Ericka Johnson

Subscribe to all posts by Ericka Johnson

New Law Requires 72-Hour Notice for Cyber Incidents

We recently shared a timely post on Consumer Privacy World that, given the focus of, we wanted to call to your attention. “President Biden has recently delivered on a long stated priority of his presidency: requiring the disclosure of cyber security incidents for companies that operate critical infrastructure. After announcing an executive order in May … Continue Reading

Preparing an application for the SBA’s Community Navigator Program, from a compliance perspective

The American Rescue Plan Act allocated $100 million to the Small Business Administration to be distributed to various “Hub” organizations to further disseminate among their “Spoke” partners. The purpose behind this funding structure is to better reach small businesses in underserved communities, which may not have received the full benefit of COVID-19-related economic relief in … Continue Reading

4 Compliance Tips Amid Increased Ransomware Scrutiny

In light of two new US Treasury Department advisories signaling increased oversight of ransomware payments, victim companies and their third-party response teams considering making payments should follow certain due diligence and compliance best practices, write Colin Jennings, Ericka Johnson, Dylan Yépez and Elizabeth Weil Shaw in an article for Law360.… Continue Reading

Executive Responsibilities and Consequences: A Case Study of Uber’s Data Breaches

Every organization is at risk of a data breach, and can learn something from Uber’s data privacy missteps. In an article for Corporate Compliance Insights, Squire Patton Boggs lawyers Colin Jennings, Ericka Johnson, and Dylan Yépez offer key takeaways from the company’s high-profile data breaches and the criminal charges that followed.      … Continue Reading

Lying in Wait: Cybercriminals’ COVID-19 Tactic

As business slowly and cautiously reopens, cybercriminals lie in wait.  A case study into a massive unemployment insurance fraud shows that cybercriminals patiently hunt for  lucrative opportunities to strike.  For that reason, companies reopening should consider conducting a cyber-audit to identify their cyber vulnerabilities and thwart cybercriminals lying in wait.… Continue Reading

Threat of Iranian Cyberattack Matters to Your Organization

The ongoing Iran-US tensions, and potential for retaliatory cyberattacks, alert each organization to prepare to defend against a cyberattack. Iran has a history of sophisticated cyberattacks in response to increased tensions. In a new client alert, our Data Privacy & Cybersecurity team recommends a thorough review of your people, facilities, networks, and data procedures in response … Continue Reading

Is Your Data Breach Report Protected?

Responding effectively to a data breach requires an organization to obtain a thorough forensic report about what happened and why.  Yet this report can damage the company further if it becomes public inadvertently.  Members of our cross-practice data protection team discuss how to protect a forensic report under privilege.  The insights of Leah Parsons, Ericka Johnson, and Colin Jennings can be found here.  A related … Continue Reading

CLOUD Act is Now Law

Buried on page 2,201 of the 2,232-page 2018 Omnibus Spending Bill, the CLOUD Act was signed into law on March 23, 2018. The bill allows U.S. law enforcement to obtain U.S. citizens’ private data from servers anywhere in the world, provided that an agreement exists with that country on data sharing. However, the CLOUD Act … Continue Reading

The CLOUD Act, Bridging the Gap between Technology and the Law

Part I: Background During the era when the Sony Walkman birthed the personal audio revolution, Nintendo Entertainment Systems appeared on American shores, and Gordon Gekko made wireless phone calls on his chunky mobile phone, the 99th United States Congress passed the Stored Communications Act (SCA). Enacted in 1986, the SCA governs U.S. authority to compel … Continue Reading
LexBlog