Spencer Fane LLP Logo
Latest Posts

HHS Publishes New Cybersecurity Resources

The U.S. Department of Health and Human Services (HHS) recently published new cybersecurity resources with the goal of mitigating common cybersecurity threats in the healthcare sector. The resources include:

Connecticut’s New Privacy Act: Another New Layer of Complexity for Privacy Compliance

On July 1, 2023, the Connecticut Privacy Act will take effect adding another legislative layer of complexity to running a business.

Colorado’s Privacy Act: Do Not Be Caught Off-Guard

The Colorado Privacy Act (CPA) will change the landscape for a wide range of businesses doing business in Colorado or with Colorado residents on July 1, 2023. With only five months until this law takes effect, companies should move rapidly to ensure they are in full compliance with the new act. Failure to comply with the CPA can result in severe economic punishment for violators. 

FTC Provides a Wake-Up Call for Companies with Lax Privacy Policy Compliance

How confident are you that your website privacy policy accurately explains what you’re doing with your customer’s data? You now have another 1,500,000 reasons to potentially worry, because the FTC recently slapped GoodRx with a $1.5 million penalty for privacy violations. While this is the first time a regulatory penalty has been handed out under the FTC’s Health Breach Notification Rule, more enforcement actions are anticipated. This particular penalty related to the prescription drug discount company GoodRx Holdings Inc. failing to accurately notify consumers of its disclosures of personal health information to Facebook, Google, and other companies.

Landmark $1.2M Sephora Settlement Highlights the Importance of CCPA Compliance

The Attorney General (AG) for California just settled a California Consumer Privacy Act (CCPA) enforcement case against Sephora for $1.2 million. While Sephora denies liability in the settlement, the outcome of this settlement should send shivers down most companies’ spines who may engage in some of the same conduct that landed Sephora in trouble. Read below for some of the major takeaways from this landmark decision.

What We Learned from the Hack of Disney’s Instagram (And, How You Can Avoid It)

The “Happiest Place on Earth” was hacked. Well, its Instagram and Facebook accounts, anyway.

Top Eight Things to Remember During a Cybersecurity Crisis

On Friday, June 17, 2022, the Center for American and International Law’s 57th Academy of American and International Law welcomed attorney Shawn Tuma; Mark Michels, Santa Clara University School of Law; and Micah Skidmore, Haynes and Boone; to lead a cyber breach crisis workshop. Jessica Lee and Haley Stevers, 2022 Summer Associates at Spencer Fane, were also present to help facilitate the event.

SEC Sanctions Broker-Dealers, Investment Advisory Firms for Deficient Cybersecurity Procedures

The Securities and Exchange Commission sanctioned eight registered broker-dealer and investment advisory firms this week for failures in their cybersecurity policies and procedures. Those failures resulted in email account takeovers, which exposed the personal information of thousands of customers and clients at each firm. Those firms paid penalties ranging from $200,000 to $300,000.

Five Best Practices the White House Urges all Businesses to Take to Mitigate Risk of Ransomware Attacks

The threat of ransomware attacks against all American businesses is so great that on June 2, 2021, the White House issued a memo to all corporate executives and business leaders with the subject “What We Urge You To Do To Protect Against The Threat of Ransomware.” This is the first time such a memo has ever been issued. That is how serious the threat of ransomware attacks is to our nation.

DOL Issues Cybersecurity Guidance

On April 14, 2021, the Department of Labor’s Employee Benefits Security Administration (“EBSA”) issued cybersecurity guidance for retirement plan fiduciaries and service providers, as well as plan participants.  In the guidance, the EBSA states that ERISA fiduciaries are required to take appropriate steps to mitigate internal and external cybersecurity threats to plan participants and retirement plan assets.   To assist fiduciaries  and service providers in fulfilling this obligation, the EBSA issued two documents that describe cybersecurity best practices – Cybersecurity Program Best Practices and Tips for Hiring a Service Provider.  The EBSA also issued some basic rules – Online Security Tips – to help participants reduce the risk of fraud and loss to their retirement accounts.

1 2 3 5 Showing 1-10 of 48 results View All