The Matrix

The FBI Warns M&A Participants on the Increasing Ransomware Threat

Posted by

Last week, the Federal Bureau of Investigation issued a private industry notification warning that “ransomware actors are very likely using significant financial events, such as mergers and acquisitions, to target and leverage victim companies for ransomware infections.” The FBI cautioned that ransomware attackers research publicly available information and target companies involved in significant, time-sensitive financial dealings such as M&A and other transactions. This initial reconnaissance, according to the FBI, is later followed by a ransomware attack and a subsequent threat that unless the victim pays the ransom, the attackers will disclose the information publicly, causing potential investor backlash and affecting the victim’s stock value. More

FTC Updates Safeguards Rule for Non-Banking Financial Institutions

Posted by

The Federal Trade Commission recently announced a newly updated rule concerning the data security safeguards required for financial institutions to protect their customers’ financial information. The FTC’s updated Safeguards Rule, which originally was mandated by Congress under the 1999 Gramm-Leach-Bliley Act, requires non-banking financial institutions, such as mortgage brokers, motor vehicle dealers, and payday lenders, to develop, implement, and maintain a comprehensive security system to keep their customers’ information safe. The new rule more closely aligns with the NY Department of Financial Services Cybersecurity Regulation. More

The DOJ’s Civil Cyber-Fraud Initiative

Posted by

October is National Cybersecurity Awareness month, and the Department of Justice has chosen this month to roll out a new “Civil Cyber-Fraud Initiative.” The announced purpose of the Initiative is to actively pursue cybersecurity-related fraud claims by government contractors and grant recipients.  More

The Framework of a Tort-Claim Safe Harbor

Posted by

A bipartisan bill was introduced on October 5, 2021, in the Michigan Senate to amend the Michigan Identity Theft Protection Act (the “Act”). The bill, linked below, would create an affirmative defense to tort claims arising out of a security breach.  More

OFAC Issues Updated Ransomware Advisory

Posted by

On September 21, 2021, the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) issued an updated ransomware advisory (the “2021 Guidance”), which supersedes its 2020 ransomware guidance (the “2020 Guidance”), discussed in a previous post on this blog. 

In the 2021 Guidance, OFAC notes that ransomware payment demands have escalated during the COVID-19 pandemic as U.S. businesses maintain significant online and internet-connected activities.  OFAC identifies a 21 percent increase in ransomware attacks and a 225 percent increase in ransomware losses as reported by the Federal Bureau of Investigation (FBI).  The  pandemic has presented numerous opportunities for cyber actors to target system vulnerabilities, particularly smaller businesses and municipal entities with limited resources for cybersecurity investments as well as entities supporting critical infrastructure, such as hospitals, that are likely to make quick payments to avoid service disruptions to patients.  More

COVID-19 Operations: How to Keep Vaccine-Related Data Safe

Posted by

Post authored by Mahja D. Zeon, an Associate in Honigman's Detroit office and Lauren Legner, a 2021 Summer Associate in the firm's Detroit office.

Employers have a right, and in some industries, even a requirement, to implement vaccine-related policies to promote workplace safety, but they must be mindful of the privacy implications.  There are several competing concerns to weigh when deciding whether to implement vaccine-related policies. On the one hand, data regarding employee vaccination status may play an essential role in keeping the workplace safe from COVID-19 outbreaks. On the other hand, collecting and using such data implicates individual privacy and data security concerns. Should an employer choose to collect vaccine-related data, it must take the appropriate steps to keep this information safe. Here are three ways employers can implement vaccine-related, data-safe policies: More

Colorado Passes Comprehensive Consumer Privacy Law

Posted by

On the heels of Virginia’s Consumer Data Protection Act, Colorado recently passed its own comprehensive consumer privacy law. On July 8, 2021, Colorado Governor Jared Polis signed the Colorado Privacy Act (“CPA”). The CPA takes effect on July 1, 2023. More

Understanding National Security Implications of Sensitive Data

Posted by

Business transactions, management changes or investments involving non-U.S. companies or individuals receiving control or information rights to U.S. companies are subject to review by the U.S. government for national security purposes. There is a particular concern if any sensitive individual or government data is held by the U.S. company.  U.S. companies holding sensitive data should consider whether their business may be subject to CFIUS review prior to entering any investment or engaging in M&A activities.   More

The Death of the Date of Birth

Posted by

Michigan state courts have new privacy protections in court rules that become effective July 1, 2021 (links to the implementing orders are included below) after implementation was previously delayed.  Under revised Michigan Court Rule (“MCR”) 1.109 and 8.119, parties are no longer able to file papers – including pleadings, motions, and briefs – or attachments containing specified types of personally identifying information (PII) such as date of birth, financial account numbers, driver’s license numbers, state-issued personal identification card numbers, or passport numbers.  The existing prohibition on filing more than the last four digits of a social security number remains in force.  The revised MCR 1.109 calls for parties and their attorneys to redact any PII and to prepare a separate form listing the un-redacted information and reference codes to be used in the public document.  That separate form is considered a nonpublic document and is available only to the court, the parties, and other specified persons.  Anyone obtaining a copy of a publicly filed document will receive only the redacted copy and not the separate form. More

How the IWCA Impacts BIPA Claims

Posted by

The Illinois Biometric Information Privacy Act (BIPA) is a law concerning the protection of biometric data. The BIPA requires companies collecting biometric information to establish a policy and obtain a written release from its employees prior to collecting and using this information. The BIPA is the only statute of its kind with a private right of action. Under the BIPA, individuals may sue for violations and recover monetary damages.  More

Jump to Page