Businesses that are subject to the NYDFS Cybersecurity Regulations have four weeks left to submit their annual notices of compliance or acknowledge their noncompliance. When the regulations were amended in 2023, several of...more
Keypoint: New York has amended its data breach notification law twice in the last 60 days to (1) add a 30-day deadline for notifying affected residents, (2) clarify that covered financial entities must still notify the New...more
2/25/2025
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Financial Institutions ,
Financial Services Industry ,
NYDFS ,
Privacy Laws ,
Reporting Requirements ,
State Privacy Laws
The FAR Council issued a proposed rule that would amend the several FAR provisions and add new clauses to provide guidance on the safe handling of CUI. Public comments on the proposed rule are being accepted until March 17,...more
2/24/2025
/ Compliance ,
Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Government Agencies ,
NIST ,
Proposed Rules ,
Regulatory Requirements ,
Risk Management ,
Subcontracts ,
Supply Chain
As noted , the renewable energy sector faces growing concerns over its vulnerability to cyberattacks. Since then, the situation has not improved; the U.S. electrical grid has grown more vulnerable to cyberattacks, with...more
2/11/2025
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Security ,
Department of Energy (DOE) ,
Energy Sector ,
National Security ,
Popular ,
Renewable Energy ,
Risk Management ,
Solar Energy ,
Supply Chain
In November 2023, New York Governor Kathy Hochul announced proposed regulations that would be the first state regulations for hospitals in New York. The governor described the proposed regulation as a “nation-leading...more
Keypoint: The New York State Department of Financial Services (NYDFS) issued an industry letter outlining the threats posed to U.S. companies who hire remote technology workers linked to North Korea and may embezzle funds...more
11/5/2024
/ Due Diligence ,
Electronic Monitoring ,
Embezzlement ,
Employee Training ,
FBI ,
Financial Institutions ,
Hiring & Firing ,
Industry Letters ,
Information Technology ,
North Korea ,
NYDFS ,
Remote Working ,
US Department of State
Keypoint: The New York Department of Financial Services (NYDFS) circulated an industry letter offering guidance to NYDFS “Covered Entities” for assessing and managing AI-related cybersecurity risks, including threats...more
Intensifying international crises, increasing regulatory burdens, and uncertain macroeconomic conditions have led to an era of caution for manufacturers, but hidden among those challenges are exciting opportunities for...more
10/25/2024
/ Artificial Intelligence ,
Bribery ,
Complex Corporate Transactions ,
Compliance ,
Copyright ,
Cyber Threats ,
Cybersecurity ,
Department of Justice (DOJ) ,
Employment Litigation ,
Environmental Protection Agency (EPA) ,
Fair Labor Standards Act (FLSA) ,
Fraud ,
Geopolitical Risks ,
Government Agencies ,
Healthcare ,
Intellectual Property Protection ,
International Trade ,
Kickbacks ,
Logistics ,
Manufacturers ,
Marketing ,
National Association of Manufacturers ,
OSHA ,
PFAS ,
Regulatory Requirements ,
State Agencies ,
Subject Matter Jurisdiction ,
Whistleblowers ,
Workplace Safety
Keypoint: The Texas Attorney General reaches a first-of-its-kind settlement with a healthcare company that provides generative AI products. On September 18, 2024, the Texas Attorney General announced that it had reached a...more
9/19/2024
/ Advertising ,
Artificial Intelligence ,
Corporate Counsel ,
Disclosure Requirements ,
False Statements ,
Hospitals ,
Marketing ,
Misleading Statements ,
Misrepresentation ,
Settlement Agreements ,
State Attorneys General ,
Texas
Keypoint: Companies onboarding AI products and services need to understand the potential risks associated with these products and implement contractual provisions to manage them. With the rapid emergence of artificial...more
8/20/2024
/ Artificial Intelligence ,
Consumer Service Agreements ,
Contract Terms ,
Contractual Safeguards ,
Data Protection ,
Data-Sharing ,
Due Diligence ,
Employment Discrimination ,
Equal Employment Opportunity Commission (EEOC) ,
Intellectual Property Protection ,
Liability ,
Risk Assessment ,
Vendors
The White House has announced a set of binding Artificial Intelligence (AI) policies for federal agencies, which are intended to protect the privacy, rights, and safety of the American people. Other than federal contractors...more
Host Gregg N. Sofer welcomes Husch Blackwell’s Erik Dullea to the podcast to explore how human error factors into cybersecurity efforts. Most data breaches trace back to some form of human error, and an approach to...more
Key Point: The FCC revised its breach notification rules for telecommunication providers to broaden the instances when notifications are required, but even with limited exceptions to the new requirements, the final rule...more
Our downloadable report, Legal Insights for Manufacturing, explores how the business, legal, and regulatory framework is evolving—and will evolve—to address the large generational shifts taking place. This year, our report...more
11/2/2023
/ Acquisitions ,
Artificial Intelligence ,
Chief Compliance Officers ,
Complex Corporate Transactions ,
Copyright ,
Coronavirus/COVID-19 ,
Customs ,
Cybersecurity ,
Department of Justice (DOJ) ,
Environmental Protection Agency (EPA) ,
Federal Food Drug and Cosmetic Act (FFDCA) ,
Financial Crimes ,
Food and Drug Administration (FDA) ,
FTEs ,
Global Economy ,
Greenwashing ,
International Trade ,
Know Your Customers ,
Labor Relations ,
Manufacturers ,
Marketing ,
Mergers ,
Modernization of Cosmetics Regulation Act of 2022 (MoCRA) ,
NLRA ,
NLRB ,
OSHA ,
PFAS ,
Price Inflation ,
Section 7 ,
Securities and Exchange Commission (SEC) ,
Self-Disclosure Requirements ,
Skilled Laborers ,
Strict Product Liability ,
Supply Chain ,
Union Elections ,
USPTO ,
Uyghur Forced Labor Prevention Act (UFLPA) ,
Voluntary Disclosure ,
Wage and Hour ,
White Collar Crimes ,
Workplace Safety
Key Point: The Federal Trade Commission (FTC) has amended the Safeguards Rule to require non-banking financial institutions to inform the FTC within 30 days of discovering any unauthorized acquisition of unencrypted customer...more
10/31/2023
/ Amended Rules ,
Board of Governors ,
Breach Notification Rule ,
Cyber Incident Reporting ,
Data Breach ,
Data Security ,
Dodd-Frank ,
FDIC ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
GLBA Privacy ,
Gramm-Leach-Blilely Act ,
Non-Public Information ,
NYDFS ,
OCC ,
Safeguards Rule ,
Securities and Exchange Commission (SEC)
Keypoint: To advance the National Cybersecurity Strategy, the Office of the National Cyber Director is soliciting public comments to harmonize cybersecurity regulations, with comments due by October 31, 2023.
In March 2023,...more
Host Gregg N. Sofer welcomes Husch Blackwell partner Erik Dullea to the podcast where we discuss risk management, strategy, governance, and incident disclosure in the context of the Security and Exchange Commission’s recently...more
Key Point: The decision making processes to determine whether a cybersecurity incident is material or not, should include documenting the factors behind each determination and should be practiced before an incident...more
8/23/2023
/ Cyber Incident Reporting ,
Cybersecurity ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
Form 8-K ,
Information Technology ,
Policies and Procedures ,
Publicly-Traded Companies ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)
Part I of this blog series discussed the compliance dates and the new definitions in the U.S. Securities Exchange Commission’s (the “SEC”) final rules (the “adopting release”) for cybersecurity disclosures. In Part II, we...more
Key Point: To avoid inadvertently increasing enforcement and litigation risks, companies should consider these suggestions to minimize headaches with the SEC’s final rules that mandate (a) disclosures in annual report of...more
On October 27, 2021, OSHA issued an Advance Notice of Proposed Rulemaking (ANPRM) on Heat Injury & Illness Prevention in Outdoor and Indoor Work Settings. 86 Fed. Reg. 59309 (Oct. 27, 2021). As announced in the ANPRM, OSHA is...more
On October 25, 2021 the US Senate confirmed President Biden’s nominee Doug Parker to be the next Assistant Secretary of Labor and leader of the Occupational Safety and Health Administration (OSHA). Mr. Parker will be the...more
On October 13, 2021, from 2:00 – 5:00 p.m. Eastern Time, the Occupational Safety and Health Administration (OSHA) will hold a virtual meeting (via telephone and Microsoft Teams) to receive public comments and suggestions...more
On September 9, 2021, MSHA expects to publish a Proposed Rule requiring mine operators to develop and implement written safety programs for their powered haulage equipment used at surface mines and surface areas of...more
The increased concern about ransomware incidents from both quantitative and severity standpoints, spurred the White House to urge corporate business leaders to improve their defenses and resilience posture against ransomware...more
7/27/2021
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Department of Homeland Security (DHS) ,
Department of Labor (DOL) ,
Encryption ,
Executive Orders ,
Federal Contractors ,
Joe Biden ,
Multi-Factor Authentication ,
Pipelines ,
Popular ,
Ransomware ,
Software