Businesses that are subject to the NYDFS Cybersecurity Regulations have four weeks left to submit their annual notices of compliance or acknowledge their noncompliance. When the regulations were amended in 2023, several of...more
Keypoint: New York has amended its data breach notification law twice in the last 60 days to (1) add a 30-day deadline for notifying affected residents, (2) clarify that covered financial entities must still notify the New...more
2/25/2025
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Financial Institutions ,
Financial Services Industry ,
NYDFS ,
Privacy Laws ,
Reporting Requirements ,
State Privacy Laws
The FAR Council issued a proposed rule that would amend the several FAR provisions and add new clauses to provide guidance on the safe handling of CUI. Public comments on the proposed rule are being accepted until March 17,...more
2/24/2025
/ Compliance ,
Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Government Agencies ,
NIST ,
Proposed Rules ,
Regulatory Requirements ,
Risk Management ,
Subcontracts ,
Supply Chain
As noted , the renewable energy sector faces growing concerns over its vulnerability to cyberattacks. Since then, the situation has not improved; the U.S. electrical grid has grown more vulnerable to cyberattacks, with...more
2/11/2025
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Security ,
Department of Energy (DOE) ,
Energy Sector ,
National Security ,
Popular ,
Renewable Energy ,
Risk Management ,
Solar Energy ,
Supply Chain
In November 2023, New York Governor Kathy Hochul announced proposed regulations that would be the first state regulations for hospitals in New York. The governor described the proposed regulation as a “nation-leading...more
Keypoint: The New York Department of Financial Services (NYDFS) circulated an industry letter offering guidance to NYDFS “Covered Entities” for assessing and managing AI-related cybersecurity risks, including threats...more
Intensifying international crises, increasing regulatory burdens, and uncertain macroeconomic conditions have led to an era of caution for manufacturers, but hidden among those challenges are exciting opportunities for...more
10/25/2024
/ Artificial Intelligence ,
Bribery ,
Complex Corporate Transactions ,
Compliance ,
Copyright ,
Cyber Threats ,
Cybersecurity ,
Department of Justice (DOJ) ,
Employment Litigation ,
Environmental Protection Agency (EPA) ,
Fair Labor Standards Act (FLSA) ,
Fraud ,
Geopolitical Risks ,
Government Agencies ,
Healthcare ,
Intellectual Property Protection ,
International Trade ,
Kickbacks ,
Logistics ,
Manufacturers ,
Marketing ,
National Association of Manufacturers ,
OSHA ,
PFAS ,
Regulatory Requirements ,
State Agencies ,
Subject Matter Jurisdiction ,
Whistleblowers ,
Workplace Safety
The White House has announced a set of binding Artificial Intelligence (AI) policies for federal agencies, which are intended to protect the privacy, rights, and safety of the American people. Other than federal contractors...more
Host Gregg N. Sofer welcomes Husch Blackwell’s Erik Dullea to the podcast to explore how human error factors into cybersecurity efforts. Most data breaches trace back to some form of human error, and an approach to...more
Our downloadable report, Legal Insights for Manufacturing, explores how the business, legal, and regulatory framework is evolving—and will evolve—to address the large generational shifts taking place. This year, our report...more
11/2/2023
/ Acquisitions ,
Artificial Intelligence ,
Chief Compliance Officers ,
Complex Corporate Transactions ,
Copyright ,
Coronavirus/COVID-19 ,
Customs ,
Cybersecurity ,
Department of Justice (DOJ) ,
Environmental Protection Agency (EPA) ,
Federal Food Drug and Cosmetic Act (FFDCA) ,
Financial Crimes ,
Food and Drug Administration (FDA) ,
FTEs ,
Global Economy ,
Greenwashing ,
International Trade ,
Know Your Customers ,
Labor Relations ,
Manufacturers ,
Marketing ,
Mergers ,
Modernization of Cosmetics Regulation Act of 2022 (MoCRA) ,
NLRA ,
NLRB ,
OSHA ,
PFAS ,
Price Inflation ,
Section 7 ,
Securities and Exchange Commission (SEC) ,
Self-Disclosure Requirements ,
Skilled Laborers ,
Strict Product Liability ,
Supply Chain ,
Union Elections ,
USPTO ,
Uyghur Forced Labor Prevention Act (UFLPA) ,
Voluntary Disclosure ,
Wage and Hour ,
White Collar Crimes ,
Workplace Safety
Keypoint: To advance the National Cybersecurity Strategy, the Office of the National Cyber Director is soliciting public comments to harmonize cybersecurity regulations, with comments due by October 31, 2023.
In March 2023,...more
Host Gregg N. Sofer welcomes Husch Blackwell partner Erik Dullea to the podcast where we discuss risk management, strategy, governance, and incident disclosure in the context of the Security and Exchange Commission’s recently...more
Key Point: The decision making processes to determine whether a cybersecurity incident is material or not, should include documenting the factors behind each determination and should be practiced before an incident...more
8/23/2023
/ Cyber Incident Reporting ,
Cybersecurity ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
Form 8-K ,
Information Technology ,
Policies and Procedures ,
Publicly-Traded Companies ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)
Part I of this blog series discussed the compliance dates and the new definitions in the U.S. Securities Exchange Commission’s (the “SEC”) final rules (the “adopting release”) for cybersecurity disclosures. In Part II, we...more
Key Point: To avoid inadvertently increasing enforcement and litigation risks, companies should consider these suggestions to minimize headaches with the SEC’s final rules that mandate (a) disclosures in annual report of...more
The increased concern about ransomware incidents from both quantitative and severity standpoints, spurred the White House to urge corporate business leaders to improve their defenses and resilience posture against ransomware...more
7/27/2021
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Department of Homeland Security (DHS) ,
Department of Labor (DOL) ,
Encryption ,
Executive Orders ,
Federal Contractors ,
Joe Biden ,
Multi-Factor Authentication ,
Pipelines ,
Popular ,
Ransomware ,
Software
In the weeks that followed a ransomware attack on a domestic pipeline company, the federal government’s efforts to shore up the cybersecurity posture of America’s critical infrastructure and supply chains, including the oil...more
Keypoint: President Biden shows a strong preference for the cybersecurity expertise of former National Security Agency (NSA) leaders with his choices for significant cyber roles within his administration.
On April 12,...more
Bottom Line Up Front: The Department of Energy (DOE) will implement new cybersecurity programs to enhance energy sector resilience. DOE’s announcement coincides with the Senate Energy and Natural Resources Committee’s support...more
Keypoint: New Utah law creates incentive for businesses to develop and implement a written cybersecurity program to protect themselves against data breach lawsuits.
On March 11, 2021, Utah governor Spencer Cox signed the...more
3/30/2021
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
DSS ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
PCI ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
State and Local Government ,
State Data Breach Notification Statutes
Keypoint: New York’s Division of Financial Services (DFS) now requires Property and Casualty Insurers writing cyber insurance to comply with the Division’s Cyber Insurance Risk Framework to manage their risk.
In her...more
3/9/2021
/ California Consumer Privacy Act (CCPA) ,
Casualty Insurance ,
Civil Monetary Penalty ,
Cyber Crimes ,
Cyber Insurance ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Insurance Industry ,
Insurance Litigation ,
Law Enforcement ,
NYDFS ,
Office of Foreign Assets Control (OFAC) ,
Policy Terms ,
Property Insurance ,
Ransomware ,
Risk Assessment ,
Risk Management ,
Third-Party Service Provider
Keypoint: April 12, 2021 is the deadline to comment on a proposed rule that would require banking organizations and bank service providers to promptly report computer-security incidents.
The Office of the Comptroller of...more
On January 28, 2021, privacy professionals around the world will celebrate Data Privacy Day. This year, we decided to mark the occasion by gathering our team’s thoughts and expectations on what we expect to be the biggest...more
1/28/2021
/ Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Financial Protection Bureau (CFPB) ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Selling ,
Dodd-Frank ,
Facial Recognition Technology ,
FSA ,
Health Care Providers ,
Internet of Things ,
Popular ,
State and Local Government
On December 4, 2020 the President signed into law the IoT Cybersecurity Improvement Act of 2020, Pub. L. No. 116-207 (the “IoT Act”). The legislative purpose behind the new law is to ensure the highest level of cybersecurity...more
12/16/2020
/ Connected Items ,
Consumer Privacy Rights ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Cybersecurity Framework ,
Data Security ,
Department of Homeland Security (DHS) ,
Information Systems Security Program (ISSP) ,
Internet of Things ,
NDAA ,
NIST ,
Popular ,
Subcontractors ,
Technology Sector ,
Trump Administration
On December 4, 2020 the President signed into law the IoT Cybersecurity Improvement Act of 2020, Pub. L. No. 116-207 (the “IoT Act”). The legislative purpose behind the new law is to ensure the highest level of cybersecurity...more