In a classic story of “it’s never over until it’s over,” cybersecurity David LabMD challenged the FTC’s Goliathan ability to issue sweeping orders in relation to security concerns under Section 5(a) of the Federal Trade Commission Act. LabMD had lost its challenge of the FTC’s underlying authority to issue such orders, but continued in its fight, ultimately challenging the wording of the FTC’s form order itself. And LabMD ultimately won in a landmark decision that can be found here.
New York Temporarily Allows Remote Witnessing of Wills and Other Documents in Response to COVID-19 Pandemic
New Law Prohibits Employers from Discriminating Based on an Employee’s Reproductive Health Decision Making
On June 28, 2018 the Department of Justice (“DOJ”) and the Securities and Exchange Commission (“SEC”) announced parallel criminal and civil charges against Sudhakar Reddy Bonthu, a former software development manager, for selling his shares of Equifax stock before Equifax publicly announced that it had suffered an immense data breach.
As cybersecurity regulatory frameworks mature, the move has been toward risk-adjusted security requirements rather than prescriptive controls mandated by a legislature or administrative agency. This makes sense, of course, for two primary reasons.
Under the Tax Cuts and Jobs Act, colleges and universities with endowments over $500,000 per student are now required to pay a 1.4% excise tax on investment earnings.
The IRS has now provide guidance that will take a bit of the bite out of this new tax -- at least at first.
So far 2018 has been a whirlwind of cyber regulatory activity, from the commencement of GDPR to new state-law data breach requirements to the New York State Department of Financial Services first compliance self-certification deadline. The complexity of the cyber legal landscape is only increasing, and in an effort to keep our clients ahead of the regulatory curve, the HSE Privacy and Data Security team has been on the road, spreading the word about cyber regulatory risk.