2021 proved to be a momentous year for privacy and data security law. The scourge of ransomware continued last year, leading to record-setting ransomware payments, a muscular response from the federal government, a hardening insurance market, and significant corporate anxiety.
Latest from CyberAdviser
Federal Financial Regulators Tighten Timelines for Reporting Ransomware Attacks
As anticipated, the Department of the Treasury’s Office of the Comptroller of the Currency (“OCC”), the Board of Governors of the Federal Reserve System (“Federal Reserve”), and the Federal Deposit Insurance Corporation (“FDIC”) recently approved and released the Final Rule
FTC Strengthens GLBA Financial Safeguards and Privacy Rules
On October 27, the Federal Trade Commission (FTC) announced a final rule (Final Rule) and supplemental notice of proposed rulemaking (NPRM) to amend the Safeguards Rule promulgated under the Gramm-Leach-Bliley Act (GLBA), which requires covered financial institutions to implement certain
California Passes Suite of New Privacy Laws
California continues to be at the vanguard of privacy protection. On October 11, 2021 California’s Governor Newsom signed several bills addressing privacy and data security. These new laws go into effect January 1, 2022 and include:
- AB 335, which adds
HHS Clarifies Applicability of HIPAA Privacy Rule to COVID-19 Vaccination Status Requests
The U.S. Department of Health and Human Services (HHS) released guidance to address how the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule applies to various entities’ requests for information related to an individual’s COVID-19 vaccination status.
HHS emphasized
FTC Guidance Affirms Breach Notification Obligations for Health Apps and Connected Devices
On September 15, 2021, the Federal Trade Commission (“FTC”) issued a policy statement affirming the applicability of its Health Breach Notification Rule (the “Rule”), 16 CFR Part 318, to health apps and connected devices that are not subject to the
OFAC Targets Virtual Currency Exchange for Allegedly Facilitating Ransomware Attack
OFAC Updates Advisory on Enforcement Risks Relating to Agreeing to Pay Ransomware
First Post in a Two-Part Series on Recent OFAC Designations
On September 21, 2021 OFAC issued its first sanctions designation against a virtual currency exchange by designating the
President Biden nominates Alvaro Bedoya to serve as FTC Commissioner
On Monday, the White House announced the nomination of Alvaro Bedoya to serve as FTC Commissioner. Mr. Bedoya is slated to fill the seat on the Commission currently held by Rohit Chopra, which Mr. Chopra will vacate upon his confirmation
Federal Court Holds that Cloud Service Provider is Subject to CMIA
On August 12, 2021, the United States District Court for the District of South Carolina issued an opinion denying in part and granting in part a motion by Blackbaud to dismiss seven statutory claims brought by plaintiffs in a multidistrict
OCR’s HIPAA Resolution Agreements: the Year Thus Far
The Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) has continued its enforcement of HIPAA’s privacy and security rules in the new administration, announcing a number of settlements of alleged violations in the