Tag Archives: Lisa Sotto

T-Mobile to Spend 31.5 Million Dollars to Settle Multiple FCC Investigations Related to Recent Data Breaches

by Lisa Sotto and Jennie Cunningham

Photos of the speakers

Left to right: Lisa Sotto and Jennie Cunningham. (Photos courtesy of Hunton Andrews Kurth LLP)

On September 30, 2024, the Federal Communications Commission announced that T-Mobile has entered into an agreement to settle multiple data protection and cybersecurity investigations stemming from data breaches in 2021, 2022 and 2023. The breaches involved the personal information of millions of current, former, and prospective T-Mobile customers and end-user customers of T-Mobile wireless network operators, and resulted from various threat vectors, including a 2021 cyberattack, a 2022 platform access incident, a 2023 sales application incident, and a 2023 API incident. T-Mobile previously settled class action claims in federal district court related to the 2021 cyberattack. In addition to a $15.75 million penalty, T-Mobile also will be required to spend $15.75 million over the next two years to strengthen its cybersecurity program and implement a plan to protect consumers from similar future breaches. Continue reading

Kentucky Set to Enact Comprehensive State Privacy Law

by Lisa Sotto, Marshall Mattera, and Amanda Pervine

Lisa Sotto and Marshall Mattera (photos courtesy of Hunton Andrews Kurth LLP)

Update: On April 4, 2024, Governor Andy Beshear signed H.B. 15 into law, making Kentucky the 16th state to enact a comprehensive data privacy law.

On March 27, 2024, the Kentucky legislature passed a comprehensive data privacy bill (“H.B. 15”), which was delivered to the Governor for signature.  If H.B. 15 is enacted, Kentucky will join the growing list of states with comprehensive data privacy laws.  

Continue reading

Looking Back at Fall 2023 PCCE Events: 3rd Annual Directors’ Academy

As we begin to prepare for a full schedule of events in 2024, starting with an event on Voluntary Self-Disclosure Policy for Export Controls Violations on January 16, 2024, the NYU School of Law Program on Corporate Compliance and Enforcement (PCCE) is taking a moment to reflect on our busy Fall 2023 program. In this post: our third annual PCCE Directors’ Academy on September 21-22, 2023.

Photo of speaker

Keynote speaker Heather Lavallee, CEO, Voya Financial, Inc. (©Hollenshead: Courtesy of NYU Photo Bureau)

Continue reading

CPPA Issues Draft CPRA Regulations on Risk Assessment and Cybersecurity Audit

by Lisa Sotto and Sam Grogan 

Photos of the authors

Lisa Sotto and Sam Grogan (photos courtesy of the authors)

On August 29, 2023, the California Privacy Protection Agency (“CPPA”) Board issued draft regulations on Risk Assessment and Cybersecurity Audit (the “Draft Regulations”). The CPPA Board will discuss the Draft Regulations during a public meeting on September 8, 2023.

In issuing the Draft Regulations, the CPPA Board makes clear that it has not yet started the formal rulemaking process for cybersecurity audits, risk assessments or automated decision-making technology, and that these Draft Regulations are intended to facilitate Board and public discussion and are subject to further changes. Nevertheless, the Draft Regulations provide insights into the type of requirements companies may be expected to comply with in the future.

Continue reading

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

by Lisa Sotto and Michael La Marca 

Photos of the authors

Lisa Sotto and Michael La Marca (Photos courtesy of Hunton Andrews Kurth)

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published  an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. On November 9, 2022, NYDFS published a first draft of the proposed Amendment and received comments from stakeholders over a 60-day period. The updated proposed Amendment will be subject to an additional 45-day comment period.

Continue reading