Every ransomware attack requires the victims to make a hard decision – whether or not to pay the ransom. The decision is often made on the basis of past mistakes – failure to implement basic security (such as not implementing multi-factor authentication), failure to train personnel in recognizing phishing, or…
In 2024, privacy laws adopted by Montana, Oregon, Texas and Utah will become effective. While the laws have much in common (and are similar to the laws already in effect), they each have special characteristics, and companies will need to evaluate how they impact operations, disclosures and policies. What do…
Companies that are subject to the registration and disclosure requirements of the United States Securities Act and Securities Exchange Act face the challenge of complying with a broad variety of detailed regulations addressing their disclosure and reporting obligations. The Securities Exchange Commission recently adopted regulations which will have an impact…
Online privacy policies are ubiquitous. Sometimes they are mandated by law – that’s been the case in California for years – and a variety of other states and federal agencies (like the Securities and Exchange Commission) require them as well. As a practical matter, almost every firm that has an…
Many races and initiatives that California voters considered on November 3 are still undecided, but Proposition 24, the California Privacy Rights Act of 2020 (the “CPRA”) isn’t one of them. The California electorate approved Proposition 24 by a comfortable margin – 56% of Californians voted in favor. Like its predecessor…
Are your cybersecurity management practices reasonable? Do you know your risk tolerance? Are you covering all the cybersecurity bases that make up reasonable cybersecurity? The California Consumer Privacy Act (CCPA) and other emerging laws require organizations to have “reasonable cybersecurity practices.” The challenge is that there is no accepted definition…
The Blackbaud Breach In July of this year, Blackbaud, a U.S. based cloud computing provider and one of the world’s largest providers of administration, fundraising, and financial management software, notified its clients that it had discovered and stopped a ransomware attack. In a public statement, Blackbaud described the attack: In…
Michael A. Gold, co-chair of JMBM’s Cybersecurity & Privacy Group, will host a panel of industry leading experts for the webinar, The Right Stuff: Validating Reasonable Information Security Date: Thursday, June 18, 2020 Time: 10 AM – 11:15 AM PDT; 1 PM – 1:15 PM EDT Register Now Most organizations…
As a privacy and cybersecurity lawyer, I’m often asked by clients and potential clients about preparing a privacy policy – whether they need one, and how much it costs. And underlying the question is an assumption – privacy policies are really just formalities, and all they need to do is…
Robert E. Braun, chair of JMBM’s Cybersecurity & Privacy Group, will be the keynote speaker for the webinar, Privacy and Information Security – Best Practices and Imperatives. Date: Wednesday, May 27, 2020 Time: 2:00 PM Pacific Time Register Now As companies shift to a remote working environment due to the…