On August 24, 2022, California Attorney General Rob Bonta announced a $1.2 million dollar settlement with Sephora to account for alleged violations of the California Consumer Privacy Act (CCPA). This is the first CCPA enforcement action taken by the California AG that has resulted in a fine and settlement. The Attorney General’s Complaint alleged Sephora […]
Board Governance & Cyber Risk Management
FTC Issues Advance Notice of Proposed Rulemaking on Commercial Surveillance and Data Security
On August 22, 2022, the Federal Trade Commission (FTC) published its advance notice of proposed rulemaking (ANPR) to request public comment on commercial surveillance and data security practices. The ANPR comes at the same time as Congress is considering the federal American Data Privacy and Protection Act (ADPPA). The FTC seeks public comment on a […]
Recent Exploits of Blockchain Bridges Highlight Need for Cybersecurity in Crypto and Risk of Liability
According to recent media reports there have been several instances of blockchain bridges being hacked this year, including reports on August 2 that a bridge lost close to $200 million to upwards of 40 hackers who exploited a bug in its protocol, and reports in June that another bridge lost $100 million from hackers allegedly […]
Germany’s Cyber Threat Landscape – Top 3 Lessons from the BKA Situation Report
Germany boasts one of the world’s largest, most sophisticated, and international economies. Companies doing business in Germany are thus an increasingly relevant target for cyberattacks. Germany‘s Federal Criminal Police Office (Bundeskriminalamt or BKA) is the federal law enforcement agency charged with investigating cybercrime, and for coordinating federal-state cooperation in cybercrime matters. The BKA recently published […]
SEC Settles Enforcement Actions with Broker-Dealers and Investment Advisors for Identity Protection Deficiencies
On July 27, 2022, the Securities and Exchange Commission (SEC) separately settled three enforcement actions with broker-dealers and investment advisers for alleged deficiencies relating to the prevention of customer identity theft, in violation of the SEC’s Identity Theft Red Flags Rule, or Regulation S-ID. Regulation S-ID requires registered financial institutions, broker dealers, and investment advisers […]