The FAR Council issued a proposed rule that would amend the several FAR provisions and add new clauses to provide guidance on the safe handling of CUI. Public comments on the proposed rule are being accepted until March 17,...more
2/24/2025
/ Compliance ,
Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Government Agencies ,
NIST ,
Proposed Rules ,
Regulatory Requirements ,
Risk Management ,
Subcontracts ,
Supply Chain
Keypoint: Companies onboarding AI products and services need to understand the potential risks associated with these products and implement contractual provisions to manage them. With the rapid emergence of artificial...more
8/20/2024
/ Artificial Intelligence ,
Consumer Service Agreements ,
Contract Terms ,
Contractual Safeguards ,
Data Protection ,
Data-Sharing ,
Due Diligence ,
Employment Discrimination ,
Equal Employment Opportunity Commission (EEOC) ,
Intellectual Property Protection ,
Liability ,
Risk Assessment ,
Vendors
Keypoint: New Utah law creates incentive for businesses to develop and implement a written cybersecurity program to protect themselves against data breach lawsuits.
On March 11, 2021, Utah governor Spencer Cox signed the...more
3/30/2021
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
DSS ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
PCI ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
State and Local Government ,
State Data Breach Notification Statutes
Keypoint: New York’s Division of Financial Services (DFS) now requires Property and Casualty Insurers writing cyber insurance to comply with the Division’s Cyber Insurance Risk Framework to manage their risk.
In her...more
3/9/2021
/ California Consumer Privacy Act (CCPA) ,
Casualty Insurance ,
Civil Monetary Penalty ,
Cyber Crimes ,
Cyber Insurance ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Insurance Industry ,
Insurance Litigation ,
Law Enforcement ,
NYDFS ,
Office of Foreign Assets Control (OFAC) ,
Policy Terms ,
Property Insurance ,
Ransomware ,
Risk Assessment ,
Risk Management ,
Third-Party Service Provider
Keypoint: April 12, 2021 is the deadline to comment on a proposed rule that would require banking organizations and bank service providers to promptly report computer-security incidents.
The Office of the Comptroller of...more
On January 28, 2021, privacy professionals around the world will celebrate Data Privacy Day. This year, we decided to mark the occasion by gathering our team’s thoughts and expectations on what we expect to be the biggest...more
1/28/2021
/ Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Financial Protection Bureau (CFPB) ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Selling ,
Dodd-Frank ,
Facial Recognition Technology ,
FSA ,
Health Care Providers ,
Internet of Things ,
Popular ,
State and Local Government
On December 4, 2020 the President signed into law the IoT Cybersecurity Improvement Act of 2020, Pub. L. No. 116-207 (the “IoT Act”). The legislative purpose behind the new law is to ensure the highest level of cybersecurity...more
Resulting in Zoom Promising to Implement an Information Security Program, Resembling the SHIELD Act-
Key point: The Letter of Agreement between the New York Attorney General and Zoom Video Communications, Inc. provides...more
Keypoint: Individuals and businesses should take steps to prevent against becoming victims of the rapid rise in Coronavirus-related hacking scams.
On March 20, 2020, the FBI issued an alert warning that cyber thieves are...more
3/24/2020
/ Chief Information Security Officer (CISO) ,
Coronavirus/COVID-19 ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Protection ,
FBI ,
Hackers ,
Information Security ,
Phishing Scams ,
Popular ,
Risk Management
Keypoint: With just two days to go before the close of the Washington legislature, a conference committee will try to resolve conflicts between the House and Senate versions of the WPA.
As we previously reported, on...more
As it did last year, the Washington state senate has overwhelmingly passed comprehensive consumer privacy legislation. The legislation, entitled the Washington Privacy Act (WPA), passed the state senate on February 14, 2020,...more
Keypoint: 2020 promises to be another ground-breaking year in privacy and cybersecurity law in the United States.
2019 was an exciting year in privacy and cybersecurity law. In the United States, the California Consumer...more
Key Point: The SHIELD Act increases the statutory penalties for knowing and reckless violations of the State’s data breach notification law. It also authorizes the NY Attorney General to pursue injunctive relief and monetary...more
Key Point: If signed by the Governor, the legislation will require entities doing business in New York to implement and maintain reasonable safeguards to protect the security, confidentiality and integrity of private...more
Given the near ubiquitous coverage of proposed CCPA amendments, it may be hard to believe that any bill could fly under the radar, but that appears to be the case with AB 1035, which would amend the CCPA’s private right of...more
A surprise legislative storm ripped through Olympia, Washington last week, and the proposed Washington Privacy Act (SB-5376) took the brunt of the damage. The bill sailed through the Democrat-controlled Washington State...more
As we move into the second month of 2019, we’d like to give an overview of the trends we see developing in the cybersecurity and data privacy area for the year. We’ll be sure to elaborate on these areas with more details as...more
2/5/2019
/ Biometric Information ,
Biometric Information Privacy Act ,
CNIL ,
Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Retention ,
General Data Protection Regulation (GDPR) ,
Personally Identifiable Information ,
Popular ,
Ransomware
Colorado’s Protections for Consumer Data Privacy law (“new law”) takes effect on September 1, 2018 and requires that businesses holding personal information for Colorado residents destroy the data they don’t need, protect the...more