Public companies are now required to comply with new cybersecurity disclosure requirements in their Annual Reports on Form 10-K for fiscal years ending on or after December 15, 2023. In preparing this cybersecurity...more
3/5/2024
/ Annual Reports ,
Chief Information Security Officer (CISO) ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Form 10-K ,
Form 8-K ,
Popular ,
Regulation S-K ,
Securities and Exchange Commission (SEC) ,
SolarWinds
On December 8, 2023, representatives of the European Council and the European Parliament reached a provisional agreement on the EU’s Artificial Intelligence Act (“AI Act”). Although the final text of the AI Act remains...more
On November 27, 2023, the New York State Department of Financial Services (“DFS”) and First American Title Insurance Company (“First American”) entered into a consent order1 that resolved litigation over First American’s...more
12/4/2023
/ Consent Order ,
Covered Entities ,
Cybersecurity ,
Financial Institutions ,
Financial Services Industry ,
First American Title Insurance Co. ,
Gramm-Leach-Blilely Act ,
New York ,
Popular ,
Regulation S-P ,
Risk Assessment ,
Securities and Exchange Commission (SEC)
On October 30, 2023, President Biden issued an Executive Order (“Order”) that drastically increased the U.S. government’s engagement with artificial intelligence (“AI”). The sweeping Order touches on everything from bias in...more
11/1/2023
/ Algorithms ,
Antitrust Violations ,
Artificial Intelligence ,
Critical Infrastructure Sectors ,
Cyber Insurance ,
Cybersecurity ,
Data Privacy ,
Department of Energy (DOE) ,
Department of Health and Human Services (HHS) ,
Discrimination ,
Executive Orders ,
Federal Trade Commission (FTC) ,
Intellectual Property Protection ,
Joe Biden ,
National Security ,
Popular ,
Public Health
In advance of its September 8, 2023 board meeting, the California Privacy Protection Agency (“CPPA”), the state’s privacy regulatory body, has unveiled draft regulations that could significantly impact cybersecurity...more
9/7/2023
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
California ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Management ,
Regulatory Agenda ,
Risk Assessment ,
State Privacy Laws
The Department of Homeland Security’s Transportation Security Administration (“TSA”) has issued an amended directive on pipeline security, SD-Pipeline-2021-02D (the “Directive”). The Directive is based on and supersedes the...more
On July 10, 2023, the European Commission (the “Commission”) adopted an adequacy decision for the EU-U.S. Data Privacy Framework (the “Framework”).
The Framework provides companies that opt in with a legitimate means of...more
7/14/2023
/ Cross-Border ,
Cybersecurity ,
Data Privacy ,
Data Transfers ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
US-EU Safe Harbor Framework
After a rash of significant cybersecurity breaches and ransomware attacks affecting a wide set of industries, ranging from pipelines to technology companies, the Biden administration released its much-anticipated National...more
On October 12, 2022, New York Attorney General Letitia James fined Zoetop Business Company, Ltd. (“Zoetop”), the owner of fast-fashion brands SHEIN and ROMWE, $1.9 million for mishandling a 2018 data breach and lying to the...more
On October 18, 2022, the Transportation Security Administration (“TSA”) issued its Security Directive 1580/82-2022-01 on Rail Cybersecurity Mitigation Actions and Testing (the “Railroad Directive”), regulating designated...more
In a recent Securities and Exchange Commission (“SEC”) enforcement action, the SEC concluded that a registered broker-dealer and investment adviser (the “Firm”) violated Rule 30 of Regulation S-P by failing to adopt...more
It has been over a year since the Colonial Pipeline cybersecurity incident, and the Department of Homeland Security’s Transportation Security Administration (“TSA”) continues to issue cybersecurity directives to owners and...more
8/23/2022
/ Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Homeland Security (DHS) ,
Environmental Protection Agency (EPA) ,
Information Technology ,
Multi-Factor Authentication ,
Oil & Gas ,
Pipelines ,
Risk Assessment ,
TSA
On March 9, 2022, the Securities and Exchange Commission (“SEC”) announced Proposed Rules on cybersecurity risk management, strategy, governance, and incident disclosure (“Proposed Rules”) to address concerns of increasing...more
On March 9, 2022, the Securities and Exchange Commission (“SEC”) announced Proposed Rules on cybersecurity risk management, strategy, governance, and incident disclosure (“Proposed Rules”) to address concerns of increasing...more
On May 27, 2021, against the backdrop of the Colonial Pipeline cybersecurity incident, the Department of Homeland Security’s Transportation Security Administration (“TSA”) announced Security Directive Pipeline-2021-01...more
6/1/2021
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Homeland Security (DHS) ,
National Security ,
Pipelines ,
Popular ,
Ransomware ,
Risk Assessment ,
TSA
Update: The VCDPA was signed into law by Governor Ralph Northam without amendment on March 2, 2021. The VCDPA will become operative on January 1, 2023, and businesses should remain mindful of pending legislation in states...more
3/9/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Compliance ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Fair Information Practice Principles ,
General Data Protection Regulation (GDPR) ,
Governor Northam ,
Gramm-Leach-Blilely Act ,
Personal Data ,
Right To Appeal ,
State Attorneys General ,
State Data Privacy Laws ,
Virginia