Christopher Brown reports: Makers of health apps are scrambling to understand the extent of their legal liability after a divided Federal Trade Commission announced they’re now required to inform users about data and privacy breaches—and if they have used their customers’ health data without authorization. The commission approved 3-2 a policy statement that the makers of health…
Category: Federal
Congress Mulls Ban on Big Ransom Payouts Unless Victims Get Official Say-So
Lisa Vaas reports: A U.S. lawmaker has introduced a bill – the Ransomware and Financial Stability Act (H.R.5936) (PDF) – that would make it illegal for financial firms to pay ransoms over $100,000 without first getting the government’s permission. The legislation was introduced on Wednesday by the top Republican on the House Financial Services Committee, North Carolina…
European Parliament Adopts Draft Cybersecurity Directive
Hunton Andrews Kurth blog reports: On October 28, 2021, the European Parliament’s Committee on Industry, Research and Energy adopted a draft directive on cybersecurity (“NIS2 Directive”). The NIS2 Directive will broaden the scope of the existing NIS Directive to apply to “important sectors,” such as waste management, postal services, chemicals, food, medical device manufacturers, digital providers and…
DOJ Announces New Cyber-Fraud Initiative Promoting False Claims Act Enforcement Against Contractors and Grantees Failing to Follow Cybersecurity Standards
Anthony Mirenda, Stephen Garvey, and Natalie Panariello of Foley Hoag write: As we anticipated last spring, the Department of Justice (DOJ) has signaled that it will utilize civil enforcement of the False Claims Act (FCA) to address new and emerging cybersecurity threats. On October 6, 2021, Deputy Attorney General Lisa Monaco announced the launch of a new…
Quebec’s Bill 64 Introduces Unique Cyber Incident Reporting Obligations
Charles S. Morgan, Ellen Yifan Chen, and Philippe April of McCarthy Tétrault LLP write: The Act to Modernize Legislative Provisions respecting the Protection of Personal Information (“Bill 64” or the “Bill”)[1] received royal assent on September 22, 2021, introducing new obligations for private sector businesses in Québec phased over the course of three years. […] it is important…
Australia to tackle ransomware data breaches by deleting stolen files
Bill Toulas reports: Australia’s Minister for Home Affairs has announced the “Australian Government’s Ransomware Action Plan,” which is a set of new measures the country will adopt in an attempt to tackle the rising threat. […] To further strengthen the ability to conduct investigations and disrupt ransomware attacks, the government is looking to establish new…