All posts by "Jason Wool" →

Jason Wool

Jason Wool

Jason Wool’s practice focuses on cybersecurity, including cyber risk management, incident response, and compliance with global data protection laws, regulations, and standards, including the PCI-DSS. He has advised organizations ranging from small businesses to Fortune 500 companies during complex, privileged computer crime investigations; provided ongoing advice on the development of cybersecurity programs and cybersecurity governance structures; conducted tabletop exercises and other data breach simulations; and assisted clients with large scale audits to determine compliance with complex cybersecurity standards.

Blog Posts

On June 17, 2020, in a 28-page report released on the topic of online platform liability, the U.S. Department of Justice proposed four material modifications of Section 230 of the CDA:  Narrowing Section 230’s applicability...

Read More →

The Federal Trade Commission (“FTC”) recently gave final approval to a settlement with the Canadian smart locks company Tapplock, Inc. over alleged deceptive practices in the data security context. Tapplock offers Internet-connected, fingerprint-enabled padlocks that interact with...

Read More →

The Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) has released a new report, entitled Cybersecurity and Resiliency Observations, which stands as their most detailed and comprehensive information security guidance to date....

Read More →

On May 7, 2019, Governor Jay Inslee signed a bill (HB 1071) that strengthens the state’s existing data breach notification law by expanding the definition of “personal information” and reducing the time an entity has to...

Read More →

The Department of Health and Human Services (“HHS”) recently issued a Notification of Enforcement Discretion Regarding HIPAA Civil Money Penalties (“CMPs”) in which it lowered the maximum annual fines that can be assessed against covered entities and...

Read More →

The Federal Trade Commission (FTC) has published a Notice of Proposed Rulemaking seeking industry feedback on a number of proposed changes to the Gramm-Leach-Bliley Act (“GLBA”) Safeguards Rule, many of which are drawn from the New...

Read More →

The SEC has issued a “Framework for ‘Investment Contract’ Analysis of Digital Assets” (the ‘Framework’) that provides the Division of Corporation Finance’s guidance on how to evaluate whether digital assets are “investment contracts,” which are a...

Read More →

President Trump signed into law the FAA Reauthorization Act of 2018 (“FAA Act”) in which Section 375 authorizes the Federal Trade Commission (“FTC”) to apply Section 5 of the FTC Act to privacy policy violations...

Read More →

A Canadian law that goes into effect on November 1st will require companies to maintain a record of all breaches, regardless of whether they are reportable. We’ve previously written about the Canadian law that will...

Read More →

Ohio has become the first state to enact legislation providing liability protection for businesses that implement a written cybersecurity program that “reasonably conforms” to certain cybersecurity frameworks or laws to protect personal information. This approach...

Read More →