Cybersecurity Archives - Page 3 of 29

Federal Court Holds Bank Liable For Business Email Compromise Losses

We have written on previous occasions about the rise in frequency and severity of Business Email Compromise (BEC) cyberattacks. As explained in other posts, BEC attacks are a type of phishing scam typically targeting companies in order to fraudulently direct payments of money to accounts associated with the attackers. Attackers typically target high-level executives or employees with access to financial systems. After the BEC attack, victims have typically had difficulty recovering the fraudulently misdirected funds, which are usually moved to offshore accounts very quickly.

However, a recent court decision in Virginia may have provided a roadmap for some BEC victims to seek compensation from the financial institutions that facilitate the fraudulent transfers of money. In Studco Bldg. Sys. US, LLC v. 1st Advantage Fed. Credit Union, WL 1926747 (2023), a United States District Court Judge held that one of the financial institutions involved in facilitating a BEC payment did not act in a commercially reasonable manner in allowing the transaction to take place. Because the financial institution acted negligently, the victim of the BEC was awarded a judgment of $558,868.71

Continue reading “Federal Court Holds Bank Liable For Business Email Compromise Losses”

The UK’s New AI Proposals

On 29 March 2023, the UK Government published its latest proposals on regulating Artificial Intelligence (“AI”). The White Paper follows on from an initial policy paper published in July 2022 (the “2022 Policy Paper”), which we discussed in detail in our previous blog post. The proposals set out in the White Paper have been informed by the feedback received as part of the UK Government’s consultation on the 2022 Policy Paper.

A central theme is that the regulatory framework in the UK must not stifle innovation, but rather harness AI’s ability to drive growth and prosperity, and increase public trust in its use and application.

Continue reading “The UK’s New AI Proposals”

China SCC Measures Officially Release a Path for Outbound Personal Information Transfer

On February 24, 2023, the Cyberspace Administration of China (CAC) released the much-awaited Measures for the Standard Contract for Outbound Transfer of Personal Information (China SCC Measures) together with the issuance of finalized version of the standard contract for outbound transfer of personal information (China SCC), which will officially come into effect on June 1, 2023. For outbound transfers of personal information which have already been carried out before that date, the China SCC Measures require that the rectification shall be completed within six months from its effective date, i.e, before December 1, 2023.

As one of the three “legitimate grounds” for outbound personal information transfer of personal information under the Personal Information Protection Law of China (PIPL), the China SCC shares quite a number of similarities with the EU Standard Contractual Clauses (EU SCCs) under the GDPR, such as the protection of the data subject’s third-party beneficiary rights, the establishment of a “long-arm” jurisdiction for the exporting country through the execution of SCC-based contractual and other mandatory security requirements for the exported personal information. However, the China SCC Measures still vary significantly from the concept of SCCs under the GDPR. Rather than the four-module approach (controller – controller, controller – processor, processor – processor and processor – controller) under the EU SCCs, the China SCC adopts a one-size-fits-all approach towards exporting personal information by the personal information processor (PIP, a concept similar to the “data controller” under the GDPR) to the overseas recipient. There is no differentiation according to the role of the overseas recipient as a controller, processor or sub-processor. This article offers some key highlights of the newly released China SCC Measures.

Continue reading “China SCC Measures Officially Release a Path for Outbound Personal Information Transfer”

Artificial Intelligence Briefing: NIST Releases AI Risk Management Framework and Playbook

Our latest briefing dives into the public launch of the NIST’s long-awaited AI Risk Management Framework, the EEOC’s new plan to tackle AI-based discrimination in recruitment and hiring, and the New York Department of Financial Services’ endeavor to better understand the potential benefits and risks of AI and machine learning in the life insurance industry.

Continue reading “Artificial Intelligence Briefing: NIST Releases AI Risk Management Framework and Playbook”

State AG Updates: Arizona, Texas, California, North Carolina, Washington, New York and an AG Coalition

In this edition of Faegre Drinker’s State Attorneys General Update, we discuss:

Arizona AG Enters $85 Million Settlement With Google for Alleged Improper Use of Consumer Location Data

Google agreed to an $85 million settlement for alleged violations of Arizona’s Consumer Fraud Act. Specifically, the Arizona AG alleged that Google violated the Act by building “coercive design tactics used to manipulate users’ behavior,” known as “dark patterns,” into its Android phone software. In this instance, the AG alleged that Google created misleading settings, so even if a consumer turned off location tracking in the “Location History” menu, location data would still be tracked and used to sell advertisements through other settings — specifically, the “Web & App Activity” menu.

Continue reading “State AG Updates: Arizona, Texas, California, North Carolina, Washington, New York and an AG Coalition”

DISCERNING DATA

A Faegre Drinker Blog Covering the Latest in Privacy, Cybersecurity and Data Strategy

Category: Cybersecurity