US Congress enacts significant new law mandating cyber incident and ransomware reporting on businesses

On March 15, 2022, US President Joe Biden signed the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA or the Act) into law.  Under its provisions, a broad range of private and public-sector entities operating in “critical infrastructure” sectors will for the first time have mandatory reporting obligations in connection with “cyber incidents” and ransomware attacks.  Specifically, “covered entities” are required to report certain “substantial” cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours of the event, and to report ransomware payments within 24 hours of payment. Read more

Consumer class actions – global perspectives

The latest edition of our Future of Consumer series looks at key areas of class action risk that businesses in the Consumer sector are facing across key jurisdictions of the UK, the US, and Australia, including: Product liability and consumer law; Supply-chain issues (with a focus on business human rights and environmental, social, and governance); … Read more

Joint UK and US Government Advisory: COVID-19 exploited by malicious cyber actors

An increasing number of malicious cyber actors are exploiting the current coronavirus disease 2019 (“COVID-19“) pandemic for their own purposes. In the UK, the National Cyber Security Centre (“NCSC“) has detected more UK government branded scams relating to COVID-19 than any other subject. Meanwhile, across the Atlantic, both the United States Department of Homeland Security … Read more

The encryption debate is far from ‘going dark’

Shortly after the release of the communiqué from the most recent ministerial meetings of the ‘Five Countries’ security alliance — Australia, Canada, New Zealand, the UK and the US — at the end of July, we warned that the issue of the use of, and access to, encrypted services and technologies ‘remains front of mind for … Read more

US Senate confirms Permanent Ombudsman for the EU-US Privacy Shield Agreement

On 20 June 2019, the US Senate confirmed Keith Krach as the Under Secretary of State for Economic Growth, Energy, and the Environment. As part of that role, Krach will serve as the permanent Ombudsman for the EU-US Privacy Shield agreement. The EU-US Privacy Shield is a framework that regulates transatlantic exchanges of personal data … Read more

US FTC continues Facebook privacy and competition probes

The US FTC continues its investigations of Facebook relating to both privacy and competition issues. The FTC has undertaken several investigations of Facebook’s privacy practices, and has notably entered into a consent decree in 2012 requiring Facebook to gain more explicit consent from users before sharing their data. Over the past year, in the wake … Read more

US DoJ issues white paper addressing CLOUD Act

In April 2019, the US Department of Justice (“DoJ“) published a white paper entitled “Promoting Public Safety, Privacy, and the Rule of Law Around the World: The Purpose and Impact of the CLOUD Act” (the “White Paper“). The White Paper is the DoJ’s first official statement about the Clarifying Lawful Overseas Use of Data Act … Read more

Proposals for federal privacy-related legislation continue

In the US, efforts have continued to establish a comprehensive national privacy law, to replace the current patchwork approach undertaken on a state and sector basis. Key recent federal privacy initiatives include the following: Algorithmic Accountability Act of 2019 On 10 April 2019, Senators Ron Wyden (D-OR) and Cory Booker (D-NJ), and Representative Yvette Clarke … Read more