Preserving the Confidentiality of Cybersecurity Forensic Reports

Your company’s computer network has been breached and confidential customer data stolen. Not surprisingly, this results in a lawsuit filed against you by down-the-line victims; read, customers whose personal information found its way into the wrong hands.

In response to the breach, you did all the right things, including hiring experts to investigate and provide a forensic report. But to your dismay, that report—which includes some rather sensitive and potentially damaging information—has become subject of discovery in the litigation. What are you to do? (Read More)

For Cyber and Data Security, Companies Are Only as Strong as Their Weakest Links 

Cybercrime is on the rise and continues to come in all shapes and sizes. Late last month, it was discovered that hackers gained access to the underlying blockchain that powers Axie Infinity, a very popular NFT-based online video game, and stole the equivalent of $625 million in cryptocurrency. The breach represents the second biggest hack in crypto history. (Read More)

Utah Joins the Privacy Law Bandwagon

Utah has enacted a privacy law, after its House and Senate unanimously passed the Utah Consumer Privacy Act. Governor Spencer Cox signed the legislation, which means Utah joins California, Colorado and Virginia as the only states in the nation that have given the nod to comprehensive privacy statutes. (Read More)

Cybersecurity on Its Mind: SEC to Require Cyber-Related Reporting and Disclosures

Last week, the U.S. Securities and Exchange Commission announced a proposed rule that, if adopted, will compel public companies to disclose their governance, risk management and strategy with respect to cybersecurity risks. In addition, these entities would have to report any material cybersecurity incidents. (Read More)

Companies with Loyalty Programs in the Crosshairs for CCPA Compliance Investigations

California’s Attorney General has put businesses operating loyalty programs in the state on notice that they may be subject to investigation. AG Rob Bonta has done so by sending notices to several companies alleging noncompliance with the California Consumer Privacy Act (CCPA)—a law that requires businesses offering discounts, free items or other rewards to provide consumers with a notice of financial incentive when these offers are made in exchange for personal information. (Read More)

Hackers to the Rescue: An Overview of Bug Bounties

For far too many companies worldwide, computer hacks are an inevitability. Indeed, some experts place the statistical probability of a data breach at around 30%, which means potentially devastating trouble is lurking for nearly one in three businesses, both domestically and overseas. And when cybercriminals do infiltrate corporate computer systems, the resulting price tag can be substantial—recent estimates suggest that, on average, each breach costs companies in excess of $3 million.

The good news is that organizations in the private and public sector have at their disposal an arsenal of tools to combat cybercrime. Among them are so-called bug bounty programs, a lesser known but increasingly used method of identifying and fixing network vulnerabilities. (Read More)

Facebook, LDU Mode, and the CCPA: What Businesses Need to Know ASAP

At the beginning of July, Facebook quietly implemented a Limited Data Use (LDU) mode for their advertising products (including the PageView pixel). Under this mode—which is enabled by default for the month of July—a business customer can determine whether Facebook is restricted in how it processes user personal information when a user visits its page. Of note, if LDU mode is turned on and Facebook determines that a user is located in California (either because the business affirmatively represents this as true or Facebook’s geolocation tools believe the user to be in the state), Facebook will act like a “service provider” under the California Consumer Privacy Act (CCPA) and only use the data collected for limited purposes. That being said, Facebook provides severely restricted functionality to its business customers when LDU mode is enabled. (Read More)

Invalidation of EU-US Privacy Shield Leaves Businesses Scrambling

It is déjà vu all over again for companies that transfer personal data on European residents to the United States. This month, the European Court of Justice (ECJ) invalidated the EU-US Privacy Shield framework, leaving businesses with one less option to accomplish EU-US transfers of personal information. That being said, those interested can rest assured that not all is lost. (Read More)

CCPA Enforcement Date Fast Approaching Regardless of COVID-19

By virtue of the COVID-19 pandemic and unrest now gripping our nation, the California Consumer Privacy Act (CCPA) may not be top of mind for those doing business in the Golden State. But it should, as the privacy law’s July 1 enforcement deadline is almost upon us.

Earlier this year, several industry groups petitioned California’s Attorney General to move the deadline to January 1, 2021, in light of the coronavirus and its impact upon businesses nationwide. However, in an April press release, the Attorney General’s office refused to do so, stating that online privacy remained a priority, especially with the increases in people working remotely or homeschooling children. As such, there is no indication that enforcement of the CCPA will be delayed. (Read More)

A Mixed Bag At Best: The Attorney General's Proposed CCPA Regulations

The long wait is over. The Attorney General of California has finally issued his proposed regulations on the California Consumer Privacy Act (CCPA), and for privacy professionals, it feels like Christmas morning. The sense of anticipation in unwrapping the regs has been visceral—are they akin to that bright and shiny toy we’ve been yearning for, or more like underwear and socks from Aunt Bernice? At first blush, they’re a little bit of both.