Virginia’s new Consumer Data Protection Act will take effect on January 1, 2023, adding new consumer privacy rights, a broader interpretation of “personal information,” a separate “sensitive data” category, and data protection assessment obligations into the mix with the commonwealth’s three major pre-existing privacy and data protection laws as Virginia joins the growing ranks of
Critical Infrastructure Must Soon Report Cyber Incidents to CISA Immediately
In March, President Biden signed the “Cyber Incident Reporting for Critical Infrastructure Act” (CIRCIA) into law. CIRCIA applies to the Critical Infrastructure Sector, which includes entities that are “vital to the United States” and whose incapacitation or destruction would have an adverse effect on national
Introduction
On April 29, Aerojet Rocketdyne Holdings Inc. (Aerojet) settled claims by whistleblower Brain Markus for a reported $9 million after the second day of a jury trial.[1] This is the second recent settlement under the False Claims Act (FCA) relating to alleged misrepresentations about a company’s cybersecurity practices and systems in connection with
Creation of CyTech. On May 9, the National Association of Attorneys General (NAAG) announced the creation of the NAAG Center on Cyber and Technology (CyTech), joining a number of other centers focused upon key issues for state attorneys general and the public, including tobacco and public health, ethics and public integrity, and consumer protection.
Purpose:
On April 18, the Ninth Circuit issued its opinion in hiQ Labs, Inc. v. LinkedIn Corporation[1] in which the court clarified its position on an important topic: whether the common practice of data “web scraping” can create criminal liability under the Computer Fraud and Abuse Act (CFAA). To be clear, the Ninth Circuit was
On February 28, the U.S. Department of Justice (DOJ) agreed to a $930,000 settlement with Comprehensive Health Services (CHS) to resolve False Claims Act allegations. The resolution represents the department’s first settlement under the False Claims Act since instituting its Civil Cyber Fraud Initiative in October 2021.[1] This is a watershed moment in the
On February 25, the Utah Senate passed the Utah Consumer Privacy Act (the UCPA), which closely resembles both the Virginia Consumer Data Protection Act (the VCDPA) and the Colorado Privacy Act (the CPA). The House unanimously passed the bill on March 2. The bill now goes to Governor Spencer Cox, who has 20 days to
On January 28, California Attorney General Rob Bonta announced that his office was beginning an “investigative sweep” of businesses operating consumer loyalty programs in California. The California AG’s press release stated that letters were sent to “major corporations in the retail, home improvement, travel, and food service industries” and allege the recipients’ potential noncompliance with
Data breaches and ransomware attacks are on the rise. On October 7, Oregon Attorney General Rosenblum announced an increase in data breaches reported to his office. The first nine months of 2021 involved 131 reported breaches, exceeding the 2020 total of 110. Financial Crimes Enforcement Network (FinCEN) also announced an increase in ransomware-related activities in
On September 13, the Federal Trade Commission (FTC) released a report to Congress that highlights the agency’s recent efforts to protect Americans’ privacy, announces the agency’s priorities for future data security and privacy protection efforts, and urges Congress to allocate more resources to the agency so it can expand its data security and privacy protection