On April 14, 2021, the United States Department of Labor (DOL) announced new cybersecurity guidance (the Guidance) for pension plan sponsors, plan fiduciaries, record keepers and plan participants, that outlines best practices for maintaining cybersecurity.
DOL Releases Cybersecurity Guidance and Best Practices for Pension Plan Sponsors, Fiduciaries and Participants
U.S. Issues New Economic Sanctions Against Russia For Alleged Involvement in Government Hacking Activity
As a result of recent nefarious activity, President Joe Biden and the United States on April 15 announced official economic and financial sanctions against the Russian government and other intelligence services acting against U.S. sovereignty and business interests.
2020 saw further development of comprehensive privacy protections in the United States. The consumer data protection and cybersecurity landscape continued to evolve as individual states enacted new legislation and revised already existing statutes, aimed at further protecting consumers’ personal information and data.
Draft Presidential Executive Order Would Require Software Vendors and Service Providers to Disclose Cybersecurity Breaches to Federal Customers
The Biden Administration is close to signing an Executive Order (EO) that will create a federal requirement for vendors who sell their products and/or services to government customers to, among other things, disclose any cybersecurity breach to those government customers.
On March 15, California Attorney General Xavier Becerra announced additional regulations relating to the “sale” of consumers’ personal information as defined under the California Consumer Privacy Act.
On March 2, 2021, Microsoft announced an active zero-day exploitation by a state-sponsored threat actor group of four vulnerabilities present on 2010, 2013, 2016 and 2019 on-premises Exchange servers.
The landscape of damages is continually evolving in data privacy and security litigation. The conventional wisdom used to be that the resulting loss from a data breach was different than that sustained in traditional torts.
As the nation grappled with a global pandemic, the consumer data protection and cybersecurity landscape continued to evolve in 2020. Although multiple states introduced and passed comprehensive privacy laws, the federal government declined to pass similar legislation at the national level. However, various federal departments and agencies did publish guidance, alerts and advisories for dealing with or preventing cybersecurity threats such as ransomware attacks, especially as the world moved online during the COVID-19 pandemic.
On February 4, 2021, New York State’s Department of Financial Services (DFS) issued a seven-part “Cyber Insurance Risk Framework” (the Framework) urging insurance companies to develop a “rigorous” and “data driven approach” to insuring cybersecurity risks.
UPDATE 3/3/21: On March 2, 2021, Virginia Governor Ralph Northam signed into law the Virginia Consumer Data Protection Act (CDPA). […]