Posts from February 2023.

A significant HIPAA reporting deadline is fast approaching for all covered entities. 

Fight back against this major cyber threat.

Business Email Compromise is one of the greatest cyber threats to businesses of all sizes and industries, particularly those involved in regular wire transfers of funds. According to the Federal Bureau of Investigation, between June 2016 and December 2021, BEC scams were reported in all 50 states and 177 countries, with more than 140 countries receiving fraudulent transfers. These statistics are based on information reported to the FBI by victims, law enforcement, and the banking community. Actual and attempted dollar losses associated with these reports exceed $43 billion. Because these numbers are based only on compromises that have been reported, the true cost of BEC scams is in all likelihood much greater.

Proposed regulations have been submitted for review.

On February 3, the Board of the California Privacy Protection Agency held its latest public meeting, focused on the anticipated regulations interpreting the California Consumer Privacy Act, as now amended by the California Privacy Rights Act.

An updated version of the NIST Cybersecurity Framework is on the way.

In 2013, President Barack Obama directed the National Institute of Standards and Technology (“NIST”) to lead the development of a cybersecurity framework to “reduce cyber risks to critical infrastructure.” The result was the NIST Cybersecurity Framework (formally, the “Framework for Improving Critical Infrastructure Cybersecurity”), a comprehensive, flexible, and scalable approach that provides a structure that can be used by entities to create, guide, assess, or improve their cybersecurity programs. The first version, v1.0, of the CSF was released in February 2014. NIST subsequently released v1.1 of the CSF in April 2018 to clarify, refine, and enhance the framework. Since its release, the CSF has been widely adopted across a range of industries within the United States and internationally.

In Jones v. Google, LLC, a three-judge panel of the U.S. Court of Appeals for the Ninth Circuit held that a district court judge erred in finding that state privacy claims were preempted by the federal statutory framework referred to as the Children’s Online Privacy Protection Act, or “COPPA.” The district court had dismissed a class action brought by children based on allegations “that Google used persistent identifiers to collect data and track their online behavior surreptitiously and without their consent…”

This year’s deadline for filing individual tax returns is April 18.

Malicious actors routinely target human resources professionals, certified public accountants, and individual employees with social engineering attacks during tax season in an effort to obtain copies of Internal Revenue Service Form W-2 (Wage and Tax Statement). Form W-2 contains the information that allows a malicious actor to file false tax returns and steal the refunds. Those who receive, process, or maintain copies of W-2s should be on the lookout for phishing emails and other types of social engineering attempts this tax season.

The Constangy Cyber Advisor posts regular updates on legislative developments, data privacy, and information security trends. Our blog posts are informed through the Constangy Cyber Team's experience managing thousands of data breaches, providing robust compliance advisory services, and consultation on complex data privacy and security litigation. 


* indicates required
Back to Page