Megan Kayo

Subscribe to all posts by Megan Kayo

White House Releases National Cybersecurity Strategy: Key Takeaways for the Private Sector

On March 2, 2023, the White House released its National Cybersecurity Strategy (the Strategy). The Strategy sets out ambitious goals for the federal government to hold countries accountable for irresponsible behavior in cyberspace and to disrupt the networks of criminals behind cyberattacks. It also seeks to establish, harmonize, and streamline regulations to secure critical infrastructure, as well … Continue Reading

2023 U.S. Cybersecurity Predictions

Given that cyberattacks continue to be sophisticated and severe, and cybersecurity continues to be a top concern for regulators, consumers, business partners, and investors, companies should be proactive and devote adequate resources to their security practices and incident response. In addition to the litigation and reputational risks that companies face if they are perceived as … Continue Reading

FTC Issues Complaint and Proposed Settlement with Online Retailer for Deceptive and Unfair Security and Privacy Practices

On March 15, 2022, the Federal Trade Commission (FTC) announced it had filed a complaint against Residual Pumpkin Entity, LLC, formerly doing business as CafePress, and PlanetArt LLC, which bought CafePress in 2020 (collectively, CafePress). The FTC alleged that CafePress, an online platform used by consumers who bought or sold customized t-shirts, mugs, and other merchandise, had, … Continue Reading

SEC Proposes New Cybersecurity Reporting and Enhanced Standardized Disclosure

On March 9, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new rules that would require current and periodic reporting of material cybersecurity incidents as well as more detailed disclosure of cybersecurity risk management, expertise, and governance. This alert summarizes the proposed changes, which are subject to public comment until the later of May 9, 2022 … Continue Reading

Court Orders Production of a Data Breach Forensic Report, Rejecting Arguments That Attorney-Client Privilege and Work Product Protection Apply

On January 12, 2021, the District Court of the District of Columbia was the latest court to grant a motion to compel production of a forensic report prepared by an external security-consulting firm in data breach litigation.1 This case involved a cyberattack on a law firm that led to the public dissemination of the confidential information … Continue Reading

Third Time’s the Charm? Newest Round of Modifications to Proposed CCPA Regulations Issued by the California Attorney General

On March 11, 2020, the California Attorney General issued further revisions to the proposed regulations implementing the California Consumer Privacy Act (CCPA). For context, in passing the CCPA, the legislature directed the California Attorney General to solicit broad public participation and adopt regulations to further the purposes of the CCPA. On October 11, 2019, the California Attorney … Continue Reading

CCPA Update: California Attorney General Issues Modifications to Proposed CCPA Regulations

Updates to Compliance Likely Required On February 10, 2020, the California Attorney General issued the proposed text of modified regulations implementing the California Consumer Privacy Act (CCPA). This draft is a correction of a version that the California Attorney General issued on February 7, 2020. While the California Attorney General previously indicated that major changes to the … Continue Reading

Data Brokers Must Register with California Attorney General by January 31

Given Broad Definitions, the Law Could Apply to Businesses That Do Not Consider Themselves Data Brokers While amending the California Consumer Privacy Act of 2018 (CCPA) last term, the California legislature also passed a CCPA-related privacy bill that applies to “data brokers.” Assembly Bill 1202 (AB 1202) requires businesses that qualify as data brokers to register, pay … Continue Reading

FTC Data Security Settlement with Auto Dealer Software Provider Goes Further than Ever Before

Provides Detailed Specifications Both for Information Security Program and Third-Party Assessments On June 12, 2019, the Federal Trade Commission (FTC) announced it had reached a proposed settlement with LightYear Dealer Technologies, LLC (doing business as “DealerBuilt”) over allegations that the automobile software provider’s inadequate data security practices had resulted in a data breach in 2016.1 … Continue Reading
LexBlog