Category: Privacy

It’s Finally Final… But Wait, There’s More: Fall 2020 California Privacy Update

Share

Businesses nationwide finally have clarity on their compliance obligations under the California Consumer Privacy Act (CCPA), as the landmark privacy law’s implementing regulations were finalized in August after a few last changes worth noting, and the Governor just signed two important CCPA amendments. With enforcement underway, business leaders should continue to focus on compliance — while also monitoring the progress of the California Privacy Rights and Enforcement Act, a 2020 ballot initiative that could soon become the next sweeping privacy law.

For the full alert, visit the Faegre Drinker website.

Dunkin’ Brands, Inc. Agrees to Pay $650,000 to Settle 2019 Data Breach Lawsuit Brought by the New York Attorney General’s Office

Share

On September 15, 2020, the New York Attorney General’s Office (NYAG) announced a settlement with Dunkin’ Brands, Inc. (Dunkin) in connection with a September 2019 lawsuit brought by the NYAG against Dunkin for alleged failures to adequately respond to cyberattacks that impacted approximately 300,000 customers. The proposed settlement—which still must be approved by the court—requires Dunkin to, among other things, notify customers impacted by the attacks, maintain specific cybersecurity procedures to prevent future cyberattacks, and pay $650,000 in penalties.

Continue reading “Dunkin’ Brands, Inc. Agrees to Pay $650,000 to Settle 2019 Data Breach Lawsuit Brought by the New York Attorney General’s Office”

Disruption IV: The New Threat Disruptionware Poses to the American Energy Sector

Share

Over the past few months, I have written about the threat first identified by the Institute for Critical Infrastructure Technology (ICIT) called disruptionware. We have previously described what disruptionware is, how it works, and outlined some of the defenses that can be used to defend against a multitude of disruptionware attacks. Many may have thought the immediate notifications of the threat posed by this new concept of disruptionware had been adequately made public and sufficiently identified. Unfortunately, disruptionware continues to impact new sectors.

According to ICIT, disruptionware is an evolving category of malware designed to “suspend operations within the victim organization through the compromise of the availability, integrity and confidentiality of the data, systems, and networks belonging to the target.” Recently, ICIT identified a new threat from disruptionware that will likely have a seriously adverse effect on the American energy sector. ICIT goes so far as to refer to disruptionware in the context of an attack on the U.S. energy grid as a “weapon of mass destruction.”

Continue reading “Disruption IV: The New Threat Disruptionware Poses to the American Energy Sector”

As CCPA Pressure Heats Up, Here’s What Should Be on Your Summer To-Do List

Share

Despite the business disruptions brought on by the novel coronavirus, enforcement of the California Consumer Privacy Act (CCPA) is still set to begin on July 1. With that key date just around the corner and companies facing a new slate of COVID-19-related privacy issues, we cover the high-level action items California businesses should address to help get their compliance programs up to speed.

For the full alert, visit the Faegre Drinker website.

Disruptionware III: Protect Your Business from a Disruptionware Cyber Attack

Share

In the first blog in this series, we defined “Disruptionware” and showed how it was growing as a threat to many types of industries throughout the country and the world. The threat was especially noticeable within the healthcare industry and for government institutions. In our second blog, we talked about the different types of tools and attack matrixes that Disruptionware uses to cripple and/or damage unsuspecting businesses and how destructive those attacks can be. This third and final discussion will delineate what businesses can do to defend themselves against a Disruptionware attack and what cyber defenses are at their disposal to alleviate the damages caused by this new and dangerous attack medium.

Continue reading “Disruptionware III: Protect Your Business from a Disruptionware Cyber Attack”

COVID-19 Consumer Data Protection Act of 2020 Seeks to Regulate Collection, Use of Geolocation, Personal Health Information

Share

Contact tracing is recognized by health systems and governments as an effective method to identify individuals an infected person may have exposed to disease in order to notify those individuals and take action to prevent further spread of illness. Traditionally, the accuracy of contact tracing has been dependent upon an individual’s memory of (and willingness to disclose) where they have been and with whom they have been in contact in order to track down other people who may have been infected. Connected devices with geolocation capabilities allow for digital tracking of individuals, but also carries significant privacy issues.

Continue reading “COVID-19 Consumer Data Protection Act of 2020 Seeks to Regulate Collection, Use of Geolocation, Personal Health Information”

©2024 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy