Observers have been awaiting decisions in a number of cybersecurity and privacy securities fraud class actions with potentially important implications for corporate liability. Over the last several weeks, critical developments emerged in two such cases: the defendants’ motion to dismiss was granted in part and denied in part in In re Zoom Securities Litigation, and […]
Data Security
White House Releases Recommendations to Protect Against Potential Cyberattacks
The potential for malicious cyber activity has been a concern for the Biden administration throughout the evolving crisis in Ukraine (including the imposition of sanctions against Russia). In response to the concern, the Biden administration, which is now facing “evolving intelligence that Russia may be exploring options for potential cyberattacks,” has released recommendations for companies […]
Senate Passes Significant Cyber Bill Requiring Cyber Incident Reporting
The Strengthening American Cybersecurity Act of 2022, a bill that narrowly failed to become law last year, was passed in the Senate on Tuesday, March 1 as a package of cybersecurity measures that would require operators of critical infrastructure and federal civilian agencies to report cyber incidents to the Department of Homeland Security’s Cybersecurity and […]
Incomplete Cybersecurity Compliance Disclosures May Support Fraud Claim Under the False Claims Act, Federal Court Holds
At the heels of a recent Civil Cyber-Fraud Initiative related to cybersecurity practices and the False Claims Act (FCA), a cybersecurity-related FCA case has survived a motion for summary judgment, teeing up a trial to determine if the defendants’ cybersecurity compliance disclosures were materially incomplete and if any misstatements were knowingly made. On February 1, […]
EDPB Issues New Guidance for Assessing Personal Data Breaches under the EU GDPR
On Monday, 3 January 2022, the European Data Protection Board (“EDPB”) published the finalized version of its regulatory guidance entitled “Examples regarding Personal Data Breach Notification” (the “Guidelines”), following a public consultation on a draft set of guidelines in 2021. The finalized Guidelines are a practice-oriented, and case-based set of examples that leverage the experiences […]