Saturday, October 16, 2021

Subscribers Only

Free

OFAC Imposes Sanctions on Crypto Exchange Over Ransomware Payments, Warns Businesses on Sanction Risks

On September 21, 2021, the Department of the Treasury announced that it would enforce sanctions laws against cryptocurrency exchanges that facilitate ransomware payments, as part of its larger effort to combat the rising tide of ransomware. For the first time, Treasury’s Office of Foreign Assets Control has imposed sanctions on a virtual currency exchange, SUEX […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

OFAC Makes Waves in Fight Against Ransomware, but Practical Effects Unclear

On September 21, 2021, the U.S. Department of the Treasury announced two major actions by the Office of Foreign Asset Control to combat ransomware: the release of its Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, and the first-ever sanctioning of a cryptocurrency exchange for transacting with ransomware gangs. The Updated Advisory sends […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Hold the Punitive Damages: Connecticut is Latest to Incentivize Implementing Cybersecurity Frameworks

Connecticut’s new cybersecurity standards law, which went into effect on October 1, protects companies from punitive damages in certain data breach actions, when they have a cybersecurity program that conforms with an enumerated “industry recognized cybersecurity framework” or one of three federal legal frameworks. An Act Incentivizing the Adoption of Cybersecurity Standards for Businesses creates […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

UPDATE: New Connecticut Breach Notification Requirements and Cybersecurity Safe Harbor Are Now in Effect

On October 1, 2021, Connecticut’s two new data security laws become effective. As we previously reported, the new laws modify Connecticut’s existing breach notification requirements and establish a safe harbor from certain Connecticut Superior Court assessed damages for businesses that create and maintain a written cybersecurity program. With the breach law amendments, Connecticut joins a […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Connecticut Tightens its Data Breach Notification Laws

Effective October 1, 2021, an amendment[1] to the Connecticut General Statute concerning data privacy breaches, Section 36a-701b, will impact notification obligations in several significant ways. The amendment: Expands the definition of “personal information”; Shortens the notification deadline after discovery of a breach from 90 to 60 days; Removes the requirement to consult with law enforcement […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

U.S. Senate Considers Mandating 24-Hour Reporting Requirement for Ransom Payments

On September 28, 2021, the U.S. Senate Homeland Security and Governmental Affairs Committee released a draft bill that would, among other things, require nearly...

DHS Issues Cybersecurity Guidance for Critical Infrastructure Firms

DHS has issued preliminary Critical Infrastructure Control Systems Cybersecurity Performance Goals and Objectives, as directed by the Biden Administration’s July national security memorandum. The memo described the initiative as “a voluntary, collaborative effort between the Federal Government and the critical infrastructure community to significantly improve the cybersecurity of these critical systems.” The preliminary goals identify […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

FTC Reinforces Breach Notification Duties for Health Apps and Connected Health and Wellness Devices

A new Policy Statement from the Federal Trade Commission places companies that offer consumer-facing health apps and connected health and wellness devices on notice that they may be covered by a Health Breach Notification Rule that has been around for more than a decade. The rule was issued under the American Recovery and Reinvestment Act […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Do You Have a Risk-Based Sanctions Compliance Program?: In the Event of a Ransomware...

In the wake of increased ransomware attacks over the course of the last several months, the Office of Foreign Assets Control has updated a guidance it released last year on potential sanction risks if facilitating ransomware payments. As indicated in the original guidance, OFAC has designated several threat actors as “malicious cyber attackers,” including the […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

FTC Issues Reminder on the Breach Notification Requirements by Health Apps and Other Connected...

On Sept. 15, the Federal Trade Commission issued a policy statement emphasizing that developers of health apps and other connected devices and their service providers must meet breach notification requirements under the Health Breach Notification Rule, including a rapid 10-day notice period to the FTC and a 60-day notice period to individuals and the media. […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.