CISA Issues Notice of Proposed Rulemaking for Critical Infrastructure Cybersecurity Incident Reporting

Ashden Fein, Micaela McMurrough, Caleb Skeath, Robert Huffman, John Webster Leslie, and Shayan Karbassi of Covington and Burling write: On March 27, 2024, the U.S. Cybersecurity and Infrastructure Security Agency’s (“CISA”) Notice of Proposed Rulemakin… Continue reading CISA Issues Notice of Proposed Rulemaking for Critical Infrastructure Cybersecurity Incident Reporting

Utah Enacts Amendments to State Breach Notification Law

Hunton Andrews Kurth writes: On March 19, 2024, Utah’s Governor Spencer J. Cox signed Senate Bill (SB) 98 (the “Bill”), Online Data Security and Privacy Amendments, into law. The Bill amends the Protection of Personal Information Act (§13-44-101 et seq… Continue reading Utah Enacts Amendments to State Breach Notification Law

FCC Updated Data Breach Notification Rules Go into Effect Despite Challenges

Hunton Andrews Kurth writes that on March 13, 2024, the Federal Communications Commission’s updates to the FCC data breach notification rules (the “Rules”) went into effect despite legal challenges. The rules were adopted in December 2023 pursuant to a… Continue reading FCC Updated Data Breach Notification Rules Go into Effect Despite Challenges

Indiana Attorney General Files Suit Against Apria Healthcare

Attorney General Todd Rokita is filing a lawsuit on behalf of the people of Indiana against Apria Healthcare LLC for a massive data breach that impacted at least 42,000 Hoosiers and 1.8 million people nationwide. Apria is a provider of home healthcare … Continue reading Indiana Attorney General Files Suit Against Apria Healthcare

An Update on the SEC’s Cybersecurity Reporting Rules

Hunton Andrews Kurth write: As we pass the two-month anniversary of the effectiveness of the U.S. Securities and Exchange Commission’s (“SEC’s”) Form 8-K cybersecurity reporting rules under new Item 1.05, this blog post provides a high-level summary of… Continue reading An Update on the SEC’s Cybersecurity Reporting Rules

Looking Ahead to the FTC’s Implementation of the Data Breach Notification Rule for Nonbanking Financial Institutions

Alexander Boyd , Colin H. Black of Polsinelli PC write: Beginning on May 13, 2024, nonbanking “financial institutions” must notify the Federal Trade Commission (“FTC”) within 30 days of discovering a data breach involving the nonpublic personal informa… Continue reading Looking Ahead to the FTC’s Implementation of the Data Breach Notification Rule for Nonbanking Financial Institutions