Calfee Connections

Given that personal data holds such enormous commercial value in our economy, questions inevitably arise as to how all that data can be protected in the current and rapidly evolving threat environment. Businesses and corporations may be looking for the best ways to protect their own and their customers’ information and reduce their vulnerability to a data breach.

Website privacy policies have become a standard part of doing business online, and website visitors these days likely expect one. While there is no general federal law requiring a privacy policy (though many states are passing legislation that may require one, and some businesses have privacy requirements through various data-specific federal statutes such as HIPAA, Gramm-Leach Bliley, etc.), it is generally good practice to have such a policy, especially if your business gathers contact information or other sensitive personal data (like credit card information).

The Financial Crimes Enforcement Network (FinCEN) estimates some $590 million in ransomware payments were reportedly made from January to June 2021. Moreover, hackers are now blatant enough to brand their undertakings as “Ransomware as a Service,” and some reportedly “feel completely safe” from prosecution against their illegal activities in countries such as China.

What are these data breaches and ransomware attacks, and what can you do to help protect your company?

On April 14, 2021, the DOL released a series of long-anticipated cybersecurity tips and best practices for ERISA-covered benefit plans, which include retirement and welfare plans. The guidance is directed at plan sponsors and fiduciaries (and, at least indirectly, plan service providers) as well as plan participants and beneficiaries.