On October 11, 2024, the U.S. Department of Defense (DoD) at long last published a final rule establishing the Cybersecurity Maturity Model Certification (CMMC) Program (the Final Rule)...more
The requirement to disclose material cybersecurity events under new Item 1.05 of Form 8-K takes effect today (other than for smaller reporting companies, for which the new requirement will take effect on June 15, 2024)....more
The Biden Administration has issued its long-awaited Executive Order on Addressing United States Investments in Certain National Security Technologies and Products in Countries of Concern (“EO”), which will create a new...more
8/11/2023
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Biden Administration ,
China ,
Cybersecurity ,
Executive Orders ,
Foreign Investment ,
NAICS ,
National Security ,
Outbound Transactions ,
Popular ,
Proposed Regulation ,
Supply Chain ,
Technology Sector ,
U.S. Treasury
On September 15, 2022, President Biden signed an Executive Order (EO) identifying economic sectors that merit special attention for review by the Committee on Foreign Investment in the United States (CFIUS or the Committee)....more
9/20/2022
/ Biden Administration ,
CFIUS ,
Cybersecurity ,
Executive Orders ,
Foreign Direct Investment ,
Foreign Investment ,
Investors ,
National Security ,
Sensitive Personal Information ,
Supply Chain ,
Technology Sector
On March 9, 2022, the SEC proposed rules, by a 3-1 vote, that are intended to enhance disclosures about cybersecurity risk management, strategy, governance, and incident reporting by public companies. The proposed rules are...more
3/11/2022
/ Comment Period ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Form 10-K ,
Form 8-K ,
Investment Adviser ,
Investment Companies ,
Proposed Rules ,
Publicly-Traded Companies ,
Regulation S-K ,
Risk Mitigation ,
Securities and Exchange Commission (SEC)
On October 27, 2021, the Federal Trade Commission (FTC) announced a newly updated rule under the Gramm-Leach-Bliley Act (GLBA) intended to require financial institutions to strengthen their data security safeguards to protect...more
11/1/2021
/ Cybersecurity ,
Data Protection ,
Federal Trade Commission (FTC) ,
Final Rules ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Personal Information ,
Risk Assessment ,
Safeguards Rule ,
Security Risk Assessments ,
Third-Party Service Provider
The US Department of Justice (DOJ) recently announced plans to use the False Claims Act (FCA) to pursue cybersecurity-related fraud by government contractors, subcontractors and grant recipients, including for providing...more
10/14/2021
/ Compliance ,
Cyber Crimes ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Protection ,
Department of Justice (DOJ) ,
DFARS ,
False Claims Act (FCA) ,
Federal Contractors ,
Fraud ,
Subcontractors
On Wednesday, May 12, 2021, President Biden issued an ambitious and sweeping Executive Order focused on combating digital threats to US networks and infrastructure. The Executive Order on Improving the Nation’s Cybersecurity...more
5/17/2021
/ Biden Administration ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Homeland Security (DHS) ,
Executive Orders ,
Federal Contractors ,
Information Technology ,
National Security ,
NIST ,
OMB ,
Supply Chain
Under the Department of Defense (DoD) final Defense Federal Acquisition Regulation Supplement (DFARS) rule on Network Penetration Reporting and Contracting for Cloud Services, DoD contractors maintaining, processing, or...more
In this eight-week alert series, we are providing a broad look at current and emerging issues facing the energy sector. Lawyers from across the firm are discussing issues ranging from cybersecurity, antitrust and intellectual...more
On October 21, 2016, the Department of Defense (DoD) issued its final rule on Network Penetration Reporting and Contracting for Cloud Services, amending an interim version issued on August 26, 2015, and revised on December...more
Legal Framework -
Summarise the main statutes and regulations that promote
cybersecurity. Does your jurisdiction have dedicated
cybersecurity laws?
The United States generally addresses cybersecurity...more
3/7/2016
/ Cloud Computing ,
Computer Fraud and Abuse Act (CFAA) ,
Cyber Incident Reporting ,
Cyber Insurance ,
Cybersecurity ,
Cybersecurity Act of 2015 ,
Data Protection ,
DFARS ,
DMCA ,
ECPA ,
Federal Trade Commission (FTC) ,
FERC ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
PCI-DSS Standard ,
Popular ,
Risk Management ,
Sarbanes-Oxley ,
State Data Breach Notification Statutes
With interconnectivity and use of digital storage expanding, cyberthreats posed by nation states, commercial competitors, company insiders, transnational organised crime and ‘hacktivists’ are growing on a global basis. Recent...more
3/7/2016
/ China ,
Cloud Computing ,
Credit Cards ,
Cyber Attacks ,
Cybersecurity ,
Data Protection ,
Disclosure Requirements ,
EU ,
European Court of Justice (ECJ) ,
Executive Orders ,
General Data Protection Regulation (GDPR) ,
Intellectual Property Protection ,
Popular ,
Securities and Exchange Commission (SEC) ,
Trade Secrets ,
Trans-Pacific Partnership ,
UK ,
US-EU Safe Harbor Framework
On December 30, 2015, the Department of Defense (DoD) issued a second interim rule on Network Penetration Reporting and Contracting for Cloud Services, amending an earlier version issued on August 26, 2015. The new, amended...more
On December 18, 2015, Congress passed, and the President signed, the Cybersecurity Act of 2015, which provides authorization and liability protection for cybersecurity monitoring and information-sharing and authorization for...more
On Wednesday, April 29, the US Department of Justice released guidance titled “Best Practices for Victim Response and Reporting of Cyber Incidents.” The guidance outlines steps companies should take before, during, and after...more
On April 9, the New York State Department of Financial Services (NYDFS) released a report on bank vendor cybersecurity that highlights the risk that hackers will use third-party service providers to gain access to bank data....more
On April 1, 2015, President Obama issued an Executive Order authorizing the imposition of sanctions against designated individuals or entities found to be engaged in malicious cyber activity, including various forms of...more