On January 13, Him Das, the acting head of the Financial Crimes Enforcement Network (FinCEN), highlighted ransomware as a chief national security risk. At the Financial Crimes Enforcement Conference, Das suggested that the current anti-money laundering regulations are insufficient to protect against tech-driven threats, from cyberattacks to digital asset schemes. FinCEN therefore is currently
Q. Does the Workers’ Compensation Act bar a claim for damages under Illinois’ Biometric Privacy Act (BIPA)?
A. The Illinois Supreme Court recently issued an opinion, finding that the Workers’ Compensation Act does not bar a claim for damages under BIPA.
As a refresher, BIPA regulates the collection, use, safeguarding, and storage of
On January 20, President Biden signed a memorandum aimed at improving the cybersecurity of the National Security, Department of Defense, and Intelligence Community Systems (together, the “National Security Systems).
A National Security System (NSS) is an information system used or operated by an agency or on its behalf, the function, operation, or use of which
Ruling on several motions to dismiss on January 14, the U.S. District Court for the Eastern District of Virginia denied an effort to dismiss Courthouse News Service’s (CNS) First Amendment challenge to Virginia’s restrictions on public access to electronic court records. This clears the way for the lawsuit to proceed on the merits. Although this
On January 10, the Federal Trade Commission’s final rule, amending the Standards for Safeguarding Customer Information (Safeguards Rule) under the Gramm-Leach-Bliley Act (GLBA), became effective. We wrote about the final rule when it first published in October 2021 (see here). As a practical matter, the amendments will likely require many financial institutions to
Q. My company uses dash-cams to monitor driver conduct, but the company is not located in Illinois. Do I still have to comply with the Biometric Information Privacy Act?
A. Yes, as long as the company has drivers who are Illinois residents, you must comply with BIPA. The good news, however, is that as long
Introduction
On November 18, federal banking agencies[1] issued the long-awaited final rule,[2] establishing data security incident response notification requirements for “banking organizations” and “bank service providers” (terms defined below). Included in this rule is a headline-grabbing 36-hour regulatory notification requirement for banking organizations. This final rule is set to take effect on April
Entities that collect Wisconsin residents’ personal information and are licensed, registered, or authorized (licensee) with the Office of the Commissioner of Insurance (commissioner) will have to abide by a new data security law (Wisconsin’s Insurance Data Security Law), which came into force on November 1. This bill had previously been introduced in the 2019-2020 legislative
Data breaches and ransomware attacks are on the rise. On October 7, Oregon Attorney General Rosenblum announced an increase in data breaches reported to his office. The first nine months of 2021 involved 131 reported breaches, exceeding the 2020 total of 110. Financial Crimes Enforcement Network (FinCEN) also announced an increase in ransomware-related activities in the U.S. earlier this year. The first half of 2021 saw $590 million reported ransomware activities, exceeding the 2020 total of $416 million.
The California Privacy Protection Agency (CPPA) is the first state privacy agency in the nation and was created as part of the California Privacy Rights Act (CPRA). While this agency has already been formed, it will not begin enforcement activities until July 1, 2023 (six months after the CPRA takes effect).
The agency’s mandate includes