Critical Infrastructure Must Soon Report Cyber Incidents to CISA Immediately
In March, President Biden signed the “Cyber Incident Reporting for Critical Infrastructure Act” (CIRCIA) into law. CIRCIA applies to the Critical Infrastructure Sector, which includes entities that are “vital to the United States” and whose incapacitation or destruction would have an adverse effect on national
Introduction
On April 29, Aerojet Rocketdyne Holdings Inc. (Aerojet) settled claims by whistleblower Brain Markus for a reported $9 million after the second day of a jury trial.[1] This is the second recent settlement under the False Claims Act (FCA) relating to alleged misrepresentations about a company’s cybersecurity practices and systems in connection with
Creation of CyTech. On May 9, the National Association of Attorneys General (NAAG) announced the creation of the NAAG Center on Cyber and Technology (CyTech), joining a number of other centers focused upon key issues for state attorneys general and the public, including tobacco and public health, ethics and public integrity, and consumer protection.
Purpose:
On April 18, the Ninth Circuit issued its opinion in hiQ Labs, Inc. v. LinkedIn Corporation[1] in which the court clarified its position on an important topic: whether the common practice of data “web scraping” can create criminal liability under the Computer Fraud and Abuse Act (CFAA). To be clear, the Ninth Circuit was
On February 28, the U.S. Department of Justice (DOJ) agreed to a $930,000 settlement with Comprehensive Health Services (CHS) to resolve False Claims Act allegations. The resolution represents the department’s first settlement under the False Claims Act since instituting its Civil Cyber Fraud Initiative in October 2021.[1] This is a watershed moment in the
On July 1, the Consumer Financial Protection Bureau (CFPB or Bureau) released a FCRA Tenant Screening Enforcement Compliance Bulletin, outlining its enforcement focus areas as the country transitions to a post-pandemic rental market. The Bureau states that it “intends to look carefully at the accuracy and dispute-handling practices of [consumer reporting agencies “CRAs”] that
A federal court in Michigan recently ruled that out-of-state residents have standing to sue under the Michigan Personal Privacy Protection Act (PPPA). In Lin v. Crain Communications, Inc., Case No. 2:19-cv-11889 (E.D. Mich., June 25, 2019), Gary Lin, a Virginia resident, filed a putative class-action lawsuit against Crain Communications, Inc. (Crain), a Michigan-based publishing
The Consumer Financial Protection Bureau (CFPB) and SettleIt, Inc., an online debt-settlement company, have agreed to settle “abusiveness” claims for $1.4 million.
In an April 13 complaint filed in a California federal court, the CFPB detailed SettleIt’s business practices and alleged SettleIt concealed information from its customers. SettleIt negotiates with creditors to reduce and settle
On March 15, California Attorney General Xavier Becerra announced that the California Office of Administrative Law approved his fourth set of proposed modifications to the California Consumer Privacy Act’s (CCPA) implementing regulations (Fourth Set of Modifications), completing the finalization process.
In announcing the approval of the Fourth Set of Modifications, Attorney General Becerra
We have long predicted that just as other states followed California in passing breach notification laws, states would follow in California’s footsteps in regulating information privacy practices with the California Consumer Privacy Act of 2018 (CCPA), which was later amended by the California Privacy Rights Act of 2020 (CPRA).[1] The Virginia state legislature recently