The White House has announced a set of binding Artificial Intelligence (AI) policies for federal agencies, which are intended to protect the privacy, rights, and safety of the American people. Other than federal contractors...more
Host Gregg N. Sofer welcomes Husch Blackwell’s Erik Dullea to the podcast to explore how human error factors into cybersecurity efforts. Most data breaches trace back to some form of human error, and an approach to...more
Our downloadable report, Legal Insights for Manufacturing, explores how the business, legal, and regulatory framework is evolving—and will evolve—to address the large generational shifts taking place. This year, our report...more
11/2/2023
/ Acquisitions ,
Artificial Intelligence ,
Chief Compliance Officers ,
Complex Corporate Transactions ,
Copyright ,
Coronavirus/COVID-19 ,
Customs ,
Cybersecurity ,
Department of Justice (DOJ) ,
Environmental Protection Agency (EPA) ,
Federal Food Drug and Cosmetic Act (FFDCA) ,
Financial Crimes ,
Food and Drug Administration (FDA) ,
FTEs ,
Global Economy ,
Greenwashing ,
International Trade ,
Know Your Customers ,
Labor Relations ,
Manufacturers ,
Marketing ,
Mergers ,
Modernization of Cosmetics Regulation Act of 2022 (MoCRA) ,
NLRA ,
NLRB ,
OSHA ,
PFAS ,
Price Inflation ,
Section 7 ,
Securities and Exchange Commission (SEC) ,
Self-Disclosure Requirements ,
Skilled Laborers ,
Strict Product Liability ,
Supply Chain ,
Union Elections ,
USPTO ,
Uyghur Forced Labor Prevention Act (UFLPA) ,
Voluntary Disclosure ,
Wage and Hour ,
White Collar Crimes ,
Workplace Safety
Keypoint: To advance the National Cybersecurity Strategy, the Office of the National Cyber Director is soliciting public comments to harmonize cybersecurity regulations, with comments due by October 31, 2023.
In March 2023,...more
Host Gregg N. Sofer welcomes Husch Blackwell partner Erik Dullea to the podcast where we discuss risk management, strategy, governance, and incident disclosure in the context of the Security and Exchange Commission’s recently...more
Key Point: The decision making processes to determine whether a cybersecurity incident is material or not, should include documenting the factors behind each determination and should be practiced before an incident...more
8/23/2023
/ Cyber Incident Reporting ,
Cybersecurity ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
Form 8-K ,
Information Technology ,
Policies and Procedures ,
Publicly-Traded Companies ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)
Part I of this blog series discussed the compliance dates and the new definitions in the U.S. Securities Exchange Commission’s (the “SEC”) final rules (the “adopting release”) for cybersecurity disclosures. In Part II, we...more
Key Point: To avoid inadvertently increasing enforcement and litigation risks, companies should consider these suggestions to minimize headaches with the SEC’s final rules that mandate (a) disclosures in annual report of...more
The increased concern about ransomware incidents from both quantitative and severity standpoints, spurred the White House to urge corporate business leaders to improve their defenses and resilience posture against ransomware...more
7/27/2021
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Department of Homeland Security (DHS) ,
Department of Labor (DOL) ,
Encryption ,
Executive Orders ,
Federal Contractors ,
Joe Biden ,
Multi-Factor Authentication ,
Pipelines ,
Popular ,
Ransomware ,
Software
In the weeks that followed a ransomware attack on a domestic pipeline company, the federal government’s efforts to shore up the cybersecurity posture of America’s critical infrastructure and supply chains, including the oil...more
Keypoint: President Biden shows a strong preference for the cybersecurity expertise of former National Security Agency (NSA) leaders with his choices for significant cyber roles within his administration.
On April 12,...more
Bottom Line Up Front: The Department of Energy (DOE) will implement new cybersecurity programs to enhance energy sector resilience. DOE’s announcement coincides with the Senate Energy and Natural Resources Committee’s support...more
Keypoint: New Utah law creates incentive for businesses to develop and implement a written cybersecurity program to protect themselves against data breach lawsuits.
On March 11, 2021, Utah governor Spencer Cox signed the...more
3/30/2021
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
DSS ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
PCI ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
State and Local Government ,
State Data Breach Notification Statutes
Keypoint: New York’s Division of Financial Services (DFS) now requires Property and Casualty Insurers writing cyber insurance to comply with the Division’s Cyber Insurance Risk Framework to manage their risk.
In her...more
3/9/2021
/ California Consumer Privacy Act (CCPA) ,
Casualty Insurance ,
Civil Monetary Penalty ,
Cyber Crimes ,
Cyber Insurance ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Insurance Industry ,
Insurance Litigation ,
Law Enforcement ,
NYDFS ,
Office of Foreign Assets Control (OFAC) ,
Policy Terms ,
Property Insurance ,
Ransomware ,
Risk Assessment ,
Risk Management ,
Third-Party Service Provider
Keypoint: April 12, 2021 is the deadline to comment on a proposed rule that would require banking organizations and bank service providers to promptly report computer-security incidents.
The Office of the Comptroller of...more
On January 28, 2021, privacy professionals around the world will celebrate Data Privacy Day. This year, we decided to mark the occasion by gathering our team’s thoughts and expectations on what we expect to be the biggest...more
1/28/2021
/ Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Financial Protection Bureau (CFPB) ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Selling ,
Dodd-Frank ,
Facial Recognition Technology ,
FSA ,
Health Care Providers ,
Internet of Things ,
Popular ,
State and Local Government
On December 4, 2020 the President signed into law the IoT Cybersecurity Improvement Act of 2020, Pub. L. No. 116-207 (the “IoT Act”). The legislative purpose behind the new law is to ensure the highest level of cybersecurity...more
12/16/2020
/ Connected Items ,
Consumer Privacy Rights ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Cybersecurity Framework ,
Data Security ,
Department of Homeland Security (DHS) ,
Information Systems Security Program (ISSP) ,
Internet of Things ,
NDAA ,
NIST ,
Popular ,
Subcontractors ,
Technology Sector ,
Trump Administration
On December 4, 2020 the President signed into law the IoT Cybersecurity Improvement Act of 2020, Pub. L. No. 116-207 (the “IoT Act”). The legislative purpose behind the new law is to ensure the highest level of cybersecurity...more
The combination of a significant increase in COVID-19 cases, political tensions in the final days of a national election season, and law enforcement’s focus on election security created an opportunity for cybercriminals to...more
Keypoint: Individuals and businesses should take steps to prevent against becoming victims of the rapid rise in Coronavirus-related hacking scams.
On March 20, 2020, the FBI issued an alert warning that cyber thieves are...more
3/24/2020
/ Chief Information Security Officer (CISO) ,
Coronavirus/COVID-19 ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Protection ,
FBI ,
Hackers ,
Information Security ,
Phishing Scams ,
Popular ,
Risk Management
Keypoint: With just two days to go before the close of the Washington legislature, a conference committee will try to resolve conflicts between the House and Senate versions of the WPA.
As we previously reported, on...more
As it did last year, the Washington state senate has overwhelmingly passed comprehensive consumer privacy legislation. The legislation, entitled the Washington Privacy Act (WPA), passed the state senate on February 14, 2020,...more
Keypoint: 2020 promises to be another ground-breaking year in privacy and cybersecurity law in the United States.
2019 was an exciting year in privacy and cybersecurity law. In the United States, the California Consumer...more
Key Point: If you consider your cybersecurity defensive measures to be a one-time investment, that is what the criminals are banking on.
Most people enjoy improvements and innovations when it comes to consumer...more
Key Point: The SHIELD Act increases the statutory penalties for knowing and reckless violations of the State’s data breach notification law. It also authorizes the NY Attorney General to pursue injunctive relief and monetary...more