By now, you have probably heard about OpenAI’s ChatGPT, an artificially intelligent chatbot, and similar chatbots that have launched in its wake. (Chris Deubert and I have previously written about it here.)

On March 2, the Biden Administration released a “National Cybersecurity Strategy,” which it says takes a comprehensive approach to securing cyberspace for all and ensuring the United States is in the best position to take advantage of all the benefits that our digital future holds. The Strategy consists of five “pillars”: Infrastructure, threat actors, the market, plans ...

The Illinois Biometric Information Privacy Act, enacted in 2008, was designed to provide individuals with control over their biometric information and to establish standards for collection. The Illinois Supreme Court has recently issued three opinions interpreting provisions of the BIPA, two of which are likely to result in a spike in BIPA claims and related litigation.

The Nigerian prince seems almost quaint.

Gone are the days when the Nigerian prince was the only nefarious figure menacing our inboxes.  A simple yet elegant scheme – our supposed prince unexpectedly fell upon a large sum of money, left behind by a fallen war hero, bequeathed by a terminally-ill spouse, or, perhaps, borne from the fruits of new age oil exploration. The funds are (somehow) rightfully yours, but a bureaucratic quagmire has them tied up, and they cannot be released until you pay a *small* fee. Just send a few million dollars to a specified bank account, and the endless riches are yours.

Recent amendments to Pennsylvania’s data breach law -- the Breach of Personal Information Notification Act – will take effect May 3. The amendments were enacted in November.

Originally enacted in 2006, the Act provides for the security of computerized data and requires notification to Pennsylvania residents whose personal information data was, or may have been, disclosed due to a breach of the security of an entity’s system. 

The life cycle of a data security incident begins and ends with preparation.

Unfortunately, there is no such thing as a network or system with “zero vulnerabilities.” There are jokes about absolute network security, including that the only secure network is one without users or one with no access. There is no perfect code, no perfect software, no perfect hardware, and even the most well-intentioned user can be socially engineered. Consequently, preparation at all levels of information security is critical to protect businesses from catastrophic attacks.

A significant HIPAA reporting deadline is fast approaching for all covered entities. 

Fight back against this major cyber threat.

Business Email Compromise is one of the greatest cyber threats to businesses of all sizes and industries, particularly those involved in regular wire transfers of funds. According to the Federal Bureau of Investigation, between June 2016 and December 2021, BEC scams were reported in all 50 states and 177 countries, with more than 140 countries receiving fraudulent transfers. These statistics are based on information reported to the FBI by victims, law enforcement, and the banking community. Actual and attempted dollar losses associated with these reports exceed $43 billion. Because these numbers are based only on compromises that have been reported, the true cost of BEC scams is in all likelihood much greater.

Proposed regulations have been submitted for review.

On February 3, the Board of the California Privacy Protection Agency held its latest public meeting, focused on the anticipated regulations interpreting the California Consumer Privacy Act, as now amended by the California Privacy Rights Act.

An updated version of the NIST Cybersecurity Framework is on the way.

In 2013, President Barack Obama directed the National Institute of Standards and Technology (“NIST”) to lead the development of a cybersecurity framework to “reduce cyber risks to critical infrastructure.” The result was the NIST Cybersecurity Framework (formally, the “Framework for Improving Critical Infrastructure Cybersecurity”), a comprehensive, flexible, and scalable approach that provides a structure that can be used by entities to create, guide, assess, or improve their cybersecurity programs. The first version, v1.0, of the CSF was released in February 2014. NIST subsequently released v1.1 of the CSF in April 2018 to clarify, refine, and enhance the framework. Since its release, the CSF has been widely adopted across a range of industries within the United States and internationally.