Data Security

Financial Regulatory Agencies Announce Proposed Rule Requiring Notice of Computer Security Incidents

January 12, 2021 By Kimberly Peretti, Emily Poole and Michael Young

On December 18, 2020, federal financial regulatory agencies jointly announced a proposed rule that would impose new and expanded reporting requirements on supervised banking organizations that experience a “computer-security incident,” requiring notice within 36 hours of any computer-security incident that rises to the level of a “notification incident.” In a significant departure from current reporting […]

SolarWinds Hack: Unparalleled Supply Chain Attack Results in Potential Compromise of Private and Public Sector Organizations

December 17, 2020 By Emily Poole and Kimberly Peretti

On Sunday, December 13, 2020, SolarWinds announced that it had learned of a “highly sophisticated, manual supply chain attack” by a nation state affecting its Orion Platform, which is used by a wide variety of public and private sector organizations for IT infrastructure monitoring and management. In this attack, adversaries were able to compromise the […]

Alston & Bird Analyzes New California Privacy Rights Act in Client Alert

November 4, 2020 By Michael Young

Yesterday, California voters approved a ballot initiative containing the California Privacy Rights Act of 2020. The ballot initiative significantly revises the existing California Consumer Privacy Act to create arguably the most comprehensive state privacy law in the United States. Alston & Bird has now issued a client alert explaining key impacts of this law. The […]

State Financial Regulators Issue Ransomware Mitigation Tool

October 16, 2020 By Kimberly Peretti, Amy Mushahwar and Alysa Austin

On October 13, 2020, state financial regulators in partnership with the Bankers Electronic Crimes Taskforce and the U.S. Secret Service, released the Ransomware Self-Assessment Tool (R-SAT) to help financial institutions mitigate the risks of ransomware. The R-SAT is a detailed questionnaire designed to evaluate the effectiveness of an institution’s general security controls as well as […]

FinCEN Alerts Financial Institutions on Role in Facilitating Ransomware Attacks

October 2, 2020 By Larry Sommerfeld and Alysa Austin

With an increase in the frequency, sophistication, and cost of ransomware attacks, the Financial Crimes Enforcement Network (FinCEN) issued an advisory on October 1, 2020 alerting financial institutions to ransomware trends and typologies, and related financial red flags, that may result in a regulatory obligation to report and share information related to ransomware attacks. Based […]