On July 26, 2023, the U.S. Securities and Exchange Commission adopted enhanced disclosure requirements regarding cybersecurity risk management, strategy, governance and incident reporting for public companies. The final rules...more
Oregon is the latest state to join the growing patchwork of U.S. state privacy laws. On July 18, 2023, the Oregon Governor signed S.B. 619, enacting what will become the eleventh state privacy law. The Oregon law follows many...more
The New York Department of Financial Services (“NYDFS”) released a “revised proposed second amendment” on June 28 that makes further changes to its Cybersecurity Regulation (“23 NYCRR Part 500”). Part 500 was first enacted in...more
Based on recent changes to its rulemaking agenda, the Securities Exchange Commission has postponed the much anticipated release of its final rules for Cybersecurity Risk Management, Strategy, Governance and Incident...more
Washington State (“Washington”) is preparing to break new ground in the privacy law space, as its legislature finalizes the “My Health My Data Act“ which will further regulate how health data of Washington residents should be...more
On March 30, 2023, the California Office of Administrative Law (OAL) formally approved regulations that will govern the applicability and enforcement of the California Privacy Rights Act (CPRA)....more
As we continue to wait for a potential federal privacy law, the State of Iowa became the sixth state to pass a comprehensive state privacy law (Senate File 262) on March 28th when Governor Kim Reynolds signed the legislation....more
On March 23, 2023, the Illinois Supreme Court issued an opinion in Walton v. Roosevelt University, 2023 IL 128338 that affirms the validity of an important preemption defense for employers facing litigation under the Illinois...more
On March 15, 2023, the SEC issued proposed amendments and a proposed rule addressing cybersecurity. Specifically, the SEC proposed Rule 10, which addresses cybersecurity risks, and proposed to amend Regulation SCI and...more
3/30/2023
/ Cyber Incident Reporting ,
Cybersecurity ,
Incident Response Plans ,
MSRB ,
Notification Requirements ,
Policies and Procedures ,
Popular ,
Proposed Amendments ,
Recordkeeping Requirements ,
Regulation S-P ,
Securities and Exchange Commission (SEC)
Last week the Illinois Supreme Court issued its long awaited opinion in the Cothron v. White Castle System, Inc. In Cothron, the Seventh Circuit Court of Appeals had certified a question of Illinois law to the Illinois...more
On October 7th, the long-awaited Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities was signed by U.S. President Joe Biden (Fact Sheet located here). The Executive Order directed the...more
On March 1, 2017, New York’s Department of Financial Services (“NYDFS”) implemented a comprehensive cybersecurity regulation aimed at financial institutions (the “Cybersecurity Regulation”)....more
What are the new rules?
Earlier this year, the Securities and Exchange Commission (“SEC”) published a new set of proposed cybersecurity disclosure rules for public companies. The proposed rules would significantly increase...more
Throughout 2022, we continue to see regulators placing an emphasis on the importance of protecting and securing information, in particular consumer personal information, at both the federal and state levels.
...more
10/6/2022
/ Breach Notification Rule ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Employee Training ,
Encryption ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NYDFS ,
Opt-Outs ,
Popular ,
Private Right of Action ,
Proposed Amendments ,
Risk Assessment ,
Securities and Exchange Commission (SEC) ,
State Privacy Laws
Over the last two years, many states have taken cues from California and the EU by adopting sweeping privacy laws. These laws, passed in Virginia, Colorado, Connecticut and Utah, as well as updates to the already enacted...more