The Securities and Exchange Commission has filed a Complaint against eight traders, one alleged hacker, and others, in connection with a previously disclosed cybersecurity attack that infiltrated the SEC’s EDGAR system in 2016. The Complaint brings claims for violations of federal securities and antifraud laws and unjust enrichment, and seeks injunctions against future securities law […]
Cybersecurity
HHS Releases New “Health Industry Cybersecurity Practices”
On December 28, 2018, the Department of Health and Human Services (HHS) issued new voluntary cybersecurity guidance for the health care industry titled, “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients.” This four-volume set of consensus-based principles and practices (the “HICP”) reflects the recommendations of the 405(d) Task Group, a HHS and industry-led collaborative […]
Michigan Enacts Insurance Data Security Model Law
Michigan enacted the Michigan Data Security Act on December 28, 2018, imposing stringent cybersecurity measures on any person (individual or corporate) licensed by the Michigan Department of Insurance and Financial Services. Based on the 2017 NAIC data security model law and nearly identical to the South Carolina Insurance Data Security Act, the Michigan statute will […]
FTC Publishes Report Regarding Privacy Workshop
In October 2018, the Federal Trade Commission (“FTC”) published a report that summarized discussions at a December 2017 workshop discussing the potential impact to consumers of privacy and security incidents. The purpose of the workshop was to explore whether government intervention in this arena is warranted under the enforcement authority granted to the FTC under […]
Are You Ready for Canada’s New Privacy Breach Rules?
Mandatory privacy breach notification, reporting and record-keeping obligations under Canada’s federal data protection law called the Personal Information Protection and Electronic Documents Act (PIPEDA) will come into force as of November 1, 2018. Earlier this year, the Canadian government published new privacy-related obligations under PIPEDA. PIPEDA applies to private-sector organizations and sets the ground rules […]