Maryland recently passed House Bill 962, amending Maryland’s Personal Information Protection Act (PIPA) (Md. Code Ann. Comm. Law 14-3504). As summarized below, House Bill 962 amends certain aspects of PIPA relating to breach notification and maintaining reasonable security measures to protect personal information. The bill becomes effective October 1, 2022. Reasonable Security: Beginning October 1, […]
Data Breach
Recent Updates in Two Closely-Watched Cybersecurity and Privacy-Related Securities Fraud Class Actions
Observers have been awaiting decisions in a number of cybersecurity and privacy securities fraud class actions with potentially important implications for corporate liability. Over the last several weeks, critical developments emerged in two such cases: the defendants’ motion to dismiss was granted in part and denied in part in In re Zoom Securities Litigation, and […]
Senate Passes Significant Cyber Bill Requiring Cyber Incident Reporting
The Strengthening American Cybersecurity Act of 2022, a bill that narrowly failed to become law last year, was passed in the Senate on Tuesday, March 1 as a package of cybersecurity measures that would require operators of critical infrastructure and federal civilian agencies to report cyber incidents to the Department of Homeland Security’s Cybersecurity and […]
EDPB Issues New Guidance for Assessing Personal Data Breaches under the EU GDPR
On Monday, 3 January 2022, the European Data Protection Board (“EDPB”) published the finalized version of its regulatory guidance entitled “Examples regarding Personal Data Breach Notification” (the “Guidelines”), following a public consultation on a draft set of guidelines in 2021. The finalized Guidelines are a practice-oriented, and case-based set of examples that leverage the experiences […]
The Cybersecurity Incident Reporting Requirements Fail in the Latest Version of the National Defense Authorization Act
On December 7, 2021, the House of Representatives passed the National Defense Authorization Act for Fiscal Year 2022 (NDAA), which notably excluded any cybersecurity incident reporting requirements. In September, the House approved a previous version of the bill that included a mandatory breach notification provision that would have required the Department of Homeland Security’s Cybersecurity […]