Insights Search

On October 12, 2022, New York Attorney General Letitia James fined Zoetop Business Company, Ltd. (“Zoetop”), the owner of fast-fashion brands SHEIN and ROMWE, $1.9 million for mishandling a 2018 data breach and lying to the public about the scope of the breach.

A technological error in the online comment portal on sec.gov has prevented the Securities and Exchange Commission (“SEC”) from receiving comments on twelve rule proposals (the “Affected Proposals”), according to a new SEC release.

The United States Court of Appeals for the Third Circuit recently held that a plaintiff had standing to sue her former employer for a data breach that exposed her personal information to the “Dark Web” because she sufficiently alleged an “imminent” and “concrete” injury, despite not yet having her identity stolen as a result of the breach.

In a recent Securities and Exchange Commission (“SEC”) enforcement action, the SEC concluded that a registered broker-dealer and investment adviser (the “Firm”) violated Rule 30 of Regulation S-P by failing to adopt sufficient policies and procedures governing decommissioning of data-bearing devices.

On August 24, 2022, California Attorney General Rob Bonta announced a settlement with Sephora, one of the largest cosmetic retailers in the world, to resolve allegations that the company illegally sold consumer data and violated the California Consumer Privacy Act (“CCPA”).

Cyber and ransomware threats are a persistent concern for companies and governments, with even great escalation due to the conflict in Ukraine and additional sanctions placed on Russia.

It has been over a year since the Colonial Pipeline cybersecurity incident, and the Department of Homeland Security’s Transportation Security Administration (“TSA”) continues to issue cybersecurity directives to owners and operators of critical pipelines and liquified natural gas facilities.

Earlier this month, Deputy Attorney General Lisa O. Monaco spoke on cybersecurity developments at the International Conference on Cyber Security (“ICCS”); the same day, the U.S. Department of Justice (“DOJ”) released its Comprehensive Cyber Review (the “Cyber Review”).

On June 17, 2022, TikTok Inc. (“TikTok”) reportedly completed the migration of its U.S. users’ information to servers at Oracle Corporation (“Oracle”) in a move that bars access by Chinese parent company ByteDance.

On March 9, 2022, the Securities and Exchange Commission (“SEC”) announced Proposed Rules on cybersecurity risk management, strategy, governance, and incident disclosure (“Proposed Rules”) to address concerns of increasing cybersecurity threats to public companies.

Should hazardous liquids pipelines be prepared to operate “manually” in the event of a future cyberattack?

Connecticut is the fifth U.S. state, and the second this year after Utah passed the Utah Consumer Privacy Act (“UCPA”), to enact a comprehensive data privacy legislation.