Cybersecurity and Data Privacy

On May 17, District of Colombia Attorney General Brian Schwalb announced the settlement of an investigation into Easy Healthcare Corporation, requiring the company to change its privacy practices involving the ovulation tracking app “Premom” to protect the sensitive reproductive data of consumers. Easy Health agreed to several remedial measures intended to prevent the disclosure of

In addition to a night of revelry, the 2023 new year will trigger the many new privacy mandates in the Virginia Consumer Data Protection Act (VCDPA) for businesses operating in Virginia — only the second state with active consumer privacy legislation behind California, with other states’ privacy laws, such as Colorado, Connecticut and Utah, taking

Ketan Bhirud, a member of Troutman Pepper’s State Attorneys General and Regulatory Investigations, Strategy + Enforcement (RISE) practice groups, is quoted in the Bloomberg Law article, “TikTok Faces ‘Pile-On’ Pressure From States After Indiana Sues.”

“If you have something touching upon exposure to children, that’s something that’s going to get a lot of

Virginia’s new Consumer Data Protection Act will take effect on January 1, 2023, adding new consumer privacy rights, a broader interpretation of “personal information,” a separate “sensitive data” category, and data protection assessment obligations into the mix with the commonwealth’s three major pre-existing privacy and data protection laws as Virginia joins the growing ranks of

Critical Infrastructure Must Soon Report Cyber Incidents to CISA Immediately

In March, President Biden signed the “Cyber Incident Reporting for Critical Infrastructure Act” (CIRCIA) into law. CIRCIA applies to the Critical Infrastructure Sector, which includes entities that are “vital to the United States” and whose incapacitation or destruction would have an adverse effect on national

Introduction

On April 29, Aerojet Rocketdyne Holdings Inc. (Aerojet) settled claims by whistleblower Brain Markus for a reported $9 million after the second day of a jury trial.[1] This is the second recent settlement under the False Claims Act (FCA) relating to alleged misrepresentations about a company’s cybersecurity practices and systems in connection with

Creation of CyTech. On May 9, the National Association of Attorneys General (NAAG) announced the creation of the NAAG Center on Cyber and Technology (CyTech), joining a number of other centers focused upon key issues for state attorneys general and the public, including tobacco and public health, ethics and public integrity, and consumer protection.

Purpose:

On April 18, the Ninth Circuit issued its opinion in hiQ Labs, Inc. v. LinkedIn Corporation[1] in which the court clarified its position on an important topic: whether the common practice of data “web scraping” can create criminal liability under the Computer Fraud and Abuse Act (CFAA). To be clear, the Ninth Circuit was

On February 28, the U.S. Department of Justice (DOJ) agreed to a $930,000 settlement with Comprehensive Health Services (CHS) to resolve False Claims Act allegations. The resolution represents the department’s first settlement under the False Claims Act since instituting its Civil Cyber Fraud Initiative in October 2021.[1] This is a watershed moment in the

On February 25, the Utah Senate passed the Utah Consumer Privacy Act (the UCPA), which closely resembles both the Virginia Consumer Data Protection Act (the VCDPA) and the Colorado Privacy Act (the CPA). The House unanimously passed the bill on March 2. The bill now goes to Governor Spencer Cox, who has 20 days to