the zero-trust model of cybersecurity has become a ubiquitous topic. He argues that it offers an important tool, especially to defense contractors preparing for the CMMC. “For [these companies] – many of them […]
John Roman of The Bonadio Group debunks three myths about the DoD’s Cybersecurity Maturity Model Certification: Myth: DoD contractors can get ahead of the curve and be deemed in compliance with CMMC. Fact: There are no “official” certified assessors or assessor instructors at this time. Myth: A company that provides a CMMC gap assessment and […]
In a hearing of the Senate Environment and Public Works Committee, lawmakers discussed the inclusion of cybersecurity considerations in the Surface Transportation Reauthorization Act and the Drinking Water and Wastewater Infrastructure Act, in hopes of informing debate on a bipartisan infrastructure package. Majority Leader Chuck Schumer announced that these bills would – along with a […]