Cyber

On September 21, 2021, the Department of the Treasury announced that it would enforce sanctions laws against cryptocurrency exchanges that facilitate ransomware payments, as part of its larger effort to combat the rising tide of ransomware. For the first time, Treasury’s Office of Foreign Assets Control has imposed sanctions on a virtual currency exchange, SUEX […]

On September 21, 2021, the U.S. Department of the Treasury announced two major actions by the Office of Foreign Asset Control to combat ransomware: the release of its Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, and the first-ever sanctioning of a cryptocurrency exchange for transacting with ransomware gangs. The Updated Advisory sends […]

Connecticut’s new cybersecurity standards law, which went into effect on October 1, protects companies from punitive damages in certain data breach actions, when they have a cybersecurity program that conforms with an enumerated “industry recognized cybersecurity framework” or one of three federal legal frameworks. An Act Incentivizing the Adoption of Cybersecurity Standards for Businesses creates […]

On October 1, 2021, Connecticut’s two new data security laws become effective. As we previously reported, the new laws modify Connecticut’s existing breach notification requirements and establish a safe harbor from certain Connecticut Superior Court assessed damages for businesses that create and maintain a written cybersecurity program. With the breach law amendments, Connecticut joins a […]

Effective October 1, 2021, an amendment[1] to the Connecticut General Statute concerning data privacy breaches, Section 36a-701b, will impact notification obligations in several significant ways. The amendment: Expands the definition of “personal information”; Shortens the notification deadline after discovery of a breach from 90 to 60 days; Removes the requirement to consult with law enforcement […]

On September 28, 2021, the U.S. Senate Homeland Security and Governmental Affairs Committee released a draft bill that would, among other things, require nearly...

DHS has issued preliminary Critical Infrastructure Control Systems Cybersecurity Performance Goals and Objectives, as directed by the Biden Administration’s July national security memorandum. The memo described the initiative as “a voluntary, collaborative effort between the Federal Government and the critical infrastructure community to significantly improve the cybersecurity of these critical systems.” The preliminary goals identify […]

A new Policy Statement from the Federal Trade Commission places companies that offer consumer-facing health apps and connected health and wellness devices on notice that they may be covered by a Health Breach Notification Rule that has been around for more than a decade. The rule was issued under the American Recovery and Reinvestment Act […]

In the wake of increased ransomware attacks over the course of the last several months, the Office of Foreign Assets Control has updated a guidance it released last year on potential sanction risks if facilitating ransomware payments. As indicated in the original guidance, OFAC has designated several threat actors as “malicious cyber attackers,” including the […]

On Sept. 15, the Federal Trade Commission issued a policy statement emphasizing that developers of health apps and other connected devices and their service providers must meet breach notification requirements under the Health Breach Notification Rule, including a rapid 10-day notice period to the FTC and a 60-day notice period to individuals and the media. […]