Wayne Jones reports: A report by the Financial Times revealed that the Securities and Exchange Commission (SEC) plans to issue crypto firms notices of technical violations before taking action. The move is a shift away from the aggressive enforcement approach that was pursued under former President Joe Biden. Trump-appointed SEC Chair Paul Atkins told the Financial Times…
Category: Legislation
HHS Releases Updated Security Risk Assessment Tool
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) and the Assistant Secretary for Technology Policy (ASTP) are pleased to announce the release of version 3.6 of the Security Risk Assessment (SRA) Tool. To help you make the most of these updates, ASTP and OCR are hosting live webinars on September…
CISA Delays Cyber Incident Reporting Rule for Critical Infrastructure
Ashden Fein, Micaela McMurrough, Caleb Skeath, and John Webster Leslie of Covington and Burling write: The U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) plans to delay the publication of its much-anticipated cybersecurity incident reporting rule implementing the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”). According to an entry on the Spring 2025 Unified Agenda…
District of Arizona Clarifies Causes of Action Available for Breach of Health Data
Nick Palmieri of Baker Botts writes: Healthcare providers wrestling with the legal fallout of cyber-attacks just received a fresh reminder from the District of Arizona: traditional tort and contract theories remain difficult to sustain after a breach, but consumer-fraud statutes can keep a case alive. In Johnson v. Yuma Regional Medical Center, fourteen patients sued the…
Huge Fines Imposed by Thailand’s PDPC: A Major Alert on Data Privacy Violations (Thailand)
Shunsuke Minowa and Poonyisa Sornchangwat of Nagashima Ohno & Tsunematsu write: 1. Background On 1 August 2025, Thailand’s Personal Data Protection Committee (“PDPC”) announced the issuance of 8 fines totaling THB 14.5 million (approximately USD 448,000), which were levied against one government agency and other private entities for non-compliance with the Personal Data Protection Act of 2019 (“PDPA”)…
3rd Circuit Clarifies Scope of Computer Fraud Abuse Act With Employer’s Policies
Riley Brennan reports: The U.S. Court of Appeals for the Third Circuit clarified this week that an employee’s purported violations of workplace computer use policies cannot be criminalized under federal law as long as there is no evidence of hacking or violations of trade secrets. On Tuesday, the federal appellate court affirmed the U.S. District Court…