Insights Search

After a rash of significant cybersecurity breaches and ransomware attacks affecting companies across industries, the Biden administration released its much-anticipated National Cybersecurity Strategy on March 2, 2023.

On October 12, 2022, New York Attorney General Letitia James fined Zoetop Business Company, Ltd. (“Zoetop”), the owner of fast-fashion brands SHEIN and ROMWE, $1.9 million for mishandling a 2018 data breach and lying to the public about the scope of the breach.

On October 18, 2022, the Transportation Security Administration (“TSA”) issued its Security Directive 1580/82-2022-01 on Rail Cybersecurity Mitigation Actions and Testing (the “Railroad Directive”), regulating designated passenger and freight railroad carriers, effective October 24, 2022.

A technological error in the online comment portal on sec.gov has prevented the Securities and Exchange Commission (“SEC”) from receiving comments on twelve rule proposals (the “Affected Proposals”), according to a new SEC release.

In a recent Securities and Exchange Commission (“SEC”) enforcement action, the SEC concluded that a registered broker-dealer and investment adviser (the “Firm”) violated Rule 30 of Regulation S-P by failing to adopt sufficient policies and procedures governing decommissioning of data-bearing devices.

On August 24, 2022, California Attorney General Rob Bonta announced a settlement with Sephora, one of the largest cosmetic retailers in the world, to resolve allegations that the company illegally sold consumer data and violated the California Consumer Privacy Act (“CCPA”).

It has been over a year since the Colonial Pipeline cybersecurity incident, and the Department of Homeland Security’s Transportation Security Administration (“TSA”) continues to issue cybersecurity directives to owners and operators of critical pipelines and liquified natural gas facilities.

On July 27, 2022, the Federal Trade Commission (“FTC”) voted 3-2 to sue in federal district court to block Meta Platforms, Inc.’s (“Meta”) acquisition of Within Unlimited, Inc. (“Within”), a virtual reality (“VR”) app developer.

Earlier this month, Deputy Attorney General Lisa O. Monaco spoke on cybersecurity developments at the International Conference on Cyber Security (“ICCS”); the same day, the U.S. Department of Justice (“DOJ”) released its Comprehensive Cyber Review (the “Cyber Review”).

On June 17, 2022, TikTok Inc. (“TikTok”) reportedly completed the migration of its U.S. users’ information to servers at Oracle Corporation (“Oracle”) in a move that bars access by Chinese parent company ByteDance.