Lisa Ropple

Lisa Ropple

Jones Day

Contact

Readers' Choice Awards

Data Privacy
Cybersecurity
View Bio
RSS

Latest Posts › Cybersecurity

Share:

Understanding DORA: Digital Operational Resilience Act Now in Effect for Financial Entities and ICT Service Providers

DORA, the first EU regulation designed to establish a unified and robust digital resilience standard for the financial sector, becomes directly applicable on January 17, 2025, introducing significant penalties and...more

1/17/2025  /  Compliance , Cybersecurity , Data Privacy , Data Protection , Digital Operational Resilience Act (DORA) , EU , Financial Institutions , Financial Services Industry , Regulatory Requirements , Risk Management

TSA Releases Proposed Rule to Enhance Pipeline and Railroad Cyber Risk Management

The Transportation Security Administration's ("TSA") proposed rule would require owners and operators of certain pipeline, freight railroad, passenger railroad, rail transit, and over-the-road bus ("OTRB") systems to...more

12/2/2024  /  Comment Period , Cybersecurity , Infrastructure , Oil & Gas , Pipelines , Proposed Rules , Railroads , Regulatory Agenda , Risk Management , Rulemaking Process , Surface Transportation , Transportation Security Administration

NIS 2 Directive: Transposition Period is Up for EU Member States

As the national implementation deadline for the NIS 2 EU Directive is over, businesses in scope should ensure they will soon be ready to comply with the strengthened cybersecurity requirements....more

11/19/2024  /  Cybersecurity , Data Protection , Data Security , EU , EU Directive , Member State , Risk Management

New York Imposes Stringent Cybersecurity and Cyber Incident Reporting Obligations on Hospitals

New York recently passed new cybersecurity regulations for hospitals licensed in New York to enhance patient safety and cybersecurity....more

11/7/2024  /  Cybersecurity , Data Breach , Data Privacy , Data Protection , Data Security , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , Healthcare Facilities , Hospitals , Information Technology , New Legislation , New York , Personally Identifiable Information , PHI , Regulatory Reform

First Tranche of Australia's Much Anticipated Privacy Law Reforms Revealed

The first wave of Australia's expansive privacy law reforms has been introduced into Federal Parliament in the Privacy and Other Legislation Amendment Bill 2024 (Cth) ("Bill")....more

10/29/2024  /  Australia , Cybersecurity , Damages , Data Breach , Data Privacy , Data Protection , Data Security , Invasion of Privacy , Personally Identifiable Information , Proposed Regulation , Regulatory Agenda , Regulatory Reform

New FAA Regulations Target Cybersecurity Vulnerabilities in Aircraft Design

The Federal Aviation Administration ("FAA") has proposed new rules to standardize its criteria for addressing cybersecurity threats for transport category airplanes, engines, and propellers....more

9/20/2024  /  Aircraft , Aircraft Equipment , Aviation Industry , Cyber Threats , Cybersecurity , Federal Aviation Administration (FAA) , Final Rules , Notice of Proposed Rulemaking (NOPR) , NPRM

SEC v. SolarWinds: Court Rejects SEC Authority Over Cybersecurity Controls and Most Alleged Disclosure Violations

The U.S. District Court for the Southern District of New York dismissed the majority of claims that the Security and Exchange Commission ("SEC") asserted against SolarWinds, including claims that the company's alleged...more

8/2/2024  /  Cyber Incident Reporting , Cybersecurity , Data Protection , Disclosure Requirements , Publicly-Traded Companies , Risk Management , Securities and Exchange Commission (SEC) , SolarWinds

United States Zeroes In on Aviation Cybersecurity With FAA Reauthorization Act Updates

The sweeping FAA Reauthorization Act of 2024 includes measures intended to improve safety and cybersecurity for the U.S. aviation sector....more

6/17/2024  /  Aviation Industry , Biden Administration , Civil Aviation Authority (the CAA) , Cyber Threats , Cybersecurity , Federal Aviation Administration (FAA) , GAO , New Legislation , Rulemaking Process

California Privacy Protection Agency Publishes Enforcement Advisory on Data Minimization

California's privacy enforcement agency has published crucial data minimization guidance for businesses....more

5/14/2024  /  California , California Consumer Privacy Act (CCPA) , California Privacy Protection Agency (CPPA) , Cybersecurity , Data Privacy , Data Protection , Personal Information

FDA Proposes Updated Guidance Concerning Cybersecurity of Medical Devices

The U.S. Food and Drug Administration ("FDA") has proposed updated guidance, intended to assist individuals in meeting the cybersecurity requirements for FDA medical device submissions....more

4/29/2024  /  Cybersecurity , Draft Guidance , Food and Drug Administration (FDA) , Healthcare , Manufacturers , Medical Devices , Pharmaceutical Industry , Proposed Guidance , Regulatory Agenda

CISA Releases Proposed Cyber Incident and Ransom Payment Reporting Rules to Implement CIRCIA

CISA's proposed rules will require organizations operating in U.S. critical infrastructure sectors to report cyber incidents within 72 hours and ransom payments within 24 hours. ...more

4/11/2024  /  Covered Entities , Critical Infrastructure Sectors , Cyber Attacks , Cyber Incident Reporting , Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) , Cybersecurity , Cybersecurity Information Sharing Act (CISA) , Proposed Rules , Ransomware , Reporting Requirements

China Finalizes Provisions on Cross-Border Data Transfer

Chinese authorities issued new regulations and guidance governing cross-border transfers of data and personal information, which will significantly reduce procedural and compliance burdens for many multinationals....more

4/1/2024  /  China , Cybersecurity , Data Protection , Data Security , Data Transfers , International Data Transfers , Personal Information , Standard Contractual Clauses

NIST Extends its Cybersecurity Framework to Cover Evolving Threats and Governance

The National Institute of Standards and Technology ("NIST") released a significant update to its framework, expanding its scope and reach to cover a broader audience and evolving cybersecurity risks and management issues....more

3/8/2024  /  Cyber Attacks , Cyber Threats , Cybersecurity , Data Privacy , Data Protection , Data Security , NIST , Popular , Risk Management

California Proposes CCPA Amendments to Further Protect Children's Privacy

Proposed amendments to the California Consumer Privacy Act would require businesses to obtain opt-in consent prior to collecting, selling, sharing, using, or disclosing a minor's personal information....more

3/5/2024  /  California , California Consumer Privacy Act (CCPA) , Consumer Privacy Rights , Cybersecurity , Data Collection , Data Privacy , Data Protection , Minor Children , Personal Data

Executive Order Limits Sale or Transfer of Personal Data to Certain Countries

The U.S. Government has identified the exploitation of Americans' bulk sensitive personal data and U.S. government-related data by "countries of concern" as posing a national security risk....more

3/4/2024  /  Algorithms , Artificial Intelligence , Consumer Financial Protection Bureau (CFPB) , Cybersecurity , Data Sellers , Department of Justice (DOJ) , Executive Orders , International Data Transfers , Personal Data , Proposed Rules

California Privacy: A Deeper Dive Into the New Regulations Expected in 2024

The Background: The California Privacy Protection Agency board ("CPPA" or "Board") is in the process of issuing new regulations as authorized under the California Privacy Rights Act. These three sets of proposed regulations...more

2/14/2024  /  Audits , Automation Systems , California , California Privacy Protection Agency (CPPA) , California Privacy Rights Act (CPRA) , Cybersecurity , Decision-Making Process , Innovative Technology , New Regulations , Personal Information , Privacy Concerns , Risk Assessment , Rulemaking Process , Software

The Department of Defense Proposes the Much-Anticipated CMMC 2.0

On December 26, 2023, the Department of Defense ("DoD") published a proposed rule to implement the Cybersecurity Maturity Model Certification ("CMMC") 2.0, which will establish comprehensive cybersecurity requirements for...more

2/2/2024  /  Controlled Unclassified Information (CUI) , Cybersecurity , Cybersecurity Maturity Model Certification (CMMC) , Department of Defense (DOD) , DFARS , False Claims Act (FCA) , Federal Contractors , NIST , Proposed Rules

FTC Seeks to Strengthen Privacy Protections of Children Online

On December 20, 2023, the Federal Trade Commission ("FTC") announced a Notice of Proposed Rulemaking ("NPRM") to revise the Children's Online Privacy Protection Act ("COPPA") Rule to reduce the amount of information...more

12/28/2023  /  Comment Period , COPPA , Cybersecurity , Data Privacy , Data Protection , Data Security , Enforcement Authority , Federal Trade Commission (FTC) , Notice of Proposed Rulemaking (NOPR) , Online Platforms , Online Safety for Children , Personal Information , Regulatory Agenda , Social Media

HHS Enters Into First-Ever Ransomware Resolution Agreement and Corrective Action Plan

The U.S. Department of Health and Human Services ("HHS") Office of Civil Rights ("OCR") has entered into its first settlement of potential Health Insurance Portability and Accountability Act ("HIPAA") violations arising out...more

12/6/2023  /  Cybersecurity , Data Breach , Data Privacy , Data Protection , Data Security , Department of Health and Human Services (HHS) , Electronic Protected Health Information (ePHI) , Health Insurance Portability and Accountability Act (HIPAA) , HIPAA Violations , Hospitals , Life Sciences , OCR , Ransomware

New York Governor Proposes Stringent Cybersecurity Regulations for Hospitals

New York is the first state to propose cybersecurity requirements for all hospitals operating in the state to address patient safety and other cybersecurity related issues....more

12/1/2023  /  Chief Information Security Officer (CISO) , Cyber Threats , Cybersecurity , Data Protection , Health Insurance Portability and Accountability Act (HIPAA) , Healthcare Facilities , Hospitals , New York , NYDFS , Patient Privacy Rights , Popular , Proposed Regulation , Regulatory Agenda , Regulatory Reform

NYDFS Expands Cybersecurity Regulations: Extortion Payment Reporting, Corporate Governance, and Technical Requirements

A major amendment to the New York State Department of Financial Services' cybersecurity regulations establishes affirmative cybersecurity oversight duties and requires companies to report extortion payments to the agency....more

11/16/2023  /  Chief Information Security Officer (CISO) , Cybersecurity , Cybersecurity Framework , Data Protection , Extortion , Financial Institutions , Financial Services Industry , Information Technology , NYDFS , Popular , Risk Assessment , Third-Party Service Provider

FTC Requires Non-Bank Financial Institutions to Report Data Security Breaches Under Amended Safeguards Rule

On Friday, October 27, the Federal Trade Commission ("FTC") announced new amendments to the Safeguards Rule, requiring covered financial institutions to report certain data breaches to the FTC and reflecting its continuing...more

11/13/2023  /  Cybersecurity , Data Protection , Data Security , Federal Trade Commission (FTC) , Financial Institutions , Financial Regulatory Reform , Financial Services Industry , FTC Act , Gramm-Leach-Blilely Act , New Amendments , Non-Bank Lenders , Personal Information , Popular , Privacy Rule , Risk Assessment , Risk Management , Safeguards Rule , Section 5

President Biden Issues Executive Order on "Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence"

On October 30, 2023, President Biden signed a first-of-its-kind executive order entitled, "Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence" ("AI")....more

11/1/2023  /  Algorithms , Artificial Intelligence , Biden Administration , Cybersecurity , Data Privacy , Data Protection , Department of Health and Human Services (HHS) , Executive Orders , Machine Learning , Regulatory Reform , Security Standards

Considerations for Addressing DOJ’s Corporate Compliance Guidance on Mobile Devices and Messaging Platforms

In light of the DOJ’s most recent guidance on the use of personal devices and third-party messaging applications by corporate personnel, this White Paper addresses issues and challenges that companies are facing in this area...more

10/18/2023  /  CFTC , Compliance , Cybersecurity , Data Collection , Data Privacy , Data Protection , Department of Justice (DOJ) , Electronic Communications , Financial Industry Regulatory Authority (FINRA) , Guidance Update , Instant Messaging Apps , Mobile Devices , Policies and Procedures , Securities and Exchange Commission (SEC) , White Collar Crimes , Workplace Communication

Federal Court Grants the SEC Limited Access to the Identities of Law Firm Clients Impacted by a Cyberattack

In Short - The Situation: Following a cyberattack on a law firm's systems, the Securities and Exchange Commission ("SEC") subpoenaed the firm for information, including the identity of clients whose information may have...more

8/15/2023  /  Cyber Attacks , Cybersecurity , Data Breach , Data Protection , Data Security , Discovery , Enforcement Actions , Evidence , Fourth Amendment , Government Investigations , Hackers , Material Nonpublic Information , Personally Identifiable Information , Securities and Exchange Commission (SEC) , Subpoenas
85 Results
 / 
View per page
Page: of 4
Next »

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide