Home > Insights > Blogs > Cybersecurity Bits and Bytes > "cybersecurity"

Cybersecurity Bits and Bytes

Cybersecurity Bits and Bytes

(By accessing, browsing or using the pages below, you agree to the Blog Conditions of Use/Disclaimer available under "Links.")


New CCPA regulations announced shortly before new Attorney General named

Elizabeth Casale March 31, 2021

Former California Attorney General Xavier Becerra recently announced new regulations under the CCPA to “prohibit companies from burdening consumers with confusing language or unnecessary steps such as forcing them to click through multiple screens or listen to reasons why they shouldn’t opt out.” READ MORE

California Privacy Rights Act passes

Elizabeth Casale November 6, 2020
California state capital building and California flag

California Proposition 24, the California Privacy Rights and Enforcement Act, passed on November 3, 2020. The CPRA amends and supplements some of the key provisions in California’s existing consumer privacy law, the California Consumer Privacy Act. READ MORE

Office of Administrative Law approves final CCPA regulations


On August 14, California Attorney General Xavier Becerra announced that the Office of Administrative Law had approved the regulations for the CCPA and filed the regulations with the California Secretary of State. The regulations take effect immediately. READ MORE

CJEU invalidates EU-US Privacy Shield

Illustration of cybersecurity for the EU

The Court of Justice of the European Union has invalidated Decision 2016/1250, which found that the EU-US Privacy Shield – a primary mechanism used by US companies to transfer personal data from the EU to the US – provided adequate protections for personal data. READ MORE

California Attorney General submits final CCPA regulations for review

California state capital building and California flag

On June 1, California Attorney General Xavier Becerra submitted final CCPA regulations for review by the Office of Administrative Law. The final regulations are substantively the same as the second modified regulations that the AG released back in March, but the timing of the release creates new questions. READ MORE

Clearview AI class-action may further test CCPA’s private right of action

A security camera outside on a pole

A class-action lawsuit against facial-recognition company Clearview AI alleges they unlawfully scraped biometric data from other websites and sold the resulting data to other entities. The case tests yet another provision of the CCPA relating to the law’s private right to action. READ MORE

Class-action case against Ring may test CCPA’s private right of action

A finger about to push the button on a doorbell video camera

A class-action lawsuit against Ring LLC alleging the plaintiffs’ rights to privacy were violated includes a cause of action under the CCPA, alleging plaintiffs were entitled to a CCPA notice informing them what information Ring was collecting and how it would be used. The case may lead to what could be the first judicial interpretation of the CCPA’s private right of action. READ MORE

California Attorney General releases modifications to proposed CCPA regulations

Luke Sosnicki James Shreve February 12, 2020

On February 7, California’s Attorney General released modified proposed regulations implementing the California Consumer Privacy Act. Many of the revisions can be reasonably interpreted to lessen the burden on businesses attempting to comply with the CCPA. READ MORE

Supreme Court denies cert for BIPA standing case, facilitating $550M settlement

Cybersecurity_default blog

The Supreme Court’s denial of Facebook’s petition for certiorari regarding standing and class certification issues in a suit under Illinois’ BIPA portends some similarly large privacy settlements in the coming years. Given BIPA’s broad scope, companies should familiarize themselves with the statute and consider their risks. READ MORE

Proposed federal privacy bills exceed even California’s CCPA requirements in some respects

Luke Sosnicki James Shreve December 23, 2019
U.S. capitol dome

Two recent online privacy bills introduced in the U.S. Senate highlight some of the key privacy and data security issues that Congress may tackle next year. While they share much in common, key differences between the two include whether a federal bill would be privately-actionable and if it preempts state laws. READ MORE

What businesses need to know about the Attorney General’s proposed CCPA regulations

Luke Sosnicki James Shreve October 14, 2019
Illustration of man using shield to protect computer

On October 10, 2019, California’s Attorney General released its long-awaited draft regulations explaining how the state intends to enforce the requirements of the California Consumer Privacy Act. The regulations leave much to the best judgment of businesses that will be doing their best to comply and are in response to questions raised during the comment-gathering process. READ MORE

California ballot initiative would further strengthen the state’s consumer privacy laws

Illustration of a computer with a lock and chain around it

Before the CCPA has even gone into effect, privacy advocates have already introduced new legislation further tightening California’s consumer laws. The vast majority of the new initiative would impose additional requirements on companies that want to do business with California consumers. READ MORE

Examining the six amendments to the CCPA awaiting Governor Newsom’s signature

California state capital and state flag

Although the California Consumer Privacy Act will be effective in only a few short months, key amendments are still awaiting the Governor’s signature. Some of the amendments make exemptions from the CCPA, while others provide clarification of the Act’s terms. READ MORE

BIPA litigation offers no legislative reprieve to employers – yet

finger typing on keyboard

With no imminent legislative action curtailing the rush of BIPA litigation since Rosenbach v. Six Flags, it is critical that employers have the appropriate policies and procedures in place to comply with BIPA. This includes compliance requirements and best practices to avoid statutory penalties. READ MORE

‘Aggrieved Persons’ can bring suit under Biometric Information Privacy Act


The Illinois Supreme Court has decided individuals need not allege injury other than a violation of their rights to bring suit under the Illinois Biometric Information Privacy Act, leaving the door open for future individual suits and class actions. READ MORE

Pennsylvania Supreme Court provides new route for data security breach plaintiffs

Cybersecurity locks and data

A recent decision from the Supreme Court of Pennsylvania in Dittman v. UPMC may signal a significant change in fortunes for plaintiffs in data breach cases. Anyone storing or collecting data should be aware of the potential increase in security breach litigation in an employer/employee context. READ MORE

The potential cybersecurity crisis hiding in plain sight — at home

James Shreve December 19, 2018
Worker using computer at home

As more employees work remotely from home, the risk of a cyber breach stemming from a home network is increasing. With the immense repercussions of a breach at risk, companies should augment their cyber protection and breach response plans to include protections for home networks. READ MORE

NIST announces collaborative privacy framework initiative

James Shreve September 11, 2018
Cybersecurity_default blog

The framework is significant for several reasons and is intended to help organizations manage the data privacy risks they are now exposed to more than ever thanks to new technologies. READ MORE

SEC announces new interpretive guidance in cybersecurity

Jennifer Post March 8, 2018

In a February 21 Release, the U.S. Securities and Exchange Commission (SEC) announced new interpretive guidance for public companies regarding cybersecurity risk and incident disclosures. The new guidance (which expands on the 2011 statement from the SEC’s Division of Corporate Finance, which identified the cybersecurity risk—and consequence—disclosure obligations for public companies) introduces two new areas of focus which had not previously been addressed by the SEC. READ MORE

Beware this years’ taxpayer refund scams and data breaches: 8 steps recommended by the IRS

March 2, 2018
auditor reviewing financial documents with magnifying glass

The IRS is warning the public about the emerging scams this tax season, which includes cyber-attacks targeting tax preparers and businesses. The statement includes the steps to take if you or your clients' tax data or financial information has been compromised. READ MORE

4 ways to manage cybersecurity risks in business and transactions

Jennifer Post November 14, 2017
Cybersecurity_default blog

Addressing and managing operational cybersecurity risks is important not only to lessen the risks and fallout of a cyber-attack but also to demonstrate that your company has taken appropriate steps and implemented necessary procedures to protect itself and its financial or strategic partners. READ MORE

3 things your school should know about Missouri State Auditor’s emphasis of cybersecurity

June 23, 2017

Schools should take notice of the Missouri Auditors’ recommendations and carefully consider those recommendations when looking at their own cybersecurity programs. READ MORE

Executive order presents three-pronged approach to improving U.S. cybersecurity

May 26, 2017

The May 11 Executive Order is a strong effort toward upgrading and addressing the United States’ cybersecurity capabilities. But it remains to be seen what sort of commitment the efforts identified will receive from Congress, private enterprises, and the rest of the government. READ MORE

New Mexico comes late to data breach party, requires promptness

March 23, 2017
data protection

One of only a few states without its own data breach notification law, New Mexico is about to join the ranks of 47 states with such laws. HB15, awaiting the governor's signature, requires an expedient 45-calendar-day notification window. READ MORE

Is breach mitigation the next wave of cybersecurity regulation?

February 9, 2017
data privacy

More and more, regulators are focusing their rulemaking power not just on how a company responds (or doesn’t respond) to a data breach, but the steps it took far in advance to prevent or mitigate such a breach. READ MORE

FINRA fines again target financial firms for failure to follow regs

January 4, 2017
Cybersecurity_default blog

FINRA has sent a clear message to member firms that it is very serious about enforcing its cybersecurity regulations. Requirements to protect personal information as well as to preserve necessary evidence are not being taken lightly by FINRA. READ MORE

NIST and FAIR develop tool to merge cybersecurity risk standards

August 12, 2016

A set of joint resources from NIST and FAIR can help cybersecurity professionals to both prioritize risks in their organization and allocate security resources to the most critical areas of exposure. READ MORE

Can 3D printing technology be stolen by sound recorders?

August 2, 2016
3D Printer - Hand

There is little question that 3D printing is an important part of technology and manufacturing development. But a recent study may raise some concern over the security of that technology in an unexpected way. READ MORE

What you need to know about the new EU-U.S. data transfer pact

July 14, 2016
US EU flags

The U.S. and EU have negotiated a new pact that would allow for U.S. companies to collect and store personally identifying information about EU citizens and to protect those citizens’ privacy pursuant to EU standards. So what are the requirements of this new Privacy Shield and what do they mean for U.S. companies doing business with European customers? READ MORE