On October 8, 2021, President Biden signed the bipartisan K-12 Cybersecurity Act of 2021 (the “Act”) in response to K-12 educational institutions facing cyber-attacks across the United States. The types of cyber incidents targeting K-12 information systems include denial of
Continue Reading K-12 Cybersecurity Act: Federal Government Seeks to Improve Security for America’s Educational Institutions
In addition to ongoing privacy and security related issues, one of the hot spots for litigation has been the accessibility of websites. In this post, we will lay out the current legal landscape and what the ADA requires. We will
Continue Reading ADA Website Accessibility and Liability: Why Businesses Need to Develop a Strategy… Now.
On Nov. 4, the U.S. Department of Defense (DoD) announced that it is suspending the current iteration of the Cybersecurity Maturity Model Certification program (CMMC) in order to streamline the size and scope of required administrative, technical, and physical controls
Continue Reading See ya, CMMC. Hello, CMMC 2.0: DOD Announces Suspension of Current Information Security Certification Program
It is the end of an era: September 27, 2021, officially marks the termination date for the Standard Contractual Clauses (SCCs) grace period set forth by the European Commission (“Commission”). In June 2021, the Commission published two new sets of
Continue Reading Out with the Old and In with The New: European Commission’s New Standard Contractual Clauses Grace Period is Ending
As we anticipated in 2018, “So Goes California, So Goes the Country,” when it comes to U.S. privacy law. California broke new ground when it passed the California Consumer Privacy Act of 2018 (CCPA), now, the rest of the
Continue Reading Welcome to the Privacy Party, Ohio: State Legislature Proposes Comprehensive Data Privacy Legislation
In our blog post discussing Virginia’s Consumer Data Protection Act (“VCDPA”), we anticipated that more states would adopt their own omnibus data privacy laws – and Colorado is the latest state to do so. Last week, the governor of
Continue Reading Rocky Mountain High: Colorado Becomes Third State to Establish its own Data Privacy Law
With the recent shift to a remote or hybrid workplace and advancements in technology, there are increased privacy concerns for employee information as well as employer liability for data breaches. There are important legal concerns for employers to understand about
Continue Reading Webinar – Face the Facts: Getting Smart About Employee Privacy and Data Security
Over the 4th of July holiday weekend, an affiliate of the Russia-linked criminal syndicate known as REvil succeeded in executing the single largest global ransomware attack on record with over one million firms affected worldwide. As a result of the
Continue Reading It May Take a Village: What the REvil Holiday Attack Teaches Us About the Evolving Threat
In June, the U.S. Supreme Court resolved an important issue under the Federal Computer Fraud and Abuse Act (CFAA), which has been used by companies as they battle hackers, rogue employees, and terminated employees. The CFAA imposes criminal and civil
Continue Reading U.S. Supreme Court Narrows the Reach of the Computer Fraud and Abuse Act
The European Union’s (EU) General Data Protection Regulation (GDPR) sets out requirements for transferring personal data outside the European Economic Area. These requirements not only restrict the use and transfer of personal data, but also ensure that personal data is
Continue Reading Freezing the Cloud: Microsoft Takes a Hardline on Data Privacy in the EU
