December 2023

On December 15, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) issued a Secure by Design Alert and guidance on “How Manufacturers Can Protect Customers by Eliminating Default Passwords.”

The guidance was created by CISA to “urge technology manufacturers to proactively eliminate the risk of default password exploitation by implementing principles one and three of

On December 8, 2023, New York Attorney General Leticia James penned her approval to an Assurance of Discontinuance with third party dental administrator Healthplex, settling the enforcement action for $400,000 and a litany of data privacy and security compliance requirements.

The AG’s investigation commenced following a November 24, 2021, successful phishing attack against Healthplex. The

Last week, the California Privacy Protection Agency (CPPA) voted in favor of a legislative proposal that would require web browsers to include a feature that allows web users the ability to exercise their privacy rights under the California Consumer Privacy Act (CCPA) through opt-out preference signals.

Under the California Consumer Privacy Act (CCPA), businesses must

The California Privacy Protection Agency (CPPA) recently met to discuss automated decision-making technology, privacy risk assessments and cybersecurity audits under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). However, the CPPA also decided to step outside the anticipated agenda and discuss additional revisions to the existing regulations. Once

On Monday, December 18, 2023, the Federal Trade Commission (FTC) released its report on takeaways gleaned from a public event it held in October with creative professionals, including artists and authors. The 43-page report, entitled, “Generative Artificial Intelligence and the Creative Economy Staff Report: Perspectives and Takeaways,” provides an insider view of the FTC’s interest

We previously wrote about how toys, baby monitors, and other smart devices collect, use, and disclose personal information about children, and risks to children’s privacy. As adults responsible for the safety of children in our care, learning about how smart devices collect, use, and disclose personal information of children should be a top priority, just

There was a big win for the good guys against the bad guys this week. On December 13, 2023, after obtaining an order from the federal court in the Southern District of New York to seize U.S. based infrastructure and take offline websites used by a group Microsoft identifies as Storm-1152, Microsoft’s Digital Crimes Unit

According to new reporting from Reuters, cybercriminals are exploiting Wyoming’s limited liability corporation law to set up legitimate-seeming endpoints for illicit traffic. Filtering traffic through the United States allows criminals to evade detection by their targets and law enforcement. Wyoming’s LLC governance system, often promoted as being business-friendly and user-friendly, enables criminals to create

On December 13, 2023, the Office of the National Coordinator for Health Information Technology (ONC) issued its final rule entitled “Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing” and known as “HTI-1” (Final Rule). Among other issues addressed in the Final Rule, ONC revised the information blocking rules to add

The Office of the Controller of the Currency (OCC) issues a semiannual risk perspective report that “addresses key issues facing banks, focusing on those that pose threats to the safety and soundness of banks and their compliance with applicable laws and regulations.” The most recent report “presents data in five main areas: the operating environment