This month, the Illinois Department of Insurance issued guidance to insurers recommending assessments in response to a Microsoft Exchange vulnerability, detailed in the guidance. In the Bulletin dated May 5, the Department encourages regulated entities to “assess the risk to their systems and consumers and take steps necessary to address vulnerabilities and customer impact.” The […]
Privacy & Cyber Regulatory Enforcement
Executive Order Details Cybersecurity Changes For Public And Private Sector
In a lengthy Executive Order issued on May 12, 2021 (the “Order”), the Biden Administration has taken steps “to make bold changes and significant investments” in both public and private sector cybersecurity “in order to defend the vital institutions that underpin the American way of life.” The full scope of the Order remains to be […]
Swire Report Addresses EU Data Localization Comments, Portuguese Order Restricting U.S. Data Flow
In November, the European Data Protection Board (EDPB) issued draft guidance regarding transfers of personal data from the European Union. That guidance has prompted nearly 200 comments from companies, trade groups, and interested observers. Senior Counsel Peter Swire, along with co-author DeBrae Kennedy-Mayo, has now published a report reviewing these comments through the Cross Border […]
NYDFS Issues Report on the SolarWinds Attack and Covered Entities’ Responses
Following the SolarWinds cyber espionage attack (the “Attack”) and the resulting focus on supply chain risk, the New York Department of Financial Services (NYDFS) has issued a report detailing the impact on and responses by its regulated covered entities to the Attack. Although there have been no reported instances of active exploitation of DFS-regulated companies […]
Russia Sanctioned For Role In SolarWinds Supply Chain Attack
On April 15, 2021, the Biden Administration took a significant step in announcing sanctions against the Russian Government and private Russian entities for multiple internationally-destabilizing activities, including the Russian Foreign Intelligence Service’s (SVR) supply chain attack of the SolarWinds Orion platform and other technology infrastructures. In addition to the sanctions, the Administration also provided practical […]