Four years ago—in early February 2020—Blackbaud, a software company that provides tools to schools, healthcare providers, and non-profit organizations, fell victim to a ransomware attack. That attack, which compromised data from some 13,000 Blackbaud customers,...

With the comment period recently closed, the content and implications of the Consumer Financial Protection Bureau (“CFPB”)’s  advanced notice of proposed rulemaking warrant particular attention. The proposed Personal Financial Data Rights Rule (“Proposed Rule”) builds upon earlier CFPB...

UPDATE – January 27, 2025: The Federal Trade Commission has finalized changes to the Children’s Online Privacy Protection Rule (“COPPA” or the “Final Rule”). The final amendments will become effective 60 days after publication in the Federal Register...

The U.S. Department of Health and Human Services (HHS) released a concept paper outlining the Department’s cybersecurity strategy to address rising health sector security incidents. This concept paper is a result of the Biden administration’s efforts to strengthen...

The Federal Communications Commission (“FCC”) voted today to adopt updated breach notification rules for telecommunications and interconnected Voice over Internet Protocol (“VoIP”) service providers (together, “carriers”), and telecommunications relay service (“TRS”) providers. Before this week, the FCC...

The Federal Communications Commission (“FCC”) announced its tentative agenda for its November 15 meeting, which includes the proposed Order to protect consumers from two increasingly common cybercriminal techniques: SIM swapping and number porting.  SIM Swapping & Number...