www.polsinelli.com Open in urlscan Pro
2606:4700:10::6816:41fd  Public Scan

Form analysis
0 forms found in the DOM

Text Content

You need to enable JavaScript to run this app.
This website does not track your personal or demographic information, only
anonymous usage statistics. To ensure that you are not tracked, we have blocked
all embedded content from third party sources like YouTube and SlideShare. Click
"Accept Cookies" to enable third-party content. To learn more about our cookie
policy, click here.
Accept CookiesNo Thanks
Skip Navigation

Contact UsClient LoginSearch
 * Our People
 * Our Capabilities
 * Our Firm
    * About Us
    * Careers
    * Diversity, Equity and Inclusion
    * Insights
       * News
       * Events
       * Publications
   
    * Offices


PUBLICATIONS


Back to Publications

December 02, 2022 Updates


NATIONAL SECURITY FOCUS ON CYBERSECURITY FOR CRITICAL INFRASTRUCTURE SHARPENS


Download Publication as a PDF

Last year, Colonial Pipeline halted one of the United States’ largest pipeline
systems due to a ransomware attack.1  Within days, a state of emergency was
declared in 17 states. A few days later, the pipeline resumed service, and
Colonial Pipeline acknowledged it paid $4.4 million to cyber criminals.2  For
critical infrastructure, Colonial Pipeline was a turning point.

Download the publication to view the full alert. 

--------------------------------------------------------------------------------

[1] https://www.energy.gov/ceser/colonial-pipeline-cyber-incident

[2] On June 7, 2021, the Department of Justice announced the recover of $2.3
million in cryptocurrency that was paid to the cyber criminals
(https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside).


RELATED PEOPLE

 * Jose A. Abarca
 * Romaine C. Marshall


RELATED CAPABILITIES

 * Privacy and Cybersecurity
 * Energy
 * Public Utilities & Energy Consumers
 * Government Contracts
 * Transportation & Logistics
 * Food and Agriculture

Firm Highlights
Slide 1 of 10
 * News
   Polsinelli Strengthens National Cybersecurity and Data Privacy, Litigation,
   Employment and Corporate Groups with Addition of Four Attorneys
   Am Law 100 firm Polsinelli continues the national expansion of its litigation
   and corporate teams with the addition of Shareholders Romaine Marshall in the
   Cybersecurity and Data Privacy Litigation Group, Jose Abarca in the
   Commercial Litigation Group, and Jordan Lee in the Labor and Employment
   Group, as well as Robert Lamb as Counsel in the Corporate Group.  Marshall,
   Abarca and Lamb all join the firm in Salt Lake City, and Lee joins the firm’s
   Los Angeles office. The addition of these four attorneys is part of
   Polsinelli’s national strategic growth strategy, focusing on key areas of
   practice. Since January, the firm has added 138 attorneys across the country,
   including 39 new Shareholders. “We greatly value collaboration across all
   practice areas. Adding these
   Read more
 * Publications
   FTC Announces Decision “with a 100% chance of far-reaching” Impact for Data
   Breaches
   On Monday the Federal Trade Commission issued a press release stating it is
   settling a case against Drizly and its CEO for a data breach that exposed the
   information of 2.5 million consumers in July 2020.1 The proposed settlement
   is notable because the FTC alleges in the underlying Complaint that: (1)
   Drizly broke the law by not improving security after an incident in 2018, and
   (2) Drizly’s CEO broke the law for taking shortcuts on security.  On the same
   day, in a blog post titled “Data security forecast: Drizly with a 100% chance
   of far-reaching order provisions,” the FTC detailed Drizly and its CEO’s
   missteps which it said “exacerbated the impact of the [2020] breach” and
   exposed failures in their governance structures –
   Read more
 * News
   Six Polsinelli Litigation Practices Recognized Among the Nation’s Best by BTI
   Consulting Group
   Am Law firm 100 Polsinelli is pleased to announce it has been recognized in
   six categories in BTI Consulting Group’s newly published Litigation 2023
   Outlook: Litigation Spending in the Uncertain Economy and Beyond. Polsinelli
   earned especially distinguished recognition by achieving the coveted
   “Powerhouse” ranking for its Intellectual Property Litigation Practice. The
   ranking — BTI’s highest — is reserved for just the top 1% of firms across the
   country. The firm also earned “Standout” recognition nationally for five
   practices within Polsinelli’s distinguished national Litigation Department:
   Class Action, Commercial Litigation, Complex Commercial Litigation,
   Cybersecurity Litigation and Product Liability Litigation. Polsinelli’s
   Intellectual Property Litigation Practice takes creative and strategic
   approaches to resolve intellectual property disputes for local, regional,
   national and global companies and individuals across a wide
   Read more
 * Publications
   Facial Recognition: Clearview-ACLU Settlement Charts a New Path for BIPA and
   the First Amendment
   The closely watched privacy and First Amendment battle between Clearview AI
   (“Clearview”) and the American Civil Liberties Union (“ACLU”) came to a close
   on May 9, 2022 as the parties announced a settlement and proposed consent
   decree that would resolve all outstanding issues. ACLU v. Clearview AI, Inc.,
   2020 CH 04353 (Cir. Ct. Cook City., Ill.) (motion for settlement approval
   filed May 9, 2022). Clearview has gained prominence and market share in
   recent years by amassing over three billion facial images from public sources
   and building a business model premised on digitizing these images and making
   them available to a range of customer interests and industry sectors. Market
   demand for this database (the “Clearview App”) spans law enforcement agencies
   at the
   Read more
 * Publications
   EU Cyber Resilience Act
   On September 15, 2022, the European Commission published its Proposal for a
   Cyber Resilience Act (CRA) which sets out new requirements for hardware and
   software products in the EU.  The CRA applies to hardware and software that
   contain digital components and whose intended use includes a connection to a
   device or network and applies to all digital products placed on the EU market
   (including imported products). Main Requirements Digital products are broken
   down into certain risk allocations, with Class II critical products including
   identity management software, password managers, VPNs, network traffic
   monitoring systems, and remote access software.Class II critical products
   include microprocessors, routers, IOT devices, smart meters, and operating
   systems. Manufacturers will need to assess the cyber risk of their digital
   hardware and software
   Read more
 * Publications
   CPRA and Employee Data – What Businesses Need to Know
   The California Privacy Rights Act (“CPRA”) comes into force on January 1,
   2023, and will amend and extend the privacy rights under the California
   Consumer Privacy Act (“CCPA”).  Assuming no further applicable extensions or
   amendments are passed, the CPRA will eliminate the CCPA’s exemptions that
   apply to employee data and businesses subject to the CPRA will have to comply
   with obligations with respect to the processing of employee data. What Is the
   Current Situation Under CCPA? Currently, the CCPA provides employers with
   limited exemptions with respect to employment related personal information,
   when that personal information is collected and solely used in connection
   with the individual’s role as an employee or job applicant, dependent,
   beneficiary, independent contractor or owner.  Specifically, the CCPA
   Read more
 * Publications
   National Credit Union Administration Issues New Proposed Rule Requiring
   72-Hour Cyber Incident Reporting
   On July 27, 2022, the National Credit Union Administration (NCUA) issued a
   proposed rule requiring federally insured credit unions (FICUs) to notify the
   NCUA within seventy-two (72) hours of discovering a reportable cyber
   incident. Summary of the Proposed Rule Under existing federal law (the
   Interagency Guidance on Response Programs for Unauthorized Access to Member
   Information and Member Notice), credit unions must notify the appropriate
   NCUA Regional Director, and, in the case of state-chartered credit unions,
   their state supervisory authority, as soon as possible when the credit union
   becomes aware of an incident involving unauthorized access to or use of
   sensitive member information. If finalized, the new rule will require FICUs
   to report to the NCUA, as soon as possible and no later than
   Read more
 * News
   Polsinelli Further Strengthens National Data Privacy Team with Addition of
   Shareholder Gregory Leighton and Associate Bari Rascoe in Chicago
   Am Law 100 firm Polsinelli further strengthens its national Data Privacy
   Group with the addition of Shareholder Gregory Leighton in Chicago. Data
   privacy Associate Bari Rascoe also joins the firm’s Chicago office.  The
   addition of Leighton and Rascoe is part of the firm’s continued growth in the
   data privacy space in response to an increased demand given the ever-changing
   federal, state, and international privacy laws. “It doesn’t matter where you
   are in the world, data privacy is in the news.  Companies create and utilize
   data in greater and more sophisticated ways than ever before.  At the same
   time, the laws and regulations surrounding data privacy are rapidly changing
   as are best practices for doing business today,” said Greg Kratofil, Chair of
   Polsinelli’s
   Read more
 * Publications
   Is it Legal? IP & Metaverse Law
   Read more
 * Publications
   Cybersecurity Awareness Means, at a Minimum, Doing the Basics (Again and
   Again)
   On September 30, 2022, the White House kicked off Cybersecurity Awareness
   Month by reminding citizens of the impacts cyberattacks can have on critical
   infrastructure such as “electric grids and fuel pipelines … and many other
   critical services,” and the importance of partnering with private industry
   and exchanging information about cyber threats.1  A few days after the above
   proclamation, a jury convicted the former Chief Security Officer of Uber of
   concealing from the FTC a 2016 data breach that exposed the personal
   information of about 57 million users and was linked to other data breaches.2
   The former CSO awaits sentencing, which could be up to five years in federal
   prison. During his trial, the former CSO claimed he was being scapegoated,
   that Uber’s
   Read more




© 2022 Polsinelli PC, Polsinelli LLP in California, Polsinelli PC (Inc) in
Florida. All Rights Reserved. Attorney Advertising. Prior results do not
guarantee similar outcome.
Contact UsSubscribeCollaborate PolsinelliClient Payment PortalDisclaimerPrivacy
Policy
FacebookTwitterLinkedInInstagram
Client Login