On May 1, 2025, additional enhanced cybersecurity controls required by the Second Amendment to the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) (the “Second Amendment”) take...more
Our Privacy, Cyber & Data Strategy Team highlights the increasingly specific cybersecurity controls identified by regulators, explains why these enhanced cybersecurity controls have become the focus of regulators, and shares...more
On January 15, 2025, the Federal Trade Commission (FTC) announced a proposed settlement with GoDaddy Inc. (GoDaddy) for making false or misleading representations about their security practices in violation of Section 5 of...more
1/22/2025
/ Antitrust Violations ,
Compliance ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC Act ,
Misleading Statements ,
Privacy Laws ,
Risk Management ,
Unfair or Deceptive Trade Practices
The Biden Administration’s Office for Civil Rights delivered on its promise to propose an update to the HIPAA Security Rule. Our Health Care and Privacy, Cyber & Data Strategy groups summarize key points from the new rule and...more
The CMMC program is designed to ensure that federal contract information (“FCI”) and Controlled Unclassified Information (“CUI”) are sufficiently protected by government contractors. For example, the CMMC program requires...more
On October 16, 2024, the New York Department of Financial Services (“NYDFS”) issued an industry letter covering Cybersecurity Risks Arising from Artificial Intelligence and Strategies to Combat Related Risks (the “Industry...more
The ubiquity of artificial intelligence (AI) has heightened companies’ exposure to cyberattacks of increasingly greater sophistication. Our Privacy, Cyber & Data Strategy Team explores how businesses can enhance their...more
10/2/2024
/ Artificial Intelligence ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Cybersecurity Framework ,
Data Security ,
Deep Fake ,
Employee Training ,
Machine Learning ,
Phishing Scams ,
Risk Management
On August 21, 2024, the United States Cybersecurity and Infrastructure Security agency, alongside government agencies in key global allies, including Australia, the UK, Canada, and Japan, released guidance on event logging...more
Pennsylvania’s Governor recently approved amendments to the Commonwealth’s data breach notification law, which represent a significant overhaul to the law. As detailed below, the amended law makes a number of material...more
On May 22, 2024, the Director of the Division of Corporation Finance (“Corp Fin”) of the Securities and Exchange Commission (“SEC”) issued further guidance regarding disclosure of cybersecurity incidents on Form 8-K. The...more
Earlier this year, the National Institute of Standards and Technology (NIST) issued an update to its Cybersecurity Framework (CSF) with the release of version 2.0, the first update since April 2018 (version 1.1). While the...more
New regulations continue to push boards in the direction of active engagement in their cyber oversight role, including breach response. But, how can boards strike the right balance in their oversight role during a significant...more
Threat actors are evolving. Our Privacy, Cyber & Data Strategy Team explains how ransomware gangs have changed their tactics and how companies can respond to the threat while navigating new scrutiny from investors and...more
2/26/2024
/ Corporate Counsel ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Data Theft ,
NYDFS ,
Popular ,
Ransomware ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)
Recently, there has been a surge in alerts and warnings concerning cyberattacks by People’s Republic of China (PRC) state-sponsored threat actors on U.S. critical infrastructure. On February 7, 2024, the Federal Bureau of...more
On January 12, 2024, the New York State Department of Financial Services (“NYDFS”) released a new Industry Letter on the use of self-service password reset (“SSPR”) services, which enable users to reset their own password...more
After a three-year investigation/enforcement action by the New York Department of Financial Services (“NYDFS”), NYDFS entered into a Consent Order with a large title insurer (the “Company”) for its violation of NYDFS’s...more
On December 8, 2023, the California Privacy Protection Agency (CPPA) will hold a board meeting seeking public comment on various privacy regulations. The meeting, which will take place on Zoom, will cover several topics...more
Just a month before the Security and Exchange Commission’s (“SEC’s”) Material Cybersecurity Incidents Rule is set to take effect, a ransomware group has apparently taken compliance with reporting requirements into its own...more
With an amendment to its Safeguards Rule, the Federal Trade Commission has joined other federal agencies regulating cybersecurity breaches. Our Privacy, Cyber & Data Strategy Team analyzes how the amendment will affect...more
Our Privacy, Cyber & Data Strategy and Privacy & Cybersecurity Litigation teams examine the New York Department of Financial Services’ finalized Second Amendment to its Cybersecurity Regulation....more
On October 27, 2023, the FTC approved an amendment to the Safeguards Rule (the “Amendment”) requiring that non-banking financial institutions notify the FTC in the event of a defined “Notification Event” where customer...more
The New York Department of Financial Services (“NY DFS”) published an updated proposed Second Amendment to its Cybersecurity Regulation (23 NYCRR Part 500) in the New York State Register on June 28, 2023, updating its...more
On June 13, 2023, the Securities and Exchange Commission (“SEC”) published its Spring 2023 rulemaking agenda that delayed finalizing the proposed Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure...more
On June 7, 2023, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Joint Cybersecurity Advisory in connection with a recent zero-day (or previously...more
On May 1, 2023, bitFlyer USA, Inc. (“bitFlyer”) entered into a Consent Order with the New York Department of Financial Services (“DFS”) for multiple deficiencies in bitFlyer’s cybersecurity program, most notably for failure...more