Security Breach

Maryland Amends Data Breach and Reasonable Security Requirements

July 5, 2022 By Kim Peretti, Kate Hanniford and Lance Taubin

Maryland recently passed House Bill 962, amending Maryland’s Personal Information Protection Act (PIPA) (Md. Code Ann. Comm. Law 14-3504). As summarized below, House Bill 962 amends certain aspects of PIPA relating to breach notification and maintaining reasonable security measures to protect personal information. The bill becomes effective October 1, 2022. Reasonable Security: Beginning October 1, […]

EDPB Issues Draft Guidelines on the Calculation of Administrative Fines

May 19, 2022 By Yung Shin Van Der Sype and Paul Greaves

On May 16, 2022, the European Data Protection Board (‘EDPB’) published draft regulatory guidelines (‘draft guidance’) on the calculation of administrative fines for infringements of the EU General Data Protection Regulation (‘GDPR’). In the draft guidance, the EDPB sets out its methodology, consisting of five steps, for calculating administrative fines. The EDPB adopted these guidelines […]

CISA Issues Statement on Log4j Critical Vulnerability

December 13, 2021 By Kim Peretti and Jon Knight

Log4j is a java-based tool from Apache’s open source library used for parsing logs that never seems to have made headlines before this past weekend. Now, following the December 9th public announcement of a vulnerability in this tool, public and private sector security partners are issuing warnings about this “critical vulnerability.” While the full scope […]

The Cybersecurity Incident Reporting Requirements Fail in the Latest Version of the National Defense Authorization Act

December 9, 2021 By Kim Peretti and Lance Taubin

On December 7, 2021, the House of Representatives passed the National Defense Authorization Act for Fiscal Year 2022 (NDAA), which notably excluded any cybersecurity incident reporting requirements. In September, the House approved a previous version of the bill that included a mandatory breach notification provision that would have required the Department of Homeland Security’s Cybersecurity […]

Federal Bank Regulatory Agencies Release Final Rule to Require Notification of Cyber Incidents

November 22, 2021 By Kate Hanniford and Kristen Bartolotta

On November 18, 2021, the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, and the Federal Deposit Insurance Corporation jointly announced the approval of a final rule to improve the sharing of information about cyber incidents that may affect the U.S. banking system. The rule applies to […]