Organizations around the world face substantial and increasing cybersecurity-related threats to operations, reputation, and the bottom line. Cyber risk profiles are changing, particularly in light of the increase in agile...more
6/4/2021
/ Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Electronic Monitoring ,
Employee Monitoring ,
Information Management ,
Metadata ,
Risk Assessment ,
Risk Mitigation ,
Threat Management
On April 14, the Department of Labor’s Employee Benefits Security Administration (EBSA) issued its first cybersecurity-focused guidance related to benefit plans regulated by Employee Retirement Income Security Act (ERISA)....more
On February 4, the New York Department of Financial Services (NYDFS) released Insurance Circular Letter No. 2 (2021), a Cyber Insurance Risk Framework (Framework) for insurers that write cyber insurance....more
2/17/2021
/ Consumer Insurance Products ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Insurance ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Protection ,
Insurance Regulations ,
NYDFS ,
Popular ,
Risk Management ,
State and Local Government
Words matter. Nowhere is this truer than in legislation, where word choices—often the product of long debate and imperfect compromise—determine the scope and impact of a law. ...more
9/14/2018
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cooperative Compliance Regime ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Digital Service Providers ,
Non-Discrimination Rules ,
Personally Identifiable Information ,
Privacy Laws ,
State and Local Government ,
Third-Party
Groundbreaking. Watershed. Unprecedented. -
We have heard the California Consumer Privacy Act of 2018 (CCPA) called all these things and more since its enactment on June 28, ?2018. Our experience to date has confirmed the...more
9/13/2018
/ California Consumer Privacy Act (CCPA) ,
Clinical Trials ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Use Policies ,
DPPA ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HITECH Act ,
Penalties ,
Personal Data ,
Personally Identifiable Information ,
Preemption ,
Privacy Laws ,
Private Right of Action
A data lake is an infrastructure that permits different data sets from within a group to be combined and analysed together.
To analyse a data lake under GDPR, it is helpful to think of a data lake in two phases, which we...more
8/9/2018
/ Data Collection ,
Data Controller ,
Data Management ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular ,
Privacy Policy ,
Risk Mitigation
“Getting to Data Nirvana” is our four-step approach to help you integrate your legal, regulatory and compliance work streams into your organisation’s overall data strategy.
...more
7/31/2018
/ Compliance ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Personally Identifiable Information ,
Policies and Procedures ,
Regulatory Requirements ,
Risk Management
It’s been almost a year since the New York State Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) came into effect. Since that time, a series of key dates have marked the implementation of...more
2/28/2018
/ Banking Sector ,
Chief Information Security Officer (CISO) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Information Technology ,
Insurance Industry ,
NYDFS ,
Popular ,
Risk Assessment ,
Risk Management ,
Vulnerability Assessments
Whether malicious or inadvertent, workforce actions cause or contribute to a high percentage of the cyber attacks experienced by organizations. Protecting against such "insider" cyber risk can be challenging, especially given...more
As a follow-up to our previous reports (December 30, 2016 Alert; February 24, 2017 Alert) regarding the cybersecurity regulations issued by the New York State Department of Financial Services (NYDFS), we would like to remind...more
8/10/2017
/ Banking Sector ,
Chief Information Security Officer (CISO) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Information Technology ,
Insurance Industry ,
NYDFS ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
Third-Party Service Provider
Earlier this year, the National Association of Corporate Directors (NACD) released an updated version of its Director’s Handbook on Cyber-Risk Oversight (Handbook). The updates add 16 pages of content to the previously...more
7/19/2017
/ Board of Directors ,
Corporate Counsel ,
Corporate Governance ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Handbooks ,
Information Technology ,
National Association of Corporate Directors (NACD) ,
Risk Management
Technological vulnerabilities, regulators’ watchful eyes, and personal connections with our vehicles – create a collision course for cyber risk. Partners Harriet Pearson and Tim Tobin dissect these three simple reasons why...more
As Hogan Lovells previously reported, the New York State Department of Financial Services (NYDFS) has launched a significant initiative to impose detailed cybersecurity requirements on covered financial institutions. On...more
2/27/2017
/ Banking Sector ,
Chief Information Security Officer (CISO) ,
Confidential Information ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Disclosure Requirements ,
Financial Institutions ,
Financial Services Industry ,
Information Technology ,
Insurance Industry ,
Notice Requirements ,
NYDFS ,
Personally Identifiable Information ,
Popular ,
Risk Assessment ,
Risk Management ,
Third-Party Service Provider
Recent changes to Japan’s Act on the Protection of Personal Information and the establishment of a new Personal Information Protection Commission have raised questions about how the world’s third-largest economy plans to...more
In the past month, the National Institute of Standards and Technology (NIST) has issued a draft update to its flagship cybersecurity framework as well as new standalone guidance on how organizations can plan to recover from...more
1/26/2017
/ Comment Period ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Protection ,
NIST ,
Ransomware ,
Risk Management ,
Supply Chain
The New York Department of Financial Services (NYDFS) just issued major revisions to the cybersecurity regulations for financial institutions that were due to come into effect on January 1, 2017. To allow covered institutions...more
1/3/2017
/ Banking Sector ,
Chief Information Security Officer (CISO) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Encryption ,
Financial Institutions ,
Financial Services Industry ,
Insurance Industry ,
NYDFS ,
Popular ,
Risk Assessment ,
Risk Management