As 2022 draws to a close, it is important to keep in mind that key state-level regulations on consumer and employee data privacy will become effective as soon as 2023 begins. Data security measures, personal data processing activities and privacy policies of businesses covered by the regulations are now proscribed specific standards and requirements in

Andrew Konia
Andrew’s practice is singularly focused on protecting clients’ businesses and data, anticipating disputes, and strengthening their competitive position in the marketplace.
FinCEN Leader’s Remarks Focus on Securing Digital Identity
During the 2022 Federal Identity Forum & Exposition on Sept. 7, FinCEN acting Deputing Director Jimmy Kirby emphasized the importance of securing digital identity as “fundamental to the effectiveness” of every financial institution’s anti-money laundering/countering the financing of terrorism (AML/CFT) program.
Read on for details and analysis of his remarks and proactive steps financial institutions…
DOJ and Aerojet Settle for $9 Million in Qui Tam Cybersecurity False Claims Act Case
On July 8, 2022, the U.S. Department of Justice announced a $9 million
settlement with federal government contractor Aerojet Rocketdyne, Inc. for
alleged violations of the False Claims Act in a case pending in the Eastern
District of California. The settlement results from alleged false
statements by Aerojet related to compliance with Department of Defense…
SEC Proposes New, Formal Cybersecurity Disclosure Rules
On March 9, the U.S. Securities and Exchange Commission proposed new rules that would fundamentally change how public companies treat the reporting and management of cybersecurity incidents and risk.
Read on for details about these proposed rules, which build significantly upon prior guidance by creating express, mandatory disclosure obligations.
DOJ Announces First False Claims Settlement Since Launch of Civil Cyber-Fraud Initiative
On March 8, the U.S. Department of Justice announced a $930,000 settlement with Comprehensive Health Services, LLC for alleged violations of the False Claims Act. As DOJ’s first resolution of a False Claims Act enforcement action involving cyber fraud since launching its Civil Cyber-Fraud Initiative in October 2021, this settlement signals the DOJ’s eagerness to…
Department of Justice Announces Increased FCA Enforcement Through New Civil Cyber-Fraud Initiative
On Oct. 6, the Department of Justice announced a new Civil Fraud Cyber Initiative to “combine the department’s expertise in civil fraud enforcement, government procurement and cybersecurity to combat new and emerging cyber threats to the security of sensitive information and critical systems.”
Read on for details and analysis of this new enforcement initiative and…
Biden Administration Orders Improvements to Cybersecurity and Federal Networks Amid Cyberattacks
On May 12, President Biden signed an executive order mandating that the federal government significantly improve cybersecurity within its networks and modernize federal cyber defenses. This move follows a series of cyberattacks on private companies and federal government networks over the past year, including a recent incident that resulted in gasoline shortages along the U.S.…
Data Privacy Day 2021: Privacy and Cybersecurity Are On Our Minds, Too
Data privacy is a top concern for many in-house legal professionals – and for good reason – data privacy and cybersecurity legal requirements are complex and continually evolving. Data Privacy Day is a great day to start addressing your organization’s data privacy and cybersecurity needs.
On Data Privacy Day 2021, here is what is top of mind for some of our Data Privacy & Security Team members:
- Andrew Konia – A Federal Privacy Law: “Calls (pleas?) for federal privacy legislation are nothing new, and last year we came close, with both parties presenting draft bills for consideration (surprise, neither passed!). But now, with the White House and both chambers of Congress under Democratic control, there appears to be renewed (and more serious) interest in a federal privacy law. We have seen (admittedly narrow) hints of the federal government taking a stronger stance on cybersecurity standards with the IoT Cybersecurity Improvement Act of 2020, which applies to federal agency purchases. But you take the recent and intense backlash on “Big Tech’s” use/sharing of data and perceived lack of data transparency, and mix in the Biden Administration’s prioritization of consumer protection generally, and you have the recipe – and a strong political appetite – for a comprehensive federal privacy law.”
- Bethany Lukitsch – California: “CPRA will be here before we know it, and most companies are going to have a lot to do to get ready. Updating privacy policies and adding ‘do-not-share’ links are one thing, but as with CCPA, it’s the behind-the-scenes work that is really going to take some time. It’s certainly not too early to get started.”
…
Continue Reading Data Privacy Day 2021: Privacy and Cybersecurity Are On Our Minds, Too
Are We (Finally) Ready to Zoom?
Zoom’s video communications platform service and its data privacy issues and security vulnerabilities have been a very hot topic of late, covered by numerous media outlets and in our recent Password Protected post. Due in part to the COVID-19 pandemic and resulting “stay-at-home” orders, as well as Zoom’s user-friendly set up and ability for large numbers of people to join a meeting for free, Zoom use has grown exponentially, from 10 million daily meeting participants pre-pandemic, to over 300 million daily meeting participants in April 2020. In an April 23, 2020 executive letter, Zoom touted use of its platform by over 100,000 schools and universities, U.S. and foreign governments, and numerous companies, including many Fortune 500 companies, located in over 226 countries and territories around the world.
…
Continue Reading Are We (Finally) Ready to Zoom?
Privacy vs. Containment, Part 2: The Democratic Answer to a Framework for Federal Privacy Legislation on COVID-19
Two weeks ago we wrote about proposed legislation, The COVID-19 Consumer Data Protection Act of 2020 (“CCDPA”), introduced by a group of senior Republican senators, which was designed to address privacy issues arising in the wake of the COVID-19 pandemic. In response, senior Democratic members of the Senate and House of Representatives introduced their own framework for protecting the privacy of individuals in light of the development of tools for tracking and containing the spread of the virus.
The Public Health Emergency Privacy Act
Senators Richard Blumenthal (D-CT) (Ranking Member of the Senate Commerce Committee’s Manufacturing, Trade and Consumer Protection Subcommittee) and Mark Warner (D-VA) (Vice Chairman of the Senate Intelligence Committee) lead a bicameral group of 10 lawmakers on a Democratic version of federal consumer privacy legislation as it relates to the coronavirus pandemic. The Public Health Emergency Privacy Act (the “PHEPA”), introduced on May 14, seeks to give individuals protection and control over their covered health data by adopting an express affirmative consent regime, along with enumerated requirements for businesses. For a helpful summary of the key similarities and differences between the PHEPA and the CCDPA, please see the Chamber Technology Engagement Center’s (C_TEC) COVID-19 Privacy Bill Comparison Chart.…