Your business was hit with a ransomware attack over the weekend, and the critical systems are locked up (i.e., encrypted). To unlock those valuable systems and continue operating the business, the threat actor demands financial payment. After much debate, you and your team decide the business needs to meet the threat actor’s demands

Exemption Extensions Failed. On August 31, California’s legislature ended its 2022 session without adopting legislation to extend the California Consumer Privacy Act (CCPA) employee and business-to-business (B2B) personal information exemptions. In the absence of a special legislative session, these exemptions will expire on January 1, 2023.

History of the Exemptions. Under the current exemptions, covered

On August 11, the Consumer Financial Protection Bureau (CFPB) published a circular, answering the question “Can entities violate the prohibition on unfair acts or practices in the Consumer Financial Protection Act (CFPA) when they have insufficient data protection or information security?” with a resounding “yes.” Specifically, the CFPB pointed to three practices — inadequate authorization,

On July 29, New York State’s Department of Financial Services (NYDFS) released draft amendments (Draft Amendments) to its Part 500 Cybersecurity Regulation for financial service companies that, among others things: (1) contain significant changes regarding ransomware; (2) propose a new class comprising larger entities, which will be subject to increased obligations for their cybersecurity programs;

An amendment to the National Defense Authorization Act passed by the House in July would create a “systemically important entity” designation, applying new regulations and offering priority aid to certain critical infrastructure companies. But the American Bankers Association and Bank Policy Institute say the amendment as applied to financial institutions would duplicate existing regulations under

A recent decision out of the Northern District of Illinois should help banks defend against increasingly common claims involving fraudulent wire transfers. In Trivedi v. Bank of America, et al., the district court granted the defendant banks’ motions to dismiss, holding that the plaintiff’s common law claims were preempted by the Illinois Uniform Commercial

On May 9, Clearview AI (Clearview) and the American Civil Liberties Union (ACLU) reached a settlement whereby Clearview agreed to a nationwide injunction blocking many private entities, and some public entities, from accessing its database of face prints. The settlement highlights the force of the Illinois Biometric Information Privacy Act (BIPA) and demonstrates how state

Thursday, May 26 • 12:00 – 1:00 p.m. ET

California was the first state to enact a comprehensive state privacy bill with the California Consumer Privacy Act of 2018 (CCPA). Although the CCPA went into effect on January 1, 2020, it was significantly overhauled during California’s November 2020 General Election, when the California Privacy Rights

On May 3, Judge Grimm of the U.S. District Court for the District of Maryland issued a class certification decision in a consumer data breach multidistrict litigation case against an international hotel and resort management company, becoming one of the few district courts to certify Rule 23(b)(3) classes in this type of case. The litigation