By: Matt Todd and Romaine Marshall Crypto is dead or on life support, waiting for regulation to rid it of ‘crypto contagion.’  Meanwhile, blockchain technology – the virtual, public ledger technology that records crypto transactions – is very much alive, as evidenced by emerging applications in the healthcare, transportation, and real estate industries.1 Even crypto skeptics who mockingly blame “magical thinking” for infecting a generation of investors agree, at a minimum, there is a potential legitimate use of crypto “as part of new payment systems using blockchain technology” for such ..read more

By: Romaine Marshall and Kurt Erskine Last week classes for elementary schools, high schools and a community college in Boston were canceled due to a cyberattack.1 Last month an Arkansas school district approved a payment of $250,000 to cybercriminals to retrieve stolen data.2 Similar attacks were reported in at least 90 other schools and universities last year, about the same as in the previous year.3 According to the United States Government Accountability Office, the impact of cyberattacks during 2018-2021 for K-12 schools included loss of learning from three days to three weeks ..read more

By: Romaine Marshall and Jose Abarca In the past two weeks, the federal government has released startling reports calling for urgent action to address cybersecurity risks to offshore oil and gas facilities and internet-connected devices. Yesterday, one of the reports acknowledged that federal agencies cannot assess such risks without “a holistic approach.” In 2023, a “public and private sector partnership” will be vital.  Click here to download and view the full update ..read more

By: Romaine C. Marshall, Elizabeth (Liz) Harding, Jordan C. Lee and Jose A. Abarca “To prosper over time, every company must not only deliver financial performance, but also show how it makes a positive contribution to society,” said the CEO of the world’s largest money manager in 2019. But embedding environmental, social and governance (ESG) factors recently prompted multiple state attorney generals to allege multiple violations of law, including breached duties of care and loyalty, against that same CEO. Listen to presenters Romaine C. Marshall, Elizabeth (Liz) Harding, Jordan C. Lee and Jo ..read more

Polsinelli is pleased to share the Tech Transactions & Data Privacy 2022 Report. The articles contained in this report highlight the forward-thinking advice and counsel our attorneys provide our clients throughout the year. In this report: Top 5 Privacy Issues of 2022 Discoverability of Forensic Expert Incident Reports Market Changes in Cyber Liability and Options for Your Business Ransomware Reporting Requirements: A Look Forward into Evolving Security Incident Notification Rules The FTC’s Expanding Role in Cybersecurity and Data Privacy Enforcement in 2022 Third-Party D ..read more

By: Elizabeth (Liz) Harding and L. Hannah Ji-Otto China has recently joined the list of countries that have adopted the world’s strictest data-privacy laws. Given China’s desirability as both a market for and a source of data, companies worldwide have started making early efforts to mitigate the impact of these new requirements on their businesses. This client alert provides five concrete steps that an organization can take now that China’s new privacy law has become effective. For background, China’s first attempt to regulate the internet was its Cybersecurity Law (“CSL”) of 2017. The y ..read more

By: Jennifer Osborn Nix, Steven L. Imber, Zachary R. Dyer, Justin T. Liby, John C. Cleary The New York Department of Financial Services (“NYDFS”) recently announced that it has entered into a Consent Order with two affiliated life insurers for alleged violations of New York’s Cybersecurity Regulation (the “NY Cybersecurity Regulation”). The NYDFS conducted an investigation and determined that the two life insurers (the “Companies”) had been the subject of two phishing attacks in 2018 and 2019, which compromised the email accounts of several of the Companies’ employees, providing access to a s ..read more

By: John C. Cleary, Mark A. Olthoff and Michael J. Waters The Supreme Court in TransUnion LLC v. Ramirez on June 25, 2021 dramatically reorganized and narrowed the Article III landscape for constitutionally cognizable damage suits in federal court. Suits for damages based solely on “risk of future” harm, the Court ruled, are not “Cases” or “Controversies” under the U.S. Constitution and no longer meet what were long thought to be minimal “injury in fact” requirements for a plaintiff to establish standing to sue. Describing the new standard as “No concrete harm, no standing,” in the 5-4 majori ..read more

By: Elizabeth (Liz) Harding and Thomas P. Weber On May 26, 2021, the Colorado State Senate unanimously passed the Colorado Privacy Act bill (CPA) through the state Senate.  On June 7, 2021, the Colorado House passed the CPA (by a vote of 57-7).  The House amended the Senate version of the CPA, so the bill will now return to the Senate for consideration of the House amendments. Specifically, the House adopted nine total amendments to the CPA.  Amendments of note include: Consumer rights to access, correction, deletion and data portability do not apply to pseudonymous data; T ..read more

By: Elizabeth (Liz) Harding, Ephraim T. Hintz and Thomas P. Weber Like Virginia and Washington before it, on March 19, 2021, Colorado introduced a data privacy bill, the Colorado Privacy Act (CPA). As currently drafted, the CPA would be similar to other U.S. state privacy laws, including California’s CCPA, Virginia’s Consumer Data Protection Act and Washington’s Privacy Act, although it also bears a close resemblance to the GDPR. If passed, the CPA would go into effect on January 1, 2023. 1. Who would be subject to the CPA? The CPA applies to organizations that conduct business in Colorado or ..read more