The Department of Justice (DOJ) released a Final Rule restricting certain transfers of Americans’ sensitive personal data to identified countries of concern or covered individuals. The Final Rule continues to assert the DOJ...more
2/14/2025
/ Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Executive Orders ,
Export Controls ,
Final Rules ,
Government Agencies ,
National Security ,
Personal Data ,
Regulatory Requirements
Paul Hastings released its SEC Cyber Incident Disclosure Report today, providing a unique look at how public companies have responded to new incident disclosure requirements. The Securities Exchange Commission (SEC) approved...more
12/19/2024
/ Compliance ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Form 10-K ,
Form 10-Q ,
Form 8-K ,
Publicly-Traded Companies ,
Ransomware ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Whistleblowers
On October 16, 2024, the New York Department of Financial Services (NYDFS) issued an industry letter entitled “Cybersecurity Risks Arising from Artificial Intelligence and Strategies to Combat Related Risks” in response to...more
11/4/2024
/ Artificial Intelligence ,
Covered Entities ,
Cyber Attacks ,
Cybersecurity ,
Data Management ,
Financial Services Industry ,
NYDFS ,
Risk Assessment ,
Risk Management ,
Social Engineering ,
Third-Party Risk
On October 15, 2024, the Department of Defense (“DoD”) published the final version of its rule implementing the Cybersecurity Maturity Model Certification (“CMMC”) Program under Title 32 of the Code of Federal Regulations...more
10/24/2024
/ Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Contracts ,
Defense Sector ,
Department of Defense (DOD) ,
DFARS ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
NIST ,
Prime Contractor ,
Proposed Rules ,
Subcontractors
As we have previously written, late last year the New York Department of Financial Services (NYDFS) adopted long-awaited amendments to its Part 500 Cybersecurity Regulations (Part 500). These are some of the most significant...more
On May 15, 2024, the Securities and Exchange Commission (the “SEC”) adopted amendments to Regulation S-P. Originally passed in 2000, Regulation S-P regulates the treatment of non-public personal information of consumers by...more
6/5/2024
/ Broker-Dealer ,
Customer Information ,
Cybersecurity ,
Data Breach ,
Financial Institutions ,
Incident Response Plans ,
Investment Adviser ,
Personal Information ,
Recordkeeping Requirements ,
Registered Investment Companies (RICs) ,
Regulation S-P ,
Reporting Requirements ,
Securities and Exchange Commission (SEC)
On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (“CISA”) released proposed regulations requiring expansive new cybersecurity incident and ransomware payment reporting across sixteen “critical...more
4/2/2024
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Security ,
Department of Defense (DOD) ,
DFARS ,
Federal Information Security Modernization Act (FISMA) ,
Healthcare ,
Information Technology ,
NERC ,
Popular ,
Proposed Regulation ,
Ransomware ,
Reporting Requirements ,
Water
Federal jurisdiction under the Gramm Leach Bliley Act (“GLBA”) is a patchwork, particularly for banks –the Federal Reserve, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency all...more
On October 3, 2023, the Federal Acquisition Regulatory (“FAR”) Council released two draft rules which would impose new cybersecurity requirements for federal contractors. Comment periods for both proposed rules were slated to...more
The New York Department of Financial Services (NYDFS) adopted a long-expected amendment to its Part 500 Cybersecurity Regulations (Part 500) this week. These are the first significant changes to Part 500 since its inception...more
On October 30, 2023, the Biden-Harris Administration unveiled a sweeping Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI). The Executive Order represents the most...more
11/1/2023
/ Artificial Intelligence ,
Biden Administration ,
Consumer Protection Laws ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Directorate of Defense Trade Controls (DDTC) ,
Executive Orders ,
Healthcare ,
Immigration Procedures ,
National Security ,
NIST ,
Popular ,
Risk Management ,
U.S. Commerce Department
As we enter into the final few months of the year, it is important for companies operating in the United States to not only assess the implementation of the compliance requirements for the four new comprehensive state privacy...more
11/1/2023
/ Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Employee Privacy Rights ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opt-Outs ,
Private Right of Action ,
State Privacy Laws
Earlier this month the Federal Acquisition Regulation (“FAR”) Council released two draft rules which would impose new cybersecurity requirements for federal contractors. The proposed rules, Cyber Threat and Incident Reporting...more
10/25/2023
/ Comment Period ,
Controlled Unclassified Information (CUI) ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Preservation ,
Executive Orders ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Information Technology ,
Popular ,
Proposed Rules ,
Software ,
Subcontractors
The SEC’s Cybersecurity Risk Management Strategy, Governance, and Incident Disclosure Rules were officially published in the Federal Register on August 4, 2023 and go into effect on September 5, 2023....more
On July 26, 2023, the U.S. Securities and Exchange Commission adopted enhanced disclosure requirements regarding cybersecurity risk management, strategy, governance and incident reporting for public companies. The final rules...more
The New York Department of Financial Services (“NYDFS”) released a “revised proposed second amendment” on June 28 that makes further changes to its Cybersecurity Regulation (“23 NYCRR Part 500”). Part 500 was first enacted in...more
Based on recent changes to its rulemaking agenda, the Securities Exchange Commission has postponed the much anticipated release of its final rules for Cybersecurity Risk Management, Strategy, Governance and Incident...more
On March 15, 2023, the SEC issued proposed amendments and a proposed rule addressing cybersecurity. Specifically, the SEC proposed Rule 10, which addresses cybersecurity risks, and proposed to amend Regulation SCI and...more
3/30/2023
/ Cyber Incident Reporting ,
Cybersecurity ,
Incident Response Plans ,
MSRB ,
Notification Requirements ,
Policies and Procedures ,
Popular ,
Proposed Amendments ,
Recordkeeping Requirements ,
Regulation S-P ,
Securities and Exchange Commission (SEC)
On March 1, 2017, New York’s Department of Financial Services (“NYDFS”) implemented a comprehensive cybersecurity regulation aimed at financial institutions (the “Cybersecurity Regulation”)....more
What are the new rules?
Earlier this year, the Securities and Exchange Commission (“SEC”) published a new set of proposed cybersecurity disclosure rules for public companies. The proposed rules would significantly increase...more
Throughout 2022, we continue to see regulators placing an emphasis on the importance of protecting and securing information, in particular consumer personal information, at both the federal and state levels.
...more
10/6/2022
/ Breach Notification Rule ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Employee Training ,
Encryption ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NYDFS ,
Opt-Outs ,
Popular ,
Private Right of Action ,
Proposed Amendments ,
Risk Assessment ,
Securities and Exchange Commission (SEC) ,
State Privacy Laws