Privacy & Cyber Regulatory Enforcement

Article: White Paper on Clarifying Definitions in the Protecting Americans’ Data from Foreign Adversaries Act of 2024

June 12, 2024 By Daniel Felz and Santi Villar

Peter Swire, Senior Counsel at Alston & Bird, has published a white paper at the Cross-Border Data Forum (“CBDF”), analyzing the definitions in the Protecting Americans’ Data from Foreign Adversaries Act of 2024 (“PADFAA”), which was passed on April 24, 2024 and will take effect on June 23, 2024. The white paper discusses some ambiguities […]

Data Breach Notification Requirements under the Safeguards Rule Now in Effect

June 11, 2024 By Daniel Felz and Dorian Simmons

For years, the Gramm-Leach-Bliley Act (GLBA) has required financial institutions to maintain reasonable safeguards for consumer data, but has only had limited breach-reporting requirements. To the extent financial institutions were subject to breach-reporting obligations, these were set by non-GLBA legislation, such as state law, or by relatively narrow incident-reporting rules under Interagency Guidelines overseen by […]

Tennessee Law Designed to Combat Deepfakes Set to Take Effect in July

June 10, 2024 By Kim Peretti and Andrew Rice

On July 1, 2024, the Tennessee Ensuring Likeness, Voice, and Image Security Act of 2024 (“ELVIS Act” or “the Act”) will go into effect, bolstering the limitations on the unauthorized commercial use of an individual’s voice. The Act, which amends the Tennessee Personal Rights Protection Act of 1984, was enacted in response to the growing […]

SEC Corporation Finance Director Clarifies that Form 8-K Item 1.05 Disclosures Should be Limited to “Material” Cybersecurity Incidents

May 22, 2024 By Cara Peterman, Sierra Shear and Lance Taubin

On May 22, 2024, the Director of the Division of Corporation Finance (“Corp Fin”) of the Securities and Exchange Commission (“SEC”) issued further guidance regarding disclosure of cybersecurity incidents on Form 8-K. The statement builds upon and provides additional clarity to companies seeking to comply with the SEC’s 2023 cybersecurity rules, which require public […]

LockBit Takedown Indicates Shifting DOJ Cyber Strategy and Has Implications for Ransomware Victims

May 15, 2024 By Kim Peretti, Seol Namgoong and Colton Jackson

On May 7, 2024, the United States unsealed an indictment against Dmitry Yuryevich Khoroshev, one of the leaders of the Russian-based ransomware group LockBit, for his alleged involvement in developing and distributing the LockBit ransomware. According to the indictment, Khoroshev performed both administrative and operational roles for the cybercrime group, including upgrading the LockBit infrastructure, […]