On November 8, 2024, the California Privacy Protection Agency (the “CPPA”) Board advanced to formal rulemaking the California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments, automated decisionmaking … [Read more] about CPPA Board Advances CCPA Regulations to Formal Rulemaking; Adopts New Data Broker Regulations
In early October 2025, several media outlets reported that United States telecommunications services had been infiltrated by state affiliated threat actors linked to the People’s Republic of China (“PRC”). These reports were followed by a joint press … [Read more] about Congressional Research Service Report Sheds Light on October Telecommunications Attack by PRC-Linked Threat Actor
The New York Department of Financial Services issued a cybersecurity advisory on November 1, 2024, regarding a growing threat posed by North Korean operatives seeking remote IT roles at U.S. companies. These operatives secure jobs at prominent … [Read more] about Combatting the New Insider Threat: North Korean IT Workers Posing as Remote Employees
On October 24, 2024, in a long-awaited decision in Vita v. New England Baptist Hospital, Massachusetts’ highest court snuffed out an attempt to use the state’s 1968 Wiretap Act to impose liability on a hospital system for its use of third-party … [Read more] about Massachusetts Top Court Torpedoes Website Analytics Wiretapping Class Action
On October 11, 2024, the Department of Defense (“DoD”) issued its Final Program Rule for the Cybersecurity Maturity Model Certification (“CMMC”) Program. The Final Rule is a signal to federal contractors to develop compliance programs pertaining to … [Read more] about Summary of Changes from DoD CMMC Proposed Rule to Final Rule