Insights Search

Connecticut is the fifth U.S. state, and the second this year after Utah passed the Utah Consumer Privacy Act (“UCPA”), to enact a comprehensive data privacy legislation.

On March 9, 2022, the Securities and Exchange Commission (“SEC”) announced Proposed Rules on cybersecurity risk management, strategy, governance, and incident disclosure (“Proposed Rules”) to address concerns of increasing cybersecurity threats to public companies.

The Department of Justice, acting on behalf of the Federal Trade Commission, recently took action against WW International, Inc., formerly known as Weight Watchers, and its subsidiary, Kurbo, Inc. (together, “Weight Watchers”).

Two new United Kingdom (“UK”) data transfer mechanisms, the International Data Transfer Agreement (“IDTA”) and the International Data Transfer Addendum (“UK Addendum”) to the European Union’s (“EU”) new standard contractual clauses (“SCCs”), came into force on March 21, 2022.

On January 1, 2023, absent intervention from the California legislature, the nation’s first comprehensive data privacy law, the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”), will not only regulate consumer data but will also regulate previously exempt human resources data as well.

Speaking at the Munich Cyber Security Conference on February 17, 2022, Deputy Attorney General Lisa O. Monaco announced that the U.S. Department of Justice (“DOJ”) plans to prioritize “cyber disruption,” foster international partnerships, and increase its investigative and deterrent capabilities to bolster its crypto-enforcement arsenal and to combat cyber threats.

On March 9, 2022, the Securities and Exchange Commission (“Commission”) issued its much-anticipated proposed rule amendments which would mandate certain cybersecurity disclosures for public companies (“Proposed Rules”).

Update: The UCPA was signed into law by Governor Spencer J. Cox without amendment on March 24, 2022.

As a strong signal that it intends to increase its focus on illicit crypto transactions, the Department of Justice (“DOJ”) announced the creation of an enforcement team, the National Cryptocurrency Enforcement Team (“NCET”), on October 6, 2021.

The widespread adoption of remote work arrangements during the COVID-19 pandemic and the need for employers to provide flexibility for the foreseeable future have heightened data-privacy risks for U.S. ...

The Department of Justice (“DOJ”) recently announced a new Civil Cyber-Fraud Initiative (the “Initiative”) that will use the False Claim Act (“FCA”) to pursue contractors and grant recipients that knowingly (1) provide deficient cybersecurity products or services, (2) misrepresent their cybersecurity practices or protocols, or (3) violate obligations to monitor and report cybersecurity incidents and breaches.

As the onslaught of data breaches and ransomware attacks continues, state governments are grappling with ways to bolster the impact and reach of breach notification laws.