Information Governance and Risk Management

On October 7, 2022, President Biden signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities.  The order aims to address concerns expressed by the Court of Justice of the European Union (CJEU) in the Schrems II case, in which it ruled the E.U.-U.S. Privacy Shield inadequate as a cross-border transfer mechanism. 

The Department of Justice (“DOJ”), on behalf of the Federal Trade Commission (“FTC”), filed a complaint and motion for entry of a stipulated order with the Northern District of California, which would require Twitter to pay civil penalties and take other corrective actions for their violation of the FTC Act and a previous 2011 FTC

On December 20, 2021, The National Institute of Standards and Technology (NIST) released its draft interagency report 8403 on “Blockchain for Access Control Systems”.  As the report’s abstract states:

“Protecting system resources against unauthorized access is the primary objective of an access control system. As information systems rapidly evolve, the need for advanced access control

A new bill introduced by the Senate (S. 2666), the “Sanction and Stop Ransomware Act of 2021”, would require a strict 24-hour limit for reporting ransomware payments for businesses with more than 50 employees. The bipartisan bill, put forward by leaders of the Senate Homeland Security and Governmental Affairs Committee, also focuses on critical infrastructure,

Background

Yesterday, on September 22, 2021, the California Privacy Protection Agency (“CPPA”) — the new privacy regulatory agency created by the California Privacy Rights Act of 2020 (“CPRA” or “CCPA 2.0”) — issued an invitation for public comment on its proposed rulemaking.  Such comments “will assist the Agency in developing new regulations, determining whether

Background

On August 30, 2021, the Securities and Exchange Commission (SEC) sanctioned eight firms in three actions for cybersecurity failures in their policies and procedures that exposed the personal information of thousands of customers at each firm. These firms included: Cetera Advisor Networks LLC, Cetera Investment Services LLC, Cetera Financial Specialists LLC, Cetera Advisors LLC,

On May 12, 2021, President Biden issued an executive order to strengthen U.S. cybersecurity defenses. The order comes in the wake of the ransomware attack on Colonial Pipeline and numerous other cybersecurity attacks against the U.S. government and private companies over the past few years. The order proposes a wide array of changes to bolster

On March 17, 2021, Governor Gavin Newsome, Attorney General Xavier Becerra, Senate President pro tem Toni Atkins, and Assembly Speaker Anthony Rendon announced the members of the California Privacy Protection Agency (CPPA) the new administrative agency created by the California Privacy Rights Act (CPRA) charged with protecting consumer privacy rights overs personal information.

“Californians deserve

California Attorney General Issues Additional CCPA Regulations Advancing Consumer Protections

On March 15, 2021, the California Attorney General (“AG”) approved additional CCPA regulations to enhance consumer protections for opting out of the sale of information.  These regulations come after the third set of modifications was approved last October, and after the California Privacy Rights Act

As the nation closely watches the election results coming in, the majority of votes counted in California suggest that the California Privacy Rights Act of 2020 (“CPRA”, or commonly known as “CCPA 2.0”), is on track to pass.  Proposition 24 under the California General Election, as of the information available to us at the time